X-Industry

TACTICAL CYBER INTELLIGENCE REPORT

Actor Type: II
Serial: TR-18-064-001
Countries: IN, CN
Report Date: 20180226

Adobe Reader DC Remote Code Execution        

A critical vulnerability has been identified that allows attackers to execute remote code on target machines to take control of a victim’s computer.  This vulnerability has been discovered in Adobe Acrobat Reader DC.  It is a stack-based buffer overflow and allows execution of arbitrary code if a vulnerable document is opened.

Adobe Acrobat Reader is the most popular and most feature-rich PDF reader.  It has a large user base and is usually a default PDF reader on systems which integrates into web browsers as a plugin for rendering PDFs.[1]

Impact

The vulnerability identified in CVE-2018-4901[2] allows attackers to remotely execute code and infect target PCs.  An attacker will send a crafted malicious document via email or, trick a user into visiting a malicious web page, in order to make the user execute the malicious document and trigger this identified vulnerability.

The Adobe Acrobat Reader DC application supports this embedded JavaScript within the Adobe document and allows it to work as a PDF form.  This vulnerability could be easily abused by an attacker to utilize it for an additional attack surface.  The following are the affected versions:

 Mitigation and Prevention Strategies

Adobe has published an advisory regarding this vulnerability at https://helpx.adobe.com/security/products/acrobat/apsb18-02.html. Our member are encouraged to update Acrobat reader at the earliest possible time.  And remember to always download latest software updates from only trusted sites.

For questions or comments regarding this report, please contact the lab directly by at 603-606-1246, or feedback@wapacklabs.com

[1] https://get.adobe.com/reader/

[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4901