Adobe Acrobat and Reader APSB19-07 Multiple Arbitrary Code Execution Vulnerabilities
BID:106977
Info
Adobe Acrobat and Reader APSB19-07 Multiple Arbitrary Code Execution Vulnerabilities
| Bugtraq ID: | 106977 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2019-7018 CVE-2019-7025 CVE-2019-7026 CVE-2019-7029 CVE-2019-7031 CVE-2019-7040 CVE-2019-7043 CVE-2019-7044 CVE-2019-7048 CVE-2019-7050 CVE-2019-7062 CVE-2019-7068 CVE-2019-7070 CVE-2019-7072 CVE-2019-7075 CVE-2019-7077 CVE-2019-7078 CVE-2019-7082 CVE-2019-7083 CVE-2019-7084 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 12 2019 12:00AM |
| Updated: | Feb 12 2019 12:00AM |
| Credit: | Linan Hao of Qihoo 360 Vulcan Team and Zhenjie Jia of Qihoo 360 Vulcan Team,Gal De Leon of Palo Alto Network,Tencent Atuin Team,@j00sean working with iDefense Labs,T3rmin4t0r working with Trend Micro's Zero Day Initiative ,Sebastian?Apelt? via Trend Micro' |
| Vulnerable: |
Adobe Acrobat Reader DC 2019.10.20069 Adobe Acrobat Reader DC 2019.10.20064 Adobe Acrobat Reader DC 2015.6.30464 Adobe Acrobat Reader DC 2015.6.30461 Adobe Acrobat Reader DC 2015.6.30457 Adobe Acrobat Reader DC 2015.6.30452 Adobe Acrobat Reader DC 2015.6.30448 Adobe Acrobat Reader DC 2015.6.30434 Adobe Acrobat Reader DC 2015.6.30418 Adobe Acrobat Reader DC 2015.6.30417 Adobe Acrobat Reader DC 2015.6.30416 Adobe Acrobat Reader DC 2015.6.30413 Adobe Acrobat Reader DC 2015.6.30394 Adobe Acrobat Reader DC 2015.6.30392 Adobe Acrobat Reader DC 2015.6.30355 Adobe Acrobat Reader DC 2015.6.30352 Adobe Acrobat Reader DC 2015.6.30306 Adobe Acrobat Reader DC 2015.6.30060 Adobe Acrobat Reader DC 2015.006.30456 Adobe Acrobat Reader DC 2015.006.30094 Adobe Acrobat Reader 2017.11.30113 Adobe Acrobat Reader 2017.11.30110 Adobe Acrobat Reader 2017.11.30106 Adobe Acrobat Reader 2017.11.30105 Adobe Acrobat Reader 2017.11.30096 Adobe Acrobat Reader 2017.11.30080 Adobe Acrobat Reader 2017.11.30079 Adobe Acrobat Reader 2017.11.30078 Adobe Acrobat Reader 2017.11.30070 Adobe Acrobat Reader 2017.11.30068 Adobe Acrobat Reader 2017.11.30066 Adobe Acrobat Reader 2017.11.30059 Adobe Acrobat Reader 2017.8.30051 Adobe Acrobat DC 2019.10.20069 Adobe Acrobat DC 2019.10.20064 Adobe Acrobat DC 2015.6.30464 Adobe Acrobat DC 2015.6.30461 Adobe Acrobat DC 2015.6.30457 Adobe Acrobat DC 2015.6.30456 Adobe Acrobat DC 2015.6.30452 Adobe Acrobat DC 2015.6.30448 Adobe Acrobat DC 2015.6.30434 Adobe Acrobat DC 2015.6.30418 Adobe Acrobat DC 2015.6.30417 Adobe Acrobat DC 2015.6.30416 Adobe Acrobat DC 2015.6.30413 Adobe Acrobat DC 2015.6.30394 Adobe Acrobat DC 2015.6.30392 Adobe Acrobat DC 2015.6.30355 Adobe Acrobat DC 2015.6.30352 Adobe Acrobat DC 2015.6.30306 Adobe Acrobat DC 2015.006.30094 Adobe Acrobat DC 2015.006.30060 Adobe Acrobat DC 2015.006.30033 Adobe Acrobat 2017.11.30113 Adobe Acrobat 2017.11.30110 Adobe Acrobat 2017.11.30106 Adobe Acrobat 2017.11.30105 Adobe Acrobat 2017.11.30102 Adobe Acrobat 2017.11.30099 Adobe Acrobat 2017.11.30096 Adobe Acrobat 2017.11.30080 Adobe Acrobat 2017.11.30079 Adobe Acrobat 2017.11.30078 Adobe Acrobat 2017.11.30070 Adobe Acrobat 2017.11.30068 Adobe Acrobat 2017.11.30066 Adobe Acrobat 2017.11.30059 Adobe Acrobat 2017.8.30051 |
| Not Vulnerable: |
Adobe Acrobat Reader DC 2019.10.20091 Adobe Acrobat Reader DC 2017.11.30120 Adobe Acrobat Reader DC 2015.6.30475 Adobe Acrobat DC 2019.10.20091 Adobe Acrobat DC 2015.6.30475 Adobe Acrobat 2017.11.30120 |
Discussion
Adobe Acrobat and Reader APSB19-07 Multiple Arbitrary Code Execution Vulnerabilities
Adobe Acrobat and Reader are prone to multiple arbitrary code-execution vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
These issues are fixed in:
Adobe Acrobat DC version 2019.010.20091
Adobe Acrobat Reader DC version 2019.010.20091
Adobe Acrobat version 2017.011.30120
Adobe Acrobat Reader DC version 2017.011.30120
Adobe Acrobat DC version 2015.006.30475
Adobe Acrobat Reader DC version 2015.006.30475
Adobe Acrobat and Reader are prone to multiple arbitrary code-execution vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
These issues are fixed in:
Adobe Acrobat DC version 2019.010.20091
Adobe Acrobat Reader DC version 2019.010.20091
Adobe Acrobat version 2017.011.30120
Adobe Acrobat Reader DC version 2017.011.30120
Adobe Acrobat DC version 2015.006.30475
Adobe Acrobat Reader DC version 2015.006.30475
Exploit / POC
Adobe Acrobat and Reader APSB19-07 Multiple Arbitrary Code Execution Vulnerabilities
Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Adobe Acrobat and Reader APSB19-07 Multiple Arbitrary Code Execution Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Adobe Acrobat and Reader APSB19-07 Multiple Arbitrary Code Execution Vulnerabilities
References:
References: