CVE-2018-4990 – Adobe Reader Double Free (Zero Day) vulnerability alert!

Credit to Author: Prashant Kadam| Date: Wed, 16 May 2018 13:10:48 +0000

Estimated reading time: 1 minuteThe recent zero-day vulnerability CVE-2018-4990 in Adobe Reader enables attackers to perform a Remote Code Execution on targeted machines. Adobe has released a security advisory APSB18-09 on May 14, 2018 to address this issue. According to Adobe, the in-wild attack is targeted and it impacts limited Windows users. Vulnerable versions Acrobat DC 2018.011.20038 and earlier versions Acrobat Reader DC 2018.011.20038 and earlier versions Acrobat 2017 2017.011.30079 and earlier versions Acrobat Reader 2017 2017.011.30079 and earlier versions Acrobat DC 2015.006.30417 and earlier versions Acrobat Reader DC 2015.006.30417 and earlier versions About the vulnerability This is a Double free vulnerability in Adobe Reader which allows attackers to perform a Remote Code Execution on targeted machines. After successful exploitation, attackers can take control of the vulnerable systems and download and execute malware on them. The vulnerability is currently being exploited in the wild through a malicious PDF (Portable Document Format) file. The PDF sample embeds a JavaScript code which manipulates Button1 object. This object contains a crafted JPEG2000 image, which triggers the double-free vulnerability in Adobe Reader. Quick Heal detection Quick Heal has released the following detection for the vulnerability CVE-2018-4990. Exp.PDF.CVE-2018-4990 Quick Heal Security Labs is actively looking for new in-wild exploits for this vulnerability and ensuring coverage for them. References https://helpx.adobe.com/security/products/acrobat/apsb18-09.html https://www.welivesecurity.com/2018/05/15/tale-two-zero-days/ The post CVE-2018-4990 – Adobe Reader Double Free (Zero Day) vulnerability alert! appeared first on Quick Heal Technologies Security Blog | Latest computer security news, tips, and advice.
http://blogs.quickheal.com/feed/