{"api_version":"1","generated_at":"2026-05-14T09:47:07+00:00","cve":"CVE-2018-4987","urls":{"html":"https://cve.report/CVE-2018-4987","api":"https://cve.report/api/cve/CVE-2018-4987.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-4987","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-4987"},"summary":{"title":"CVE-2018-4987","description":"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.","state":"PUBLIC","assigner":"psirt@adobe.com","published_at":"2018-07-09 19:29:00","updated_at":"2019-08-21 16:20:00"},"problem_types":["CWE-476"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/104173","name":"104173","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Adobe Acrobat and Reader Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://helpx.adobe.com/security/products/acrobat/apsb18-09.html","name":"https://helpx.adobe.com/security/products/acrobat/apsb18-09.html","refsource":"MISC","tags":["Patch","Vendor Advisory"],"title":"Adobe Security Bulletin","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1040920","name":"1040920","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Adobe Acrobat/Reader Multiple Flaws Let Remote Users Bypass Security, Obtain Potentially Sensitive Information, and Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-4987","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-4987","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"4987","vulnerable":"1","versionEndIncluding":"15.006.30417","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"acrobat_dc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"classic","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4987","vulnerable":"1","versionEndIncluding":"17.011.30079","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"acrobat_dc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"classic","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4987","vulnerable":"1","versionEndIncluding":"18.011.20038","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"acrobat_dc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"continuous","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4987","vulnerable":"1","versionEndIncluding":"15.006.30417","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"acrobat_reader_dc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"classic","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4987","vulnerable":"1","versionEndIncluding":"17.011.30079","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"acrobat_reader_dc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"classic","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4987","vulnerable":"1","versionEndIncluding":"18.011.20038","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"acrobat_reader_dc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"continuous","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4987","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4987","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4987","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4987","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@adobe.com","ID":"CVE-2018-4987","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions","version":{"version_data":[{"version_value":"Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Untrusted pointer dereference"}]}]},"references":{"reference_data":[{"name":"104173","refsource":"BID","url":"http://www.securityfocus.com/bid/104173"},{"name":"https://helpx.adobe.com/security/products/acrobat/apsb18-09.html","refsource":"MISC","url":"https://helpx.adobe.com/security/products/acrobat/apsb18-09.html"},{"name":"1040920","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1040920"}]}},"nvd":{"publishedDate":"2018-07-09 19:29:00","lastModifiedDate":"2019-08-21 16:20:00","problem_types":["CWE-476"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":10},"severity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*","versionStartIncluding":"15.006.30060","versionEndIncluding":"15.006.30417","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*","versionStartIncluding":"15.008.20082","versionEndIncluding":"18.011.20038","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*","versionStartIncluding":"17.011.30059","versionEndIncluding":"17.011.30079","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*","versionStartIncluding":"15.006.30060","versionEndIncluding":"15.006.30417","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*","versionStartIncluding":"15.008.20082","versionEndIncluding":"18.011.20038","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*","versionStartIncluding":"17.011.30059","versionEndIncluding":"17.011.30079","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"4987","Ordinal":"120909","Title":"CVE-2018-4987","CVE":"CVE-2018-4987","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"4987","Ordinal":"1","NoteData":"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"4987","Ordinal":"2","NoteData":"2018-07-09","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"4987","Ordinal":"3","NoteData":"2018-07-10","Type":"Other","Title":"Modified"}]}}}