CVE-2018-12808

Published Aug 29, 2018

Last updated 5 years ago

CVSS critical 9.8

Overview

Description: Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
Source: psirt@adobe.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AF84CBD-20E9-4DCA-9C7B-7CE619548736",
            "versionEndIncluding": "15.006.30434",
            "versionStartIncluding": "15.006.30060"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC8DA0E5-56DF-48AC-AF4B-2F78494B005A",
            "versionEndIncluding": "18.011.20055",
            "versionStartIncluding": "15.008.20082"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "066B781E-D08B-4EEE-8005-FE4ADD9FE72A",
            "versionEndIncluding": "17.011.30096",
            "versionStartIncluding": "17.011.30059"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39E7620C-39E0-47E5-9B01-6EC9911DFAE6",
            "versionEndIncluding": "15.006.30434",
            "versionStartIncluding": "15.006.30060"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01C78DEB-77E5-41FF-A607-0EF28E499557",
            "versionEndIncluding": "18.011.20055",
            "versionStartIncluding": "15.008.20082"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE21273B-0260-48E3-982A-49F7B417AA67",
            "versionEndIncluding": "17.011.30096",
            "versionStartIncluding": "17.011.30059"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References