ID CVE-2018-12865
Summary Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
References
Vulnerable Configurations
  • cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*
    cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*
  • cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
    cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
  • cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*
    cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*
    cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
    cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*
    cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*
CVSS
Base: 9.3 (as of 21-08-2019 - 16:20)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
non_vulnerable_configuration via4
  • cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
refmap via4
bid 105432
confirm https://helpx.adobe.com/security/products/acrobat/apsb18-30.html
sectrack 1041809
vulnerable_product via4
    Last major update 21-08-2019 - 16:20
    Published 12-10-2018 - 18:29
    Back to Top