ID CVE-2018-4896
Summary An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data. A successful attack can lead to sensitive data exposure.
References
Vulnerable Configurations
  • Adobe Acrobat 17.011.30059
    cpe:2.3:a:adobe:acrobat:17.011.30059
  • Adobe Acrobat 17.011.30065
    cpe:2.3:a:adobe:acrobat:17.011.30065
  • Adobe Acrobat 17.011.30066
    cpe:2.3:a:adobe:acrobat:17.011.30066
  • Adobe Acrobat 17.011.30068
    cpe:2.3:a:adobe:acrobat:17.011.30068
  • Adobe Acrobat 17.011.30070
    cpe:2.3:a:adobe:acrobat:17.011.30070
  • Adobe Acrobat DC 15.006.30060 Classic Edition
    cpe:2.3:a:adobe:acrobat_dc:15.006.30060:-:-:-:classic
  • Adobe Acrobat Document Cloud 15.006.30094 Classic Track
    cpe:2.3:a:adobe:acrobat_dc:15.006.30094:-:-:-:classic
  • Adobe Acrobat Document Cloud 15.006.30096 Classic Track
    cpe:2.3:a:adobe:acrobat_dc:15.006.30096:-:-:-:classic
  • Adobe Acrobat DC 15.006.30097 Classic Edition
    cpe:2.3:a:adobe:acrobat_dc:15.006.30097:-:-:-:classic
  • Adobe Acrobat DC 15.006.30119 Classic
    cpe:2.3:a:adobe:acrobat_dc:15.006.30119:-:-:-:classic
  • Adobe Acrobat DC 15.006.30121 Classic Edition
    cpe:2.3:a:adobe:acrobat_dc:15.006.30121:-:-:-:classic
  • Adobe Acrobat Document Cloud 15.006.30172 Classic Track
    cpe:2.3:a:adobe:acrobat_dc:15.006.30172:-:-:-:classic
  • Adobe Acrobat Document Cloud 15.006.30173 Classic Track
    cpe:2.3:a:adobe:acrobat_dc:15.006.30173:-:-:-:classic
  • Adobe Acrobat Dc 15.006.30174 Classic Edition
    cpe:2.3:a:adobe:acrobat_dc:15.006.30174:-:-:-:classic
  • Adobe Acrobat Document Cloud 15.006.30198 Classic Track
    cpe:2.3:a:adobe:acrobat_dc:15.006.30198:-:-:-:classic
  • Adobe Acrobat Document Cloud 15.006.30201 Classic Track
    cpe:2.3:a:adobe:acrobat_dc:15.006.30201:-:-:-:classic
  • Adobe Acrobat Document Cloud 15.006.30243 Classic Track
    cpe:2.3:a:adobe:acrobat_dc:15.006.30243:-:-:-:classic
  • Adobe Acrobat Document Cloud 15.006.30244 Classic Track
    cpe:2.3:a:adobe:acrobat_dc:15.006.30244:-:-:-:classic
  • Adobe Acrobat Document Cloud 15.006.30279 Classic Track
    cpe:2.3:a:adobe:acrobat_dc:15.006.30279:-:-:-:classic
  • Adobe Acrobat Document Cloud 15.006.30280 Classic Track
    cpe:2.3:a:adobe:acrobat_dc:15.006.30280:-:-:-:classic
  • Adobe Acrobat Document Cloud 15.006.30306 Classic Track
    cpe:2.3:a:adobe:acrobat_dc:15.006.30306:-:-:-:classic
  • Adobe Acrobat Document Cloud 15.006.30352 Classic Track
    cpe:2.3:a:adobe:acrobat_dc:15.006.30352:-:-:-:classic
  • Adobe Acrobat Document Cloud 15.006.30354 Classic Track
    cpe:2.3:a:adobe:acrobat_dc:15.006.30354:-:-:-:classic
  • Adobe Acrobat Document Cloud 15.006.30355 Classic Track
    cpe:2.3:a:adobe:acrobat_dc:15.006.30355:-:-:-:classic
  • Adobe Acrobat Document Cloud 15.006.30392 Classic Track
    cpe:2.3:a:adobe:acrobat_dc:15.006.30392:-:-:-:classic
  • Adobe Acrobat Document Cloud 15.006.30394 Classic Track
    cpe:2.3:a:adobe:acrobat_dc:15.006.30394:-:-:-:classic
  • Adobe Acrobat DC 15.008.20082 Continuous Edition
    cpe:2.3:a:adobe:acrobat_dc:15.008.20082:-:-:-:continuous
  • Adobe Acrobat Document Cloud 15.009.20069 Continuous Track
    cpe:2.3:a:adobe:acrobat_dc:15.009.20069:-:-:-:continuous
  • Adobe Acrobat Document Cloud 15.009.20071 Continuous Track
    cpe:2.3:a:adobe:acrobat_dc:15.009.20071:-:-:-:continuous
  • Adobe Acrobat DC 15.009.20077 Continuous Edition
    cpe:2.3:a:adobe:acrobat_dc:15.009.20077:-:-:-:continuous
  • Adobe Acrobat Document Cloud 15.009.20079 Continuous Track
    cpe:2.3:a:adobe:acrobat_dc:15.009.20079:-:-:-:continuous
  • Adobe Acrobat Document Cloud 15.010.20056 Continuous Track
    cpe:2.3:a:adobe:acrobat_dc:15.010.20056:-:-:-:continuous
  • Adobe Acrobat DC 15.010.20059 Continuous
