Vulnerability Details

Adobe Acrobat Reader DC (Classic Track) Multiple Vulnerabilities-apsb18-21 (Mac OS X)

Published: 2018-07-12 07:41:59
CVE Author: NIST National Vulnerability Database

CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Summary:
This host is installed with Adobe Acrobat Reader DC (Classic Track) and is prone to multiple vulnerabilities.

Detection Method:
Checks if a vulnerable version is present on the target host.

Technical Details:
Multiple flaws exist due to, - A double free error. - Multiple heap overflow errors. - Multiple use-after-free errors. - Multiple out-of-bounds write errors. - A security bypass error. - Multiple out-of-bounds read errors. - Multiple type confusion errors. - An untrusted pointer dereference error. - MUltiple buffer errors.

Impact:
Successful exploitation will allow an attacker to gain escalated privileges, disclose sensitive information, execute arbitrary code on affected system and take control of the affected system.

Affected Versions:
Adobe Acrobat Reader DC (Classic Track) 2015.006.30418 and earlier versions on Mac OS X.

Recommendations:
Upgrade to Adobe Acrobat Reader DC (Classic Track) version 2015.006.30434 or later. Please see the references for more information.

Solution Type:
Vendor Patch

Detection Type:
Windows Registry

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2018-12782
https://nvd.nist.gov/vuln/detail/CVE-2018-5015
https://nvd.nist.gov/vuln/detail/CVE-2018-5028
https://nvd.nist.gov/vuln/detail/CVE-2018-5032
https://nvd.nist.gov/vuln/detail/CVE-2018-5036
https://nvd.nist.gov/vuln/detail/CVE-2018-5038
https://nvd.nist.gov/vuln/detail/CVE-2018-5040
https://nvd.nist.gov/vuln/detail/CVE-2018-5041
https://nvd.nist.gov/vuln/detail/CVE-2018-5045
https://nvd.nist.gov/vuln/detail/CVE-2018-5052
https://nvd.nist.gov/vuln/detail/CVE-2018-5058
https://nvd.nist.gov/vuln/detail/CVE-2018-5067
https://nvd.nist.gov/vuln/detail/CVE-2018-12785
https://nvd.nist.gov/vuln/detail/CVE-2018-12788
https://nvd.nist.gov/vuln/detail/CVE-2018-12798
https://nvd.nist.gov/vuln/detail/CVE-2018-5009
https://nvd.nist.gov/vuln/detail/CVE-2018-5011
https://nvd.nist.gov/vuln/detail/CVE-2018-5065
https://nvd.nist.gov/vuln/detail/CVE-2018-12756
https://nvd.nist.gov/vuln/detail/CVE-2018-12770
https://nvd.nist.gov/vuln/detail/CVE-2018-12772
https://nvd.nist.gov/vuln/detail/CVE-2018-12773
https://nvd.nist.gov/vuln/detail/CVE-2018-12776
https://nvd.nist.gov/vuln/detail/CVE-2018-12783
https://nvd.nist.gov/vuln/detail/CVE-2018-12791
https://nvd.nist.gov/vuln/detail/CVE-2018-12792
https://nvd.nist.gov/vuln/detail/CVE-2018-12796
https://nvd.nist.gov/vuln/detail/CVE-2018-12797
https://nvd.nist.gov/vuln/detail/CVE-2018-5020
https://nvd.nist.gov/vuln/detail/CVE-2018-5021
https://nvd.nist.gov/vuln/detail/CVE-2018-5042
https://nvd.nist.gov/vuln/detail/CVE-2018-5059
https://nvd.nist.gov/vuln/detail/CVE-2018-5064
https://nvd.nist.gov/vuln/detail/CVE-2018-5069
https://nvd.nist.gov/vuln/detail/CVE-2018-5070
https://nvd.nist.gov/vuln/detail/CVE-2018-12754
https://nvd.nist.gov/vuln/detail/CVE-2018-12755
https://nvd.nist.gov/vuln/detail/CVE-2018-12758
https://nvd.nist.gov/vuln/detail/CVE-2018-12760
https://nvd.nist.gov/vuln/detail/CVE-2018-12771
https://nvd.nist.gov/vuln/detail/CVE-2018-12787
https://nvd.nist.gov/vuln/detail/CVE-2018-12802
https://nvd.nist.gov/vuln/detail/CVE-2018-5010
https://nvd.nist.gov/vuln/detail/CVE-2018-12803
https://nvd.nist.gov/vuln/detail/CVE-2018-5014
https://nvd.nist.gov/vuln/detail/CVE-2018-5016
https://nvd.nist.gov/vuln/detail/CVE-2018-5017
https://nvd.nist.gov/vuln/detail/CVE-2018-5018
https://nvd.nist.gov/vuln/detail/CVE-2018-5019
https://nvd.nist.gov/vuln/detail/CVE-2018-5022
https://nvd.nist.gov/vuln/detail/CVE-2018-5023
https://nvd.nist.gov/vuln/detail/CVE-2018-5024
https://nvd.nist.gov/vuln/detail/CVE-2018-5025
https://nvd.nist.gov/vuln/detail/CVE-2018-5026
https://nvd.nist.gov/vuln/detail/CVE-2018-5027
https://nvd.nist.gov/vuln/detail/CVE-2018-5029
https://nvd.nist.gov/vuln/detail/CVE-2018-5031
https://nvd.nist.gov/vuln/detail/CVE-2018-5033
https://nvd.nist.gov/vuln/detail/CVE-2018-5035
https://nvd.nist.gov/vuln/detail/CVE-2018-5039
https://nvd.nist.gov/vuln/detail/CVE-2018-5044
https://nvd.nist.gov/vuln/detail/CVE-2018-5046
https://nvd.nist.gov/vuln/detail/CVE-2018-5047
https://nvd.nist.gov/vuln/detail/CVE-2018-5048
https://nvd.nist.gov/vuln/detail/CVE-2018-5049
https://nvd.nist.gov/vuln/detail/CVE-2018-5050
https://nvd.nist.gov/vuln/detail/CVE-2018-5051
https://nvd.nist.gov/vuln/detail/CVE-2018-5053
https://nvd.nist.gov/vuln/detail/CVE-2018-5054
https://nvd.nist.gov/vuln/detail/CVE-2018-5055
https://nvd.nist.gov/vuln/detail/CVE-2018-5056
https://nvd.nist.gov/vuln/detail/CVE-2018-5060
https://nvd.nist.gov/vuln/detail/CVE-2018-5061
https://nvd.nist.gov/vuln/detail/CVE-2018-5062
https://nvd.nist.gov/vuln/detail/CVE-2018-5063
https://nvd.nist.gov/vuln/detail/CVE-2018-5066
https://nvd.nist.gov/vuln/detail/CVE-2018-5068
https://nvd.nist.gov/vuln/detail/CVE-2018-12757
https://nvd.nist.gov/vuln/detail/CVE-2018-12761
https://nvd.nist.gov/vuln/detail/CVE-2018-12762
https://nvd.nist.gov/vuln/detail/CVE-2018-12763
https://nvd.nist.gov/vuln/detail/CVE-2018-12764
https://nvd.nist.gov/vuln/detail/CVE-2018-12765
https://nvd.nist.gov/vuln/detail/CVE-2018-12766
https://nvd.nist.gov/vuln/detail/CVE-2018-12767
https://nvd.nist.gov/vuln/detail/CVE-2018-12768
https://nvd.nist.gov/vuln/detail/CVE-2018-12774
https://nvd.nist.gov/vuln/detail/CVE-2018-12777
https://nvd.nist.gov/vuln/detail/CVE-2018-12779
https://nvd.nist.gov/vuln/detail/CVE-2018-12780
https://nvd.nist.gov/vuln/detail/CVE-2018-12781
https://nvd.nist.gov/vuln/detail/CVE-2018-12786
https://nvd.nist.gov/vuln/detail/CVE-2018-12789
https://nvd.nist.gov/vuln/detail/CVE-2018-12790
https://nvd.nist.gov/vuln/detail/CVE-2018-12795
https://nvd.nist.gov/vuln/detail/CVE-2018-5057
https://nvd.nist.gov/vuln/detail/CVE-2018-12793
https://nvd.nist.gov/vuln/detail/CVE-2018-12794
https://nvd.nist.gov/vuln/detail/CVE-2018-5012
https://nvd.nist.gov/vuln/detail/CVE-2018-5030
https://nvd.nist.gov/vuln/detail/CVE-2018-5034
https://nvd.nist.gov/vuln/detail/CVE-2018-5037
https://nvd.nist.gov/vuln/detail/CVE-2018-5043
https://nvd.nist.gov/vuln/detail/CVE-2018-12784

