CVE-2018-4993

HIGH

Adobe Acrobat DC < 15.006.30417 - Information Disclosure

Title source: rule

Description

Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an NTLM SSO hash theft vulnerability. Successful exploitation could lead to information disclosure.

Exploits (1)

metasploit WORKING POC

by Assaf Baharav, Yaron Fruchtmann, Ido Solomon, Richard Davy - secureyourit.co.uk · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/fileformat/badpdf.rb

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/104177

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1040920

[Patch, Vendor Advisory] https://helpx.adobe.com/security/products/acrobat/apsb18-09.html

Scores

CVSS v3 7.5

EPSS 0.6826

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (4)

adobe/acrobat_dc 15.006.30060 - 15.006.30417

adobe/acrobat_dc 15.008.20082 - 18.011.20038

adobe/acrobat_reader_dc 15.006.30060 - 15.006.30417

adobe/acrobat_reader_dc 15.008.20082 - 18.011.20038

Published Jul 09, 2018

Tracked Since Feb 18, 2026