    cpe:2.3:a:adobe:acrobat_dc:15.010.20059:-:-:-:continuous
  • Adobe Acrobat DC 15.010.20060 Continuous Edition
    cpe:2.3:a:adobe:acrobat_dc:15.010.20060:-:-:-:continuous
  • Adobe Acrobat Document Cloud 15.016.20039 Continuous Track
    cpe:2.3:a:adobe:acrobat_dc:15.016.20039:-:-:-:continuous
  • Adobe Acrobat Document Cloud 15.016.20041 Continuous Track
    cpe:2.3:a:adobe:acrobat_dc:15.016.20041:-:-:-:continuous
  • Adobe Acrobat Dc 15.016.20045 Continuous Edition
    cpe:2.3:a:adobe:acrobat_dc:15.016.20045:-:-:-:continuous
  • Adobe Acrobat Document Cloud 15.017.20050 Continuous Track
    cpe:2.3:a:adobe:acrobat_dc:15.017.20050:-:-:-:continuous
  • Adobe Acrobat Document Cloud 15.017.20053 Continuous Track
    cpe:2.3:a:adobe:acrobat_dc:15.017.20053:-:-:-:continuous
  • Adobe Acrobat Document Cloud 15.020.20039 Continuous Track
    cpe:2.3:a:adobe:acrobat_dc:15.020.20039:-:-:-:continuous
  • Adobe Acrobat Document Cloud 15.020.20042 Continuous Track
    cpe:2.3:a:adobe:acrobat_dc:15.020.20042:-:-:-:continuous
  • Adobe Acrobat Document Cloud 15.023.20053 Continuous Track
    cpe:2.3:a:adobe:acrobat_dc:15.023.20053:-:-:-:continuous
  • Adobe Acrobat Document Cloud 15.023.20056 Continuous Track
    cpe:2.3:a:adobe:acrobat_dc:15.023.20056:-:-:-:continuous
  • Adobe Acrobat Document Cloud 15.023.20070 Continuous Track
    cpe:2.3:a:adobe:acrobat_dc:15.023.20070:-:-:-:continuous
  • Adobe Acrobat DC 17.009.20044 Continuous Edition
    cpe:2.3:a:adobe:acrobat_dc:17.009.20044:-:-:-:continuous
  • Adobe Acrobat Document Cloud 17.009.20058 Continuous Track
    cpe:2.3:a:adobe:acrobat_dc:17.009.20058:-:-:-:continuous
  • Adobe Acrobat Document Cloud 17.012.20093 Continuous Track
    cpe:2.3:a:adobe:acrobat_dc:17.012.20093:-:-:-:continuous
  • Adobe Acrobat Document Cloud 17.012.20095 Continuous Track
    cpe:2.3:a:adobe:acrobat_dc:17.012.20095:-:-:-:continuous
  • Adobe Acrobat Document Cloud 17.012.20098 Continuous Track
    cpe:2.3:a:adobe:acrobat_dc:17.012.20098:-:-:-:continuous
  • Adobe Acrobat Document Cloud 18.009.20044 Continuous Track
    cpe:2.3:a:adobe:acrobat_dc:18.009.20044:-:-:-:continuous
  • Adobe Acrobat Document Cloud 18.009.20050 Continuous Track
    cpe:2.3:a:adobe:acrobat_dc:18.009.20050:-:-:-:continuous
  • Adobe Acrobat Reader 17.011.30059
    cpe:2.3:a:adobe:acrobat_reader:17.011.30059
  • Adobe Acrobat Reader 17.011.30065
    cpe:2.3:a:adobe:acrobat_reader:17.011.30065
  • Adobe Acrobat Reader 17.011.30066
    cpe:2.3:a:adobe:acrobat_reader:17.011.30066
  • Adobe Acrobat Reader 17.011.30068
    cpe:2.3:a:adobe:acrobat_reader:17.011.30068
  • Adobe Acrobat Reader 17.011.30070
    cpe:2.3:a:adobe:acrobat_reader:17.011.30070
  • Adobe Acrobat Reader DC 15.006.30060 Classic Edition
    cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30060:-:-:-:classic
  • Adobe Acrobat Reader Document Cloud 15.006.30094 Classic Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30094:-:-:-:classic
  • Adobe Acrobat Reader Document Cloud 15.006.30096 Classic Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30096:-:-:-:classic
  • Adobe Acrobat Reader DC 15.006.30097 Classic Edition
    cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30097:-:-:-:classic
  • Adobe Acrobat Reader DC 15.006.30119 Classic
    cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30119:-:-:-:classic
  • Adobe Acrobat Reader DC 15.006.30121 Classic Edition
    cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30121:-:-:-:classic
  • Adobe Acrobat Reader Document Cloud 15.006.30172 Classic Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30172:-:-:-:classic
  • Adobe Acrobat Reader Document Cloud 15.006.30173 Classic Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30173:-:-:-:classic