References:

https://helpx.adobe.com/security/products/acrobat/apsb18-21.html
https://helpx.adobe.com

Severity
High
CVSS Score
10.0
Published
2018-07-12
Modified
2019-05-17
Category
General

Free Vulnerability Scanning, Assessment and Management

Mageni's Platform is packed with all the features you need to scan, assess and manage vulnerabilities like this - it is free, open source, lightning fast, reliable and scalable.

Router
Servers
Laptop
Database
Group
Cloud

Frequently Asked Questions

No, you can scan concurrently as many assets as you want. Please note that you must be aware of the hardware requeriments of the platform to ensure a good performance.

No, you can add as many assest as you want. It doesn't matters if you have millions of assets, we won't charge you for that.

No. The software is completely free. We have no intention to charge you to use the software, in fact - it completely goes against our beliefs and business model.

A vulnerability is defined in the ISO 27002 standard as “A weakness of an asset or group of assets that can be exploited by one or more threats” (International Organization for Standardization, 2005)

We generate revenue by providing support and other services for customers that require a subscription so they get guaranteed support and enterprise services. To use Mageni's Platform is completely free, with no limits at all.

Yes. Mageni understands that there are professionals and businesses that need commercial support so Mageni provides an active support subscription with everything needed to run Mageni's Platform reliably and securely. More than software, it's access to security experts, knowledge resources, security updates, and support tools you can't get anywhere else. The subscription includes:

  • Ongoing delivery
    • Patches
    • Bug fixes
    • Updates
    • Upgrades
  • Technical support
    • 24/7 availability
    • Unlimited Incidents
    • Specialty-based routing
    • Multi-Channel
  • Commitments
    • Software certifications
    • Software assurance
    • SLA

No, we don't store the information of your vulnerabilities in our servers.

Vulnerability management is the process in which vulnerabilities in IT are identified and the risks of these vulnerabilities are evaluated. This evaluation leads to correcting the vulnerabilities and removing the risk or a formal risk acceptance by the management of an organization. The term vulnerability management is often confused with vulnerability scanning. Despite the fact both are related, there is an important difference between the two. Vulnerability scanning consists of using a computer program to identify vulnerabilities in networks, computer infrastructure or applications. Vulnerability management is the process surrounding vulnerability scanning, also taking into account other aspects such as risk acceptance, remediation etc. Source: "Implementing a Vulnerability Management Process". SANS Institute.

I am ready to start scanning for vulnerabilities