CVE-2018-4872 - Vulnerability Details - OpenCVE

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is a security bypass vulnerability that leads to a sandbox escape. Specifically, the vulnerability exists in the way a cross call is handled.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Adobe	Acrobat Acrobat Dc Acrobat Reader Acrobat Reader Dc

Configuration 1 [-]

OR	cpe:2.3:a:adobe:acrobat::::::::
	cpe:2.3:a:adobe:acrobat_dc:::::continuous:::*
	cpe:2.3:a:adobe:acrobat_dc:::::classic:::*
	cpe:2.3:a:adobe:acrobat_reader::::::::
	cpe:2.3:a:adobe:acrobat_reader_dc:::::continuous:::*
	cpe:2.3:a:adobe:acrobat_reader_dc:::::classic:::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/102993
http://www.securitytracker.com/id/1040364
https://helpx.adobe.com/security/products/acrobat/apsb18-02.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2018-02-27T05:00:00

Updated: 2024-08-05T05:18:26.807Z

Reserved: 2018-01-03T00:00:00

Link: CVE-2018-4872

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-02-27T05:29:00.220

Modified: 2024-11-21T04:07:37.073

Link: CVE-2018-4872

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", "vendor": "n/a", "versions": [{"status": "affected", "version": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions"}]}], "datePublic": "2018-02-26T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is a security bypass vulnerability that leads to a sandbox escape. Specifically, the vulnerability exists in the way a cross call is handled."}], "problemTypes": [{"descriptions": [{"description": "Security bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-27T10:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html"}, {"name": "102993", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102993"}, {"name": "1040364", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040364"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "ID": "CVE-2018-4872", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", "version": {"version_data": [{"version_value": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is a security bypass vulnerability that leads to a sandbox escape. Specifically, the vulnerability exists in the way a cross call is handled."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Security bypass"}]}]}, "references": {"reference_data": [{"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html"}, {"name": "102993", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102993"}, {"name": "1040364", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040364"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:18:26.807Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html"}, {"name": "102993", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102993"}, {"name": "1040364", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040364"}]}]}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2018-4872", "datePublished": "2018-02-27T05:00:00", "dateReserved": "2018-01-03T00:00:00", "dateUpdated": "2024-08-05T05:18:26.807Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AA5E332-A7C9-40EE-AA1D-ECD20C6AC948", "versionEndIncluding": "17.011.30070", "versionStartIncluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", "matchCriteriaId": "5561E635-D92E-4598-9D10-2FB1F7B3AD82", "versionEndIncluding": "18.009.20050", "versionStartIncluding": "-", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*", "matchCriteriaId": "665540E1-CF26-4390-BC76-5FEF40E7DB9F", "versionEndIncluding": "15.006.30394", "versionStartIncluding": "15.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E402EC4-3717-4634-90E9-BDE1C76FAB5E", "versionEndIncluding": "17.011.30070", "versionStartIncluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", "matchCriteriaId": "381AB5FE-10AE-4B06-9CAD-0614295928BA", "versionEndIncluding": "18.009.20050", "versionStartIncluding": "-", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*", "matchCriteriaId": "68EEAB61-2409-432D-B10F-0B59FC4EB1E1", "versionEndIncluding": "15.006.30394", "versionStartIncluding": "15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is a security bypass vulnerability that leads to a sandbox escape. Specifically, the vulnerability exists in the way a cross call is handled."}, {"lang": "es", "value": "Se ha descubierto un problema en Adobe Acrobat Reader 2018.009.20050 y anteriores, 2017.011.30070 y anteriores y 2015.006.30394 y anteriores. La vulnerabilidad es una omisi\u00f3n de seguridad que conduce a un escape de sandbox. Espec\u00edficamente, la vulnerabilidad existe en la forma en la que se gestiona la llamada."}], "id": "CVE-2018-4872", "lastModified": "2024-11-21T04:07:37.073", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-27T05:29:00.220", "references": [{"source": "psirt@adobe.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102993"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040364"}, {"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102993"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040364"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}