The version of Adobe Acrobat installed on the remote Windows host is a version prior to 2015.006.30418, 2017.011.30080, or 2018.011.20040. It is, therefore, affected by multiple vulnerabilities.

  - Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and     2015.006.30417 and earlier have a Double Free vulnerability. Successful exploitation could lead to     arbitrary code execution in the context of the current user. (CVE-2018-4990)

  - Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and     2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to     arbitrary code execution in the context of the current user. (CVE-2018-4947, CVE-2018-4948, CVE-2018-4966,     CVE-2018-4968, CVE-2018-4978, CVE-2018-4982, CVE-2018-4984)

  - Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and     2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to     arbitrary code execution in the context of the current user. (CVE-2018-4952, CVE-2018-4954, CVE-2018-4958,     CVE-2018-4959, CVE-2018-4961, CVE-2018-4971, CVE-2018-4974, CVE-2018-4977, CVE-2018-4980, CVE-2018-4983,     CVE-2018-4988, CVE-2018-4989, CVE-2018-4996)

  - Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and     earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code     execution in the context of the current user. (CVE-2018-12815)

  - Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and     2015.006.30417 and earlier have an Out-of-bounds write vulnerability. Successful exploitation could lead     to arbitrary code execution in the context of the current user. (CVE-2018-4950)

  - Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and     2015.006.30417 and earlier have a Security Bypass vulnerability. Successful exploitation could lead to     information disclosure. (CVE-2018-4979)

  - Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and     2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to     information disclosure. (CVE-2018-4949, CVE-2018-4951, CVE-2018-4955, CVE-2018-4956, CVE-2018-4957,     CVE-2018-4960, CVE-2018-4962, CVE-2018-4963, CVE-2018-4964, CVE-2018-4967, CVE-2018-4969, CVE-2018-4970,     CVE-2018-4972, CVE-2018-4973, CVE-2018-4975, CVE-2018-4976, CVE-2018-4981, CVE-2018-4985, CVE-2018-4986)

  - Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and     2015.006.30417 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to     arbitrary code execution in the context of the current user. (CVE-2018-4953)

  - Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and     earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code     execution in the context of the current user. (CVE-2018-12812)

  - Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and     2015.006.30417 and earlier have an Untrusted pointer dereference vulnerability. Successful exploitation     could lead to arbitrary code execution in the context of the current user. (CVE-2018-4987)

  - Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and     2015.006.30417 and earlier have a Memory Corruption vulnerability. Successful exploitation could lead to     information disclosure. (CVE-2018-4965)

  - Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and     2015.006.30417 and earlier have an NTLM SSO hash theft vulnerability. Successful exploitation could lead     to information disclosure. (CVE-2018-4993)

  - Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and     2015.006.30417 and earlier have an XFA '\n' POST injection vulnerability. Successful exploitation could     lead to a security bypass. (CVE-2018-4995)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Adobe Acrobat < 2015.006.30418 / 2017.011.30080 / 2018.011.20040 Multiple Vulnerabilities (APSB18-09)

critical Nessus Plugin ID 109895

No changelogs found