{ "file_item": { "filepath": "security-advisories", "filename": "CERT-EU-SA2018-021.pdf" }, "title": "Critical Vulnerabilities in Adobe Acrobat and Reader", "serial_number": "2018-021", "publish_date": "16-08-2018 14:35:00", "description": "On 14th of August 2018, Adobe released a security bulletin addressing two critical vulnerabilities affecting Adobe Acrobat and Reader for Windows and MacOS. Successful exploitation could lead to arbitrary code execution in the context of the current user and be used in a phishing campaign. No exploit has been observed yet in the wild.", "url_title": "2018-021", "content_markdown": "---\ntitle: 'Critical Vulnerabilities in\u00a0Adobe\u00a0Acrobat\u00a0and\u00a0Reader'\nversion: '1.0'\nnumber: '2018-021'\ndate: 'August 16, 2018'\n---\n\n_History:_\n\n* _16/08/2018 --- v1.0: Initial publication_\n\n# Summary\n\nOn 14th of August 2018, Adobe released a security bulletin addressing two critical vulnerabilities affecting Adobe Acrobat and Reader for Windows and MacOS. Successful exploitation could lead to arbitrary code execution in the context of the current user and be used in a phishing campaign. No exploit has been observed yet in the wild.\n\n# Technical Details\n\nThe two vulnerabilities received CVEs:\n\n - CVE-2018-12799: Untrusted pointer dereference\n - CVE-2018-12808: Out-of-bounds write\n\nThe technical details for the two vulnerabilities were not disclosed.\n\n# Products Affected\n\nThe following products are affected.\n\nAcrobat DC on Windows and MacOS:\n\n - 2018.011.20055 and earlier versions for the continuous track\n - 2017.011.30096 and earlier versions for the classic 2017 track\n - 2015.006.30434 and earlier versions for the classic 2015 track\n\n Acrobat Reader DC on Windows and MacOS:\n\n - 2018.011.20055 and earlier versions for the continuous track\n - 2017.011.30096 and earlier versions for the classic 2017 track\n - 2015.006.30434 and earlier versions for the classic 2015 track\n\n# Recommendations\n\nUpdate Acrobat and Acrobat Reader to one of the following versions:\n\n - 2018.011.20058\n - 2017.011.30099\n - 2015.006.30448\n\n# References\n\n[1] \n", "content_html": "

History:

Summary

On 14th of August 2018, Adobe released a security bulletin addressing two critical vulnerabilities affecting Adobe Acrobat and Reader for Windows and MacOS. Successful exploitation could lead to arbitrary code execution in the context of the current user and be used in a phishing campaign. No exploit has been observed yet in the wild.

Technical Details

The two vulnerabilities received CVEs:

The technical details for the two vulnerabilities were not disclosed.

Products Affected

The following products are affected.

Acrobat DC on Windows and MacOS:

Recommendations

Update Acrobat and Acrobat Reader to one of the following versions:

References

[1] https://helpx.adobe.com/security/products/acrobat/apsb18-29.html

", "licence": { "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)", "link": "https://creativecommons.org/licenses/by/4.0/", "restrictions": "https://cert.europa.eu/legal-notice", "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies" } }