  • Adobe Acrobat Reader Dc 15.006.30174 Classic Edition
    cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:-:-:-:classic
  • Adobe Acrobat Reader Document Cloud 15.006.30198 Classic Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30198:-:-:-:classic
  • Adobe Acrobat Reader Document Cloud 15.006.30201 Classic Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30201:-:-:-:classic
  • Adobe Acrobat Reader Document Cloud 15.006.30243 Classic Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30243:-:-:-:classic
  • Adobe Acrobat Reader Document Cloud 15.006.30244 Classic Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30244:-:-:-:classic
  • Adobe Acrobat Reader Document Cloud 15.006.30279 Classic Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30279:-:-:-:classic
  • Adobe Acrobat Reader Document Cloud 15.006.30280 Classic Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30280:-:-:-:classic
  • Adobe Acrobat Reader Document Cloud 15.006.30306 Classic Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30306:-:-:-:classic
  • Adobe Acrobat Reader Document Cloud 15.006.30352 Classic Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30352:-:-:-:classic
  • Adobe Acrobat Reader Document Cloud 15.006.30354 Classic Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30354:-:-:-:classic
  • Adobe Acrobat Reader Document Cloud 15.006.30355 Classic Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:-:-:-:classic
  • Adobe Acrobat Reader Document Cloud 15.006.30392 Classic Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30392:-:-:-:classic
  • Adobe Acrobat Reader Document Cloud 15.006.30394 Classic Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30394:-:-:-:classic
  • Adobe Acrobat Reader DC 15.008.20082 Continuous Edition
    cpe:2.3:a:adobe:acrobat_reader_dc:15.008.20082:-:-:-:continuous
  • Adobe Acrobat Reader Document Cloud 15.009.20069 Continuous Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.009.20069:-:-:-:continuous
  • Adobe Acrobat Reader Document Cloud 15.009.20071 Continuous Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.009.20071:-:-:-:continuous
  • Adobe Acrobat Reader DC 15.009.20077 Continuous Edition
    cpe:2.3:a:adobe:acrobat_reader_dc:15.009.20077:-:-:-:continuous
  • Adobe Acrobat Reader Document Cloud 15.009.20079 Continuous Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.009.20079:-:-:-:continuous
  • Adobe Acrobat Reader Document Cloud 15.010.20056 Continuous Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.010.20056:-:-:-:continuous
  • Adobe Acrobat Reader DC 15.010.20059 Continuous
    cpe:2.3:a:adobe:acrobat_reader_dc:15.010.20059:-:-:-:continuous
  • Adobe Acrobat Reader DC 15.010.20060 Continuous Edition
    cpe:2.3:a:adobe:acrobat_reader_dc:15.010.20060:-:-:-:continuous
  • Adobe Acrobat Reader Document Cloud 15.016.20039 Continuous Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20039:-:-:-:continuous
  • Adobe Acrobat Reader Document Cloud 15.016.20041 Continuous Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20041:-:-:-:continuous
  • Adobe Acrobat Reader Dc 15.016.20045 Continuous Edition
    cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:-:-:-:continuous
  • Adobe Acrobat Reader Document Cloud 15.017.20050 Continuous Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.017.20050:-:-:-:continuous
  • Adobe Acrobat Reader Document Cloud 15.017.20053 Continuous Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.017.20053:-:-:-:continuous
  • Adobe Acrobat Reader Document Cloud 15.020.20039 Continuous Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.020.20039:-:-:-:continuous
