• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Malspam campaign dropping LokiBot Malware
January 4, 2019
Rewterz Threat Alert – Major US-based bank employees phished with Custom Web Fonts meant to Evade Detection
January 7, 2019

Rewterz Threat Advisory – CVE-2018-19725 & CVE-2018-16011 Adobe Reader / Acrobat Multiple Vulnerabilities

January 4, 2019

SEVERITY: Medium

 

 

CATEGORY: Vulnerability

 

 

ANALYSIS SUMMARY

 

 

Adobe Reader and Adobe Acrobat are vulnerable to multiple flaws which when exploited by people with malicious intent may lead to bypassing of certain security restrictions and compromising a vulnerable system.

1) A use-after-free error can be exploited to corrupt memory and subsequently execute arbitrary code.

2) An unspecified error can be exploited to gain otherwise restricted privileges.

 

 

Impact

 

System Access, Security bypass, code execution

 

Affected Products

  • Acrobat DC versions 2019.010.20064 and prior running on Windows and macOS
  • Acrobat Reader DC versions 2019.010.20064 and prior running on Windows and macOS
  • Acrobat 2017 versions 2017.011.30110 and prior running on Windows and macOS
  • Acrobat Reader DC 2017 versions 2017.011.30110 and prior running on Windows and macOS
  • Acrobat DC (Classic 2015) versions 2015.006.30461 and prior running on Windows and and macOS
  • Acrobat Reader DC (Classic 2015) versions 2015.006.30461 and prior running on Windows and macOS

 

 

Remediation

 

Update to a fixed version if available.

  • Acrobat DC / Acrobat Reader DC 2019 running on Windows and macOS:

Update to version 2019.010.20069.

 

  • Acrobat 2017 / Acrobat Reader DC 2017 running on Windows and macOS:

Update to version 2017.011.30113.

 

  • Acrobat DC / Acrobat Reader DC (Classic 2015) running on Windows and macOS:

Update to version 2015.006.30464.

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.