Adobe releases the security updates that covers 86 Vulnerabilities, out of them 47 categorized as critical and 37 classified as important.
The released security updates are for Adobe Acrobat and Reader for Windows and MacOS, these vulnerabilities could lead to arbitrary code execution in the context of the current user.
The vulnerabilities affect the following Acrobat DC and Acrobat Reader DC versions.
Acrobat DC 2018.011.20063
Acrobat Reader DC 2018.011.20063
Acrobat 2017 2017.011.30102
Acrobat Reader 2017 2017.011.30102
Acrobat DC 2015.006.30452
Acrobat Reader DC 2015.006.30452
Updated Version
Acrobat DC 2019.008.20071
Acrobat Reader DC 2019.008.20071
Acrobat 2017 2017.011.30105
Acrobat Reader DC 2017.011.30105
Acrobat DC 2015.006.30456
Acrobat Reader DC 2015.006.30456
86 Vulnerabilities
Out-of-bounds Read & Write
The Out-of-bounds read vulnerability allows an attacker to read the sensitive information from other location and he Out-of-bounds write vulnerability allows an attacker to execute arbitrary code with user interaction on vulnerable systems.
CVE- Write
CVE-2018-15955, CVE-2018-15954, CVE-2018-15952, CVE-2018-15945, CVE-2018-15944, CVE-2018-15941, CVE-2018-15940, CVE-2018-15939, CVE-2018-15938, CVE-2018-15936, CVE-2018-15935, CVE-2018-15934, CVE-2018-15933, CVE-2018-15929, CVE-2018-15928, CVE-2018-12868, CVE-2018-12865, CVE-2018-12864, CVE-2018-12862, CVE-2018-12861, CVE-2018-12860, CVE-2018-12759
CVE – Read
CVE-2018-15956, CVE-2018-15953, CVE-2018-15950, CVE-2018-15949, CVE-2018-15948, CVE-2018-15947, CVE-2018-15946, CVE-2018-15943, CVE-2018-15942, CVE-2018-15932, CVE-2018-15927, CVE-2018-15926, CVE-2018-15925, CVE-2018-15923, CVE-2018-15922, CVE-2018-12880, CVE-2018-12879, CVE-2018-12878, CVE-2018-12875, CVE-2018-12874, CVE-2018-12873, CVE-2018-12872, CVE-2018-12871, CVE-2018-12870, CVE-2018-12869, CVE-2018-12867, CVE-2018-12866, CVE-2018-12859, CVE-2018-12857, CVE-2018-12856, CVE-2018-12845, CVE-2018-12844, CVE-2018-12843, CVE-2018-12839, CVE-2018-12834, CVE-2018-15968
Heap Overflow
An attacker may use heap overflow to insert arbitrary code into the memory of a program.
CVE-2018-12851, CVE-2018-12847, CVE-2018-12846, CVE-2018-12837, CVE-2018-12836, CVE-2018-12833, CVE-2018-12832
Use After Free
Use After Free flaw allows an attacker to execute arbitrary code on the vulnerable machine.
CVE-2018-15924, CVE-2018-15920, CVE-2018-12877, CVE-2018-12863, CVE-2018-12852, CVE-2018-12831, CVE-2018-12769
Type Confusion
The Type Confusion flaw could lead to an Arbitrary Code Execution.
CVE-2018-12876, CVE-2018-12858, CVE-2018-12835
Stack Overflow
Stack Overflow vulnerability allows attackers to run malicious with escalated privileges on the vulnerable program.
CVE-2018-12838
Double Free
The double Free flaw occurs because of memory freezing, it results in Arbitrary Code Execution.
CVE-2018-12841
Integer Overflow
The condition results as a result of arithmetic operation lead to an information disclosure.
CVE-2018-12881, CVE-2018-12842
Buffer Errors
The vulnerability occurs because of improper input validation.
CVE-2018-15951, CVE-2018-12855, CVE-2018-12853
Untrusted Pointer Dereference
The attack might allow modification of critical program state variables, cause a crash, or execute code.
CVE-2018-15937, CVE-2018-15931, CVE-2018-15930
Security Bypass
Exploiting the vulnerability could allow attackers to gain access to the restricted source.
CVE-2018-15966
Related Read
Adobe Releases Critical Security Updates for Acrobat and Acrobat Reader
Adobe Released August Patch Covering 11 Vulnerabilities That Affects Multiple Popular Adobe Products