{"api_version":"1","generated_at":"2026-04-23T09:38:12+00:00","cve":"CVE-2018-4917","urls":{"html":"https://cve.report/CVE-2018-4917","api":"https://cve.report/api/cve/CVE-2018-4917.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-4917","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-4917"},"summary":{"title":"CVE-2018-4917","description":"Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.","state":"PUBLIC","assigner":"psirt@adobe.com","published_at":"2018-05-19 17:29:00","updated_at":"2021-09-08 17:21:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"http://www.securitytracker.com/id/1040364","name":"1040364","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/102992","name":"102992","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Adobe Acrobat and Reader APSB18-02 Multiple Heap Buffer Overflow Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://helpx.adobe.com/security/products/acrobat/apsb18-02.html","name":"https://helpx.adobe.com/security/products/acrobat/apsb18-02.html","refsource":"MISC","tags":["Vendor Advisory"],"title":"Adobe Security Bulletin","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-4917","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-4917","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"4917","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"acrobat_2017","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4917","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"acrobat_2017","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4917","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"acrobat_dc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"classic","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4917","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"acrobat_dc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"continuous","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4917","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"acrobat_dc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"classic","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4917","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"acrobat_dc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"continuous","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4917","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"acrobat_reader_2017","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4917","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"acrobat_reader_2017","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4917","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"acrobat_reader_dc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"classic","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4917","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"acrobat_reader_dc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"continuous","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4917","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"acrobat_reader_dc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"classic","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4917","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"acrobat_reader_dc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"continuous","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4917","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4917","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4917","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4917","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4917","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@adobe.com","ID":"CVE-2018-4917","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Adobe Acrobat and Reader 2018.009.20050 and earlier versions , 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions","version":{"version_data":[{"version_value":"Adobe Acrobat and Reader 2018.009.20050 and earlier versions , 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Heap Overflow"}]}]},"references":{"reference_data":[{"name":"102992","refsource":"BID","url":"http://www.securityfocus.com/bid/102992"},{"name":"https://helpx.adobe.com/security/products/acrobat/apsb18-02.html","refsource":"MISC","url":"https://helpx.adobe.com/security/products/acrobat/apsb18-02.html"},{"name":"1040364","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1040364"}]}},"nvd":{"publishedDate":"2018-05-19 17:29:00","lastModifiedDate":"2021-09-08 17:21:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":10},"severity":"HIGH","exploitabilityScore":10,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:adobe:acrobat_2017:*:*:*:*:*:*:*:*","versionStartIncluding":"17.011.30070","versionEndExcluding":"17.011.30078","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*","versionStartIncluding":"15.006.30394","versionEndExcluding":"15.006.30413","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*","versionStartIncluding":"18.009.20050","versionEndExcluding":"18.011.20035","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:adobe:acrobat_reader_2017:*:*:*:*:*:*:*:*","versionStartIncluding":"17.011.30070","versionEndExcluding":"17.011.30078","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*","versionStartIncluding":"15.006.30394","versionEndExcluding":"15.006.30413","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*","versionStartIncluding":"18.009.20050","versionEndExcluding":"18.011.20035","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"4917","Ordinal":"120839","Title":"CVE-2018-4917","CVE":"CVE-2018-4917","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"4917","Ordinal":"1","NoteData":"Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"4917","Ordinal":"2","NoteData":"2018-05-19","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"4917","Ordinal":"3","NoteData":"2018-05-20","Type":"Other","Title":"Modified"}]}}}