Adobe Acrobat and Reader CVE-2019-8160 Cross Site Scripting Vulnerability

2019-10-1500:00:00

Symantec Security Response

www.symantec.com

EPSS

0.001

Percentile

41.1%

JSON

Description

Adobe Acrobat and Reader are prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Technologies Affected

Adobe Acrobat DC 2015.006.30060
Adobe Acrobat DC 2015.006.30094
Adobe Acrobat DC 2015.006.30306
Adobe Acrobat DC 2015.006.30352
Adobe Acrobat DC 2015.006.30355
Adobe Acrobat DC 2015.006.30392
Adobe Acrobat DC 2015.006.30394
Adobe Acrobat DC 2015.006.30413
Adobe Acrobat DC 2015.006.30416
Adobe Acrobat DC 2015.006.30417
Adobe Acrobat DC 2015.006.30418
Adobe Acrobat DC 2015.006.30434
Adobe Acrobat DC 2015.006.30448
Adobe Acrobat DC 2015.006.30452
Adobe Acrobat DC 2015.006.30456
Adobe Acrobat DC 2015.006.30457
Adobe Acrobat DC 2015.006.30461
Adobe Acrobat DC 2015.006.30464
Adobe Acrobat DC 2015.006.30475
Adobe Acrobat DC 2015.006.30482
Adobe Acrobat DC 2015.006.30493
Adobe Acrobat DC 2015.006.30495
Adobe Acrobat DC 2015.006.30497
Adobe Acrobat DC 2015.006.30498
Adobe Acrobat DC 2015.006.30503
Adobe Acrobat DC 2017.009.20044
Adobe Acrobat DC 2017.009.20058
Adobe Acrobat DC 2017.011.30142
Adobe Acrobat DC 2017.011.30143
Adobe Acrobat DC 2017.011.30148
Adobe Acrobat DC 2019.008.20071
Adobe Acrobat DC 2019.008.20080
Adobe Acrobat DC 2019.008.20081
Adobe Acrobat DC 2019.010.20064
Adobe Acrobat DC 2019.010.20069
Adobe Acrobat DC 2019.010.20091
Adobe Acrobat DC 2019.010.20098
Adobe Acrobat DC 2019.010.20099
Adobe Acrobat DC 2019.010.20100
Adobe Acrobat DC 2019.012.20034
Adobe Acrobat DC 2019.012.20035
Adobe Acrobat DC 2019.012.20040
Adobe Acrobat Reader DC 2015.006.30060
Adobe Acrobat Reader DC 2015.006.30094
Adobe Acrobat Reader DC 2015.006.30306
Adobe Acrobat Reader DC 2015.006.30352
Adobe Acrobat Reader DC 2015.006.30355
Adobe Acrobat Reader DC 2015.006.30392
Adobe Acrobat Reader DC 2015.006.30394
Adobe Acrobat Reader DC 2015.006.30413
Adobe Acrobat Reader DC 2015.006.30416
Adobe Acrobat Reader DC 2015.006.30417
Adobe Acrobat Reader DC 2015.006.30418
Adobe Acrobat Reader DC 2015.006.30434
Adobe Acrobat Reader DC 2015.006.30448
Adobe Acrobat Reader DC 2015.006.30452
Adobe Acrobat Reader DC 2015.006.30456
Adobe Acrobat Reader DC 2015.006.30457
Adobe Acrobat Reader DC 2015.006.30461
Adobe Acrobat Reader DC 2015.006.30464
Adobe Acrobat Reader DC 2015.006.30475
Adobe Acrobat Reader DC 2015.006.30482
Adobe Acrobat Reader DC 2015.006.30493
Adobe Acrobat Reader DC 2015.006.30497
Adobe Acrobat Reader DC 2015.006.30498
Adobe Acrobat Reader DC 2015.006.30503
Adobe Acrobat Reader DC 2017.009.20044
Adobe Acrobat Reader DC 2017.009.20058
Adobe Acrobat Reader DC 2017.011.30080
Adobe Acrobat Reader DC 2017.011.30099
Adobe Acrobat Reader DC 2017.011.30102
Adobe Acrobat Reader DC 2017.011.30105
Adobe Acrobat Reader DC 2017.011.30106
Adobe Acrobat Reader DC 2017.011.30110
Adobe Acrobat Reader DC 2017.011.30113
Adobe Acrobat Reader DC 2017.011.30120
Adobe Acrobat Reader DC 2017.011.30127
Adobe Acrobat Reader DC 2017.011.30138
Adobe Acrobat Reader DC 2017.011.30142
Adobe Acrobat Reader DC 2017.011.30143
Adobe Acrobat Reader DC 2017.011.30148
Adobe Acrobat Reader DC 2019.008.20071
Adobe Acrobat Reader DC 2019.008.20080
Adobe Acrobat Reader DC 2019.008.20081
Adobe Acrobat Reader DC 2019.010.20064
Adobe Acrobat Reader DC 2019.010.20069
Adobe Acrobat Reader DC 2019.010.20091
Adobe Acrobat Reader DC 2019.010.20098
Adobe Acrobat Reader DC 2019.010.20099
Adobe Acrobat Reader DC 2019.010.20100
Adobe Acrobat Reader DC 2019.012.20034
Adobe Acrobat Reader DC 2019.012.20035
Adobe Acrobat Reader DC 2019.012.20040

Recommendations

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from a successful exploit.

Do not accept or execute files from untrusted or unknown sources.
To limit exposure to these and other latent vulnerabilities, never handle files that originate from unfamiliar or untrusted sources.

Do not follow links provided by unknown or untrusted sources.
To reduce the likelihood of attacks, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources.

Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, run applications with the minimal amount of privileges required for functionality.

Updates are available. Please see the references or vendor advisory for more information.