CVE-2018-16042 : Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a security bypass vulnerability. Successful exploitation could lead to information disclosure.

Published 2019-01-18 17:29:31

Updated 2021-01-14 20:30:19

Source Adobe Systems Incorporated

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2018-16042

Adobe » Reader » Version: 11.0.10
cpe:2.3:a:adobe:reader:11.0.10:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Adobe » Reader » Version: 11.0.23
cpe:2.3:a:adobe:reader:11.0.23:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Adobe » Acrobat Dc » Classic Edition
Versions from including (>=) 15.006.30060 and up to, including, (<=) 15.006.30457
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Adobe » Acrobat Dc » Classic Edition
Versions from including (>=) 17.011.30056 and up to, including, (<=) 17.011.30105
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
Adobe » Acrobat Dc » Continuous Edition
Versions from including (>=) 15.008.20082 and up to, including, (<=) 19.008.20080
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
Adobe » Acrobat Dc » Classic Edition
Versions from including (>=) 15.006.30060 and up to, including, (<=) 15.006.30456
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
Adobe » Acrobat Dc » Continuous Edition
Versions from including (>=) 15.008.20082 and up to, including, (<=) 19.008.20081
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Adobe » Acrobat Dc » Classic Edition
Versions from including (>=) 17.011.30056 and up to, including, (<=) 17.011.30106
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Adobe » Acrobat Reader Dc » Continuous Edition
Versions from including (>=) 15.008.20082 and up to, including, (<=) 19.008.20080
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
Adobe » Acrobat Reader Dc » Classic Edition
Versions from including (>=) 17.011.30059 and up to, including, (<=) 17.011.30106
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Adobe » Acrobat Reader Dc » Classic Edition
Versions from including (>=) 17.011.30059 and up to, including, (<=) 17.011.30105
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
Adobe » Acrobