CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-4990

Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
EPSS Score55.1440%
EPSS Percentile90.43th
Published2018年7月9日
Last Modified2025年10月23日

Vulnerability Description

Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Affected Platforms (CPE)

📦
Adobe

Acrobat Dc

>= 15.006.30060 and <= 15.006.30417
📦
Adobe

Acrobat Dc

>= 15.008.20082 and <= 18.011.20038
📦
Adobe

Acrobat Dc

>= 17.011.30059 and <= 17.011.30079
📦
Adobe

Acrobat Reader Dc

>= 15.006.30060 and <= 15.006.30417
📦
Adobe

Acrobat Reader Dc

>= 15.008.20082 and <= 18.011.20038
📦
Adobe

Acrobat Reader Dc

>= 17.011.30059 and <= 17.011.30079

References & Advisories

🔗 http://www.securityfocus.com/bid/104167
🔗 http://www.securitytracker.com/id/1040920
🔗 https://helpx.adobe.com/security/products/acrobat/apsb18-09.html
🔗 http://www.securityfocus.com/bid/104167
🔗 http://www.securitytracker.com/id/1040920
🔗 https://helpx.adobe.com/security/products/acrobat/apsb18-09.html
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-4990

関連する脆弱性情報

CVE-2004-063110.0

Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions...

CVE-2004-115210.0

Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary c...

CVE-2004-063010.0

The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those bef...

CVE-2004-115310.0

Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (appl...