TACTICAL CYBER INTELLIGENCE REPORT
Actor Type: II
Serial: TR-18-064-001
Countries: IN, CN
Report Date: 20180226
Adobe Reader DC Remote Code Execution
A critical vulnerability has been identified that allows attackers to execute remote code on target machines to take control of a victim’s computer. This vulnerability has been discovered in Adobe Acrobat Reader DC. It is a stack-based buffer overflow and allows execution of arbitrary code if a vulnerable document is opened.
Adobe Acrobat Reader is the most popular and most feature-rich PDF reader. It has a large user base and is usually a default PDF reader on systems which integrates into web browsers as a plugin for rendering PDFs.[1]
Impact
The vulnerability identified in CVE-2018-4901[2] allows attackers to remotely execute code and infect target PCs. An attacker will send a crafted malicious document via email or, trick a user into visiting a malicious web page, in order to make the user execute the malicious document and trigger this identified vulnerability.
The Adobe Acrobat Reader DC application supports this embedded JavaScript within the Adobe document and allows it to work as a PDF form. This vulnerability could be easily abused by an attacker to utilize it for an additional attack surface. The following are the affected versions:
Product |
Affected Versions |
Platform |
Acrobat DC (Continuous Track) |
2018.009.20050 and earlier versions |
Windows and Macintosh |
Acrobat Reader DC (Continuous Track) |
2018.009.20050 and earlier versions |
Windows and Macintosh |
Acrobat 2017 |
2017.011.30070 and earlier versions |
Windows and Macintosh |
Acrobat Reader 2017 |
2017.011.30070 and earlier versions |
Windows and Macintosh |
Acrobat DC (Classic Track) |
2015.006.30394 and earlier versions |
Windows and Macintosh |
Acrobat Reader DC (Classic Track) |
2015.006.30394 and earlier versions |
Windows and Macintosh |
Mitigation and Prevention Strategies
Adobe has published an advisory regarding this vulnerability at https://helpx.adobe.com/security/products/acrobat/apsb18-02.html. Our member are encouraged to update Acrobat reader at the earliest possible time. And remember to always download latest software updates from only trusted sites.
For questions or comments regarding this report, please contact the lab directly by at 603-606-1246, or feedback@wapacklabs.com
[1] https://get.adobe.com/reader/
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4901
Comments