Korean
<< Back
VID 50215
Severity 40
Port 139,445
Protocol TCP
Class SMB
Detailed Description The version of Adobe Reader installed on the remote Windows host is a version prior or equal to 2015.006.30461, 2017.011.30110, or 2019.010.20064. It is, therefore, affected by multiple vulnerabilities :

- An unspecified use after free vulnerability. An authenticated, local attacker can exploit this to execute arbitrary code. (CVE-2018-16011)

- An unspecified elevation of privilege vulnerability. An authenticated, local attacker can exploit this to gain elevated privileges. (CVE-2018-16018)

* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these conditions will result in the check not being performed and a False Negative for all vulnerable hosts.

* References:
https://helpx.adobe.com/security/products/acrobat/apsb19-02.html

* Platforms Affected:
Adobe Reader versions prior to 2015.006.30461
Microsoft Windows Any version
Linux Any version
Recommendation Upgrade to the latest version of Adobe Reader (2015.006.30464 or later), as described in the Adobe Security bulletin at https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
Related URL CVE-2018-16011,CVE-2018-16018 (CVE)
Related URL (SecurityFocus)
Related URL (ISS)