CVE-2018-12802 : Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Security Bypass vulnerability. Successful exploitation could lead to privilege escalation.

Published 2018-07-20 19:29:02

Updated 2019-10-03 00:03:26

Source Adobe Systems Incorporated

View at NVD, CVE.org

Vulnerability category: Gain privilege

Exploit prediction scoring system (EPSS) score for CVE-2018-12802

Probability of exploitation activity in the next 30 days: 0.67%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2018-12802

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2018-12802

https://helpx.adobe.com/security/products/acrobat/apsb18-21.html

Adobe Security Bulletin
Vendor Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1041250

Adobe Acrobat/Reader Multiple Bugs Let Remote Users Bypass Security, Obtain Potentially Sensitive Information, and Execute Arbitrary Code - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.securityfocus.com/bid/104704

Adobe Acrobat and Reader CVE-2018-12802 Security Bypass Vulnerability
Third Party Advisory;VDB Entry

Products affected by CVE-2018-12802

Adobe » Acrobat Dc » Classic Edition
Versions from including (>=) 17.011.30059 and up to, including, (<=) 17.011.30080
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Acrobat Dc » Classic Edition
Versions from including (>=) 15.006.30060 and up to, including, (<=) 15.006.30418
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Acrobat Dc » Continuous Edition
Versions from including (>=) 15.008.20082 and up to, including, (<=) 18.011.20040
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Acrobat Reader Dc » Classic Edition
Versions from including (>=) 17.011.30059 and up to, including, (<=) 17.011.30080
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Acrobat Reader Dc » Classic Edition
Versions from including (>=) 15.006.30060 and up to, including, (<=) 15.006.30418
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Acrobat Reader Dc » Continuous Edition
Versions from including (>=) 15.008.20082 and up to, including, (<=) 18.011.20040
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A

Vulnerability Details : CVE-2018-12802

Exploit prediction scoring system (EPSS) score for CVE-2018-12802

CVSS scores for CVE-2018-12802

References for CVE-2018-12802

Products affected by CVE-2018-12802