Kaspersky LabKLA11357KLA11357 Information disclosure Vulnerability in Adobe Acrobat and Reader
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.6 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.4%
Vulnerability related to NTLM SSO hash theft was found in Adobe Acrobat and Reader. Malicious users can exploit this vulnerability to obtain sensitive information.
Original advisories
Exploitation
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
Adobe-Acrobat-Reader-DC-Continuous
Adobe-Acrobat-Reader-DC-Classic
CVE list
CVE-2018-15979 warning
Solution
Update to the latest versionDownload Adobe Acrobat Reader DC
Impacts
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Affected Products
- Adobe Acrobat DC (Continuous) 2019.008.20080 and earlier versionsAdobe Acrobat Reader DC (Continuous) 2019.008.20080 and earlier versionsAdobe Acrobat 2017 (Classic 2017) 2017.011.30105 and earlier versionsAdobe Acrobat Reader 2017 (Classic 2017) 2017.011.30105 and earlier versionsAdobe Acrobat DC (Classic 2015) 2015.006.30456 and earlier versionsAdobe Acrobat Reader DC (Classic 2015) 2015.006.30456 and earlier versions
References
helpx.adobe.com/security/products/acrobat/apsb18-40.html
statistics.securelist.com/
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Adobe-Acrobat-2017/
threats.kaspersky.com/en/product/Adobe-Acrobat-DC-Classic/
threats.kaspersky.com/en/product/Adobe-Acrobat-DC-Continuous/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-2017/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Classic/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Continuous/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader/
threats.kaspersky.com/en/product/Adobe-Acrobat/
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.6 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.4%