CVE-2018-4993

HIGH

Adobe Acrobat DC < 15.006.30417, 15.008.20082-18.011.20038 - NTLM SSO Hash Theft

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-4993. PoCs published by Assaf Baharav, Yaron Fruchtmann, Ido Solomon, Richard Davy - secureyourit.co.uk, including Metasploit module auxiliary/fileformat/badpdf.

AI-analyzed exploit summary This Metasploit module generates or injects a malicious PDF that triggers a UNC path request to capture NetNTLM credentials via SMB/WebDAV. It either creates a new PDF or modifies an existing one to include a UNC link pointing to an attacker-controlled host.

Description

Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an NTLM SSO hash theft vulnerability. Successful exploitation could lead to information disclosure.

Exploits (1)

metasploit WORKING POC
by Assaf Baharav, Yaron Fruchtmann, Ido Solomon, Richard Davy - secureyourit.co.uk · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/fileformat/badpdf.rb

This Metasploit module generates or injects a malicious PDF that triggers a UNC path request to capture NetNTLM credentials via SMB/WebDAV. It either creates a new PDF or modifies an existing one to include a UNC link pointing to an attacker-controlled host.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: PDF readers (e.g., Adobe Acrobat, Foxit Reader)
No auth needed
Prerequisites: Attacker-controlled SMB/WebDAV server · Victim interaction to open the PDF
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1040920
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/104177

Scores

CVSS v3 7.5
EPSS 0.8690
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (4)
adobe/acrobat_dc 15.006.30060 - 15.006.30417
adobe/acrobat_dc 15.008.20082 - 18.011.20038
adobe/acrobat_reader_dc 15.006.30060 - 15.006.30417
adobe/acrobat_reader_dc 15.008.20082 - 18.011.20038
Published Jul 09, 2018
Tracked Since Feb 18, 2026