  • Adobe Acrobat Reader Document Cloud 15.020.20042 Continuous Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.020.20042:-:-:-:continuous
  • Adobe Acrobat Reader Document Cloud 15.023.20053 Continuous Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.023.20053:-:-:-:continuous
  • Adobe Acrobat Reader Document Cloud 15.023.20056 Continuous Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.023.20056:-:-:-:continuous
  • Adobe Acrobat Reader Document Cloud 15.023.20070 Continuous Track
    cpe:2.3:a:adobe:acrobat_reader_dc:15.023.20070:-:-:-:continuous
  • Adobe Acrobat Reader DC 17.009.20044 Continuous Edition
    cpe:2.3:a:adobe:acrobat_reader_dc:17.009.20044:-:-:-:continuous
  • Adobe Acrobat Reader Document Cloud 17.009.20058 Continuous Track
    cpe:2.3:a:adobe:acrobat_reader_dc:17.009.20058:-:-:-:continuous
  • Adobe Acrobat Reader Document Cloud 17.012.20093 Continuous Track
    cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20093:-:-:-:continuous
  • Adobe Acrobat Reader Document Cloud 17.012.20095 Continuous Track
    cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20095:-:-:-:continuous
  • Adobe Acrobat Reader Document Cloud 17.012.20098 Continuous Track
    cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:-:-:-:continuous
  • Adobe Acrobat Reader Document Cloud 18.009.20044 Continuous Track
    cpe:2.3:a:adobe:acrobat_reader_dc:18.009.20044:-:-:-:continuous
  • Adobe Acrobat Reader Document Cloud 18.009.20050 Continuous Track
    cpe:2.3:a:adobe:acrobat_reader_dc:18.009.20050:-:-:-:continuous
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_ADOBE_READER_APSB18-02.NASL
    description The version of Adobe Reader installed on the remote macOS or Mac OS X host is a version prior to 2015.006.30416, 2017.011.30078, or 2018.011.20035. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 106848
    published 2018-02-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106848
    title Adobe Reader < 2015.006.30416 / 2017.011.30078 / 2018.011.20035 Multiple Vulnerabilities (APSB18-02) (macOS)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_ADOBE_ACROBAT_APSB18-02.NASL
    description The version of Adobe Acrobat installed on the remote macOS or Mac OS X host is a version prior to 2015.006.30416, 2017.011.30078, or 2018.011.20035. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 106847
    published 2018-02-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106847
    title Adobe Acrobat < 2015.006.30416 / 2017.011.30078 / 2018.011.20035 Multiple Vulnerabilities (APSB18-02) (macOS)
  • NASL family Windows
    NASL id ADOBE_ACROBAT_APSB18-02.NASL
    description The version of Adobe Acrobat installed on the remote Windows host is a version prior to 2015.006.30413, 2017.011.30078, or 2018.011.20035. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-30
    plugin id 106845
    published 2018-02-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106845
    title Adobe Acrobat < 2015.006.30413 / 2017.011.30078 / 2018.011.20035 Multiple Vulnerabilities (APSB18-02)
  • NASL family Windows
    NASL id ADOBE_READER_APSB18-02.NASL
    description The version of Adobe Reader installed on the remote Windows host is a version prior or equal to 2015.006.30394, 2017.011.30070, or 2018.009.20050. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-30
    plugin id 106846
    published 2018-02-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106846
    title Adobe Reader <= 2015.006.30394 / 2017.011.30070 / 2018.009.20050 Multiple Vulnerabilities (APSB18-02)
refmap via4
bid 102996
confirm https://helpx.adobe.com/security/products/acrobat/apsb18-02.html
sectrack 1040364
Last major update 27-02-2018 - 00:29
Published 27-02-2018 - 00:29
Last modified 16-03-2018 - 12:57
Back to Top