Bird_banner_small4
Adobe Acrobat OCG setIntent Integer Overflow
TSL ID TSL20180214-06
CVE ID(s) CVE-2018-4910
Severity High
Description

An integer overflow vulnerability has been reported in Adobe Acrobat. The vulnerability is due to improper validation of the setIntent method argument.

A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted webpage or a maliciously crafted document. Successful exploitation could lead to arbitrary code execution under the context of the currently logged on user.

The vendor, Adobe, has released the following advisory regarding this vulnerability:

https://helpx.adobe.com/security/products/acrobat/apsb18-02.html

Affected Products
  • Adobe Systems Acrobat 2017 2017.011.30070 and earlier versions
  • Adobe Systems Acrobat DC (Classic) 2015.006.30394 and earlier versions
  • Adobe Systems Acrobat DC (Continuous) 2018.009.20050 and earlier versions
CVSS Score Base 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):
  • Access vector is NETWORK
  • Access complexity is MEDIUM
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is PARTIAL
  • Impact of this vulnerability on data integrity is PARTIAL
  • Impact of this vulnerability on data availability is PARTIAL
Temporal 5.0 (E:U/RL:OF/RC:C):
  • The exploitability level of this vulnerability is UNPROVEN
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
Identifiers
ZDI
References https://helpx.adobe.com/security/products/acrobat/apsb18-02.html
Related Threats