CVE-2018-4879

CRITICAL

Adobe Acrobat < 17.011.30070 - Out-of-Bounds Write

Title source: rule

Description

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

Exploits (1)

nomisec WORKING POC

by H3llozy · poc

https://github.com/H3llozy/CVE-2018-4879

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/102994

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1040364

[Vendor Advisory] https://helpx.adobe.com/security/products/acrobat/apsb18-02.html

Scores

CVSS v3 9.8

EPSS 0.3028

EPSS Percentile 96.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (6)

adobe/acrobat 17.0 - 17.011.30070

adobe/acrobat_dc - - 18.009.20050

adobe/acrobat_dc 15.0 - 15.006.30394

adobe/acrobat_reader 17.0 - 17.011.30070

adobe/acrobat_reader_dc - - 18.009.20050

adobe/acrobat_reader_dc 15.0 - 15.006.30394

Published Feb 27, 2018

Tracked Since Feb 18, 2026