Lucene search

K
kasperskyKaspersky LabKLA11283
HistoryJul 10, 2018 - 12:00 a.m.

KLA11283 Multiple vulnerabilities in Adobe Acrobat&Reader

2018-07-1000:00:00
Kaspersky Lab
threats.kaspersky.com
115

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.122

Percentile

95.4%

Multiple vulnerabilities was found in Adobe Acrobat&Reader.

Original advisories

Prenotification Security Advisory for Adobe Acrobat and Reader | APSB18-21

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Adobe-Acrobat-Reader-DC-Continuous

Adobe-Acrobat-Reader-DC-Classic

Adobe-Acrobat-DC-Continuous

Adobe-Acrobat-DC-Classic

Adobe-Acrobat-Reader-2017

Adobe-Acrobat-2017

CVE list

CVE-2018-12782 critical

CVE-2018-5015 high

CVE-2018-5028 high

CVE-2018-5032 high

CVE-2018-5036 high

CVE-2018-5038 high

CVE-2018-5040 high

CVE-2018-5041 high

CVE-2018-5045 high

CVE-2018-5052 high

CVE-2018-5058 high

CVE-2018-5067 high

CVE-2018-12785 critical

CVE-2018-12788 high

CVE-2018-12798 critical

CVE-2018-5009 critical

CVE-2018-5011 critical

CVE-2018-5065 high

CVE-2018-12756 critical

CVE-2018-12770 high

CVE-2018-12772 high

CVE-2018-12773 high

CVE-2018-12776 high

CVE-2018-12783 high

CVE-2018-12791 critical

CVE-2018-12792 critical

CVE-2018-12796 critical

CVE-2018-12797 critical

CVE-2018-5020 high

CVE-2018-5021 critical

CVE-2018-5042 high

CVE-2018-5059 high

CVE-2018-5064 critical

CVE-2018-5069 critical

CVE-2018-5070 critical

CVE-2018-12754 critical

CVE-2018-12755 critical

CVE-2018-12758 critical

CVE-2018-12760 critical

CVE-2018-12771 high

CVE-2018-12787 critical

CVE-2018-12802 critical

CVE-2018-5010 warning

CVE-2018-12803 warning

CVE-2018-5014 warning

CVE-2018-5016 warning

CVE-2018-5017 warning

CVE-2018-5018 warning

CVE-2018-5019 warning

CVE-2018-5022 warning

CVE-2018-5023 warning

CVE-2018-5024 warning

CVE-2018-5025 warning

CVE-2018-5026 warning

CVE-2018-5027 warning

CVE-2018-5029 warning

CVE-2018-5031 warning

CVE-2018-5033 warning

CVE-2018-5035 warning

CVE-2018-5039 warning

CVE-2018-5044 warning

CVE-2018-5046 warning

CVE-2018-5047 warning

CVE-2018-5048 warning

CVE-2018-5049 warning

CVE-2018-5050 warning

CVE-2018-5051 warning

CVE-2018-5053 warning

CVE-2018-5054 warning

CVE-2018-5055 warning

CVE-2018-5056 warning

CVE-2018-5060 warning

CVE-2018-5061 warning

CVE-2018-5062 warning

CVE-2018-5063 warning

CVE-2018-5066 warning

CVE-2018-5068 warning

CVE-2018-12757 warning

CVE-2018-12761 warning

CVE-2018-12762 warning

CVE-2018-12763 warning

CVE-2018-12764 warning

CVE-2018-12765 warning

CVE-2018-12766 warning

CVE-2018-12767 warning

CVE-2018-12768 warning

CVE-2018-12774 warning

CVE-2018-12777 warning

CVE-2018-12779 warning

CVE-2018-12780 warning

CVE-2018-12781 warning

CVE-2018-12786 warning

CVE-2018-12789 warning

CVE-2018-12790 warning

CVE-2018-12795 warning

CVE-2018-5057 high

CVE-2018-12793 warning

CVE-2018-12794 high

CVE-2018-5012 high

CVE-2018-5030 high

CVE-2018-5034 high

CVE-2018-5037 high

CVE-2018-5043 high

CVE-2018-12784 critical

Solution

Upgrade to latest versionDownload Adobe Acrobat Reader DC

Download Adobe Acrobat DC

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Acrobat DC Continuous earlier than 2018.011.20055Acrobat Reader DC Continuous earlier than 2018.011.20055Acrobat DC Classic 2017 earlier than 2017.011.30096Acrobat Reader DC Classic 2017 earlier than 2017.011.30096Acrobat DC Classic 2015 earlier than 2015.006.30434Acrobat Reader DC Classic 2015 earlier than 2015.006.30434

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.122

Percentile

95.4%