BID:106160

Adobe Acrobat and Reader APSB18-41 Multiple Integer Overflow Vulnerabilities

CVE-2018-15986 | CVE-2018-15995 | CVE-2018-16007 | CVE-2018-16009 |

Info

Adobe Acrobat and Reader APSB18-41 Multiple Integer Overflow Vulnerabilities

Bugtraq ID:	106160
Class:	Boundary Condition Error
CVE:	CVE-2018-16009 CVE-2018-16007 CVE-2018-15995 CVE-2018-15986
Remote:	Yes
Local:	No
Published:	Dec 11 2018 12:00AM
Updated:	Dec 11 2018 12:00AM
Credit:	bdulAziz Hariri of the Zero Day Initiative and Sebastian Apelt for defense-in-depth contributions to mitigate the Onix Indexing attack surface, guyio via Trend Micro's Zero Day Initiative and Lin Wang of Beihang University
Vulnerable:	Adobe Acrobat Reader DC 2015.8.20082 Adobe Acrobat Reader DC 2015.6.30457 Adobe Acrobat Reader DC 2015.6.30452 Adobe Acrobat Reader DC 2015.6.30448 Adobe Acrobat Reader DC 2015.6.30434 Adobe Acrobat Reader DC 2015.6.30418 Adobe Acrobat Reader DC 2015.6.30417 Adobe Acrobat Reader DC 2015.6.30416 Adobe Acrobat Reader DC 2015.6.30413 Adobe Acrobat Reader DC 2015.6.30394 Adobe Acrobat Reader DC 2015.6.30392 Adobe Acrobat Reader DC 2015.6.30355 Adobe Acrobat Reader DC 2015.6.30352 Adobe Acrobat Reader DC 2015.6.30306 Adobe Acrobat Reader DC 2015.6.30060 Adobe Acrobat Reader DC 2015.009.20069 Adobe Acrobat Reader DC 2015.007.20033 Adobe Acrobat Reader DC 2015.006.30456 Adobe Acrobat Reader DC 2015.006.30094 Adobe Acrobat Reader DC 2015.006.30033 Adobe Acrobat Reader 2017.11.30106 Adobe Acrobat Reader 2017.11.30105 Adobe Acrobat Reader 2017.11.30096 Adobe Acrobat Reader 2017.11.30080 Adobe Acrobat Reader 2017.11.30079 Adobe Acrobat Reader 2017.11.30078 Adobe Acrobat Reader 2017.11.30070 Adobe Acrobat Reader 2017.11.30068 Adobe Acrobat Reader 2017.11.30066 Adobe Acrobat Reader 2017.11.30059 Adobe Acrobat Reader 2017.8.30051 Adobe Acrobat DC 2019.8.20081 Adobe Acrobat DC 2019.8.20080 Adobe Acrobat DC 2019.8.20071 Adobe Acrobat DC 2015.6.30457 Adobe Acrobat DC 2015.6.30456 Adobe Acrobat DC 2015.6.30452 Adobe Acrobat DC 2015.6.30448 Adobe Acrobat DC 2015.6.30434 Adobe Acrobat DC 2015.6.30418 Adobe Acrobat DC 2015.6.30417 Adobe Acrobat DC 2015.6.30416 Adobe Acrobat DC 2015.6.30413 Adobe Acrobat DC 2015.6.30394 Adobe Acrobat DC 2015.6.30392 Adobe Acrobat DC 2015.6.30355 Adobe Acrobat DC 2015.6.30352 Adobe Acrobat DC 2015.6.30306 Adobe Acrobat DC 2015.009.20069 Adobe Acrobat DC 2015.008.20082 Adobe Acrobat DC 2015.007.20033 Adobe Acrobat DC 2015.006.30094 Adobe Acrobat DC 2015.006.30060 Adobe Acrobat DC 2015.006.30033 Adobe Acrobat 2017.11.30106 Adobe Acrobat 2017.11.30105 Adobe Acrobat 2017.11.30102 Adobe Acrobat 2017.11.30099 Adobe Acrobat 2017.11.30096 Adobe Acrobat 2017.11.30080 Adobe Acrobat 2017.11.30079 Adobe Acrobat 2017.11.30078 Adobe Acrobat 2017.11.30070 Adobe Acrobat 2017.11.30068 Adobe Acrobat 2017.11.30066 Adobe Acrobat 2017.11.30059 Adobe Acrobat 2017.8.30051

Not Vulnerable:

Discussion

Adobe Acrobat and Reader APSB18-41 Multiple Integer Overflow Vulnerabilities

Adobe Acrobat and Reader are prone to multiple integer-overflow vulnerabilities.

An attacker can exploit these issues to gain access to sensitive information that may aid in further attacks.

Exploit / POC

Adobe Acrobat and Reader APSB18-41 Multiple Integer Overflow Vulnerabilities

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Adobe Acrobat and Reader APSB18-41 Multiple Integer Overflow Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Adobe Acrobat and Reader APSB18-41 Multiple Integer Overflow Vulnerabilities

References:

Adobe Homepage (Adobe)
APSB18-41: Security Bulletin for Adobe Acrobat and Reader (Adobe)