Rewterz Threat Alert – Malspam campaign dropping LokiBot Malware
January 4, 2019Rewterz Threat Alert – Major US-based bank employees phished with Custom Web Fonts meant to Evade Detection
January 7, 2019SEVERITY: Medium
CATEGORY: Vulnerability
ANALYSIS SUMMARY
Adobe Reader and Adobe Acrobat are vulnerable to multiple flaws which when exploited by people with malicious intent may lead to bypassing of certain security restrictions and compromising a vulnerable system.
1) A use-after-free error can be exploited to corrupt memory and subsequently execute arbitrary code.
2) An unspecified error can be exploited to gain otherwise restricted privileges.
Impact
System Access, Security bypass, code execution
Affected Products
- Acrobat DC versions 2019.010.20064 and prior running on Windows and macOS
- Acrobat Reader DC versions 2019.010.20064 and prior running on Windows and macOS
- Acrobat 2017 versions 2017.011.30110 and prior running on Windows and macOS
- Acrobat Reader DC 2017 versions 2017.011.30110 and prior running on Windows and macOS
- Acrobat DC (Classic 2015) versions 2015.006.30461 and prior running on Windows and and macOS
- Acrobat Reader DC (Classic 2015) versions 2015.006.30461 and prior running on Windows and macOS
Remediation
Update to a fixed version if available.
- Acrobat DC / Acrobat Reader DC 2019 running on Windows and macOS:
Update to version 2019.010.20069.
- Acrobat 2017 / Acrobat Reader DC 2017 running on Windows and macOS:
Update to version 2017.011.30113.
- Acrobat DC / Acrobat Reader DC (Classic 2015) running on Windows and macOS:
Update to version 2015.006.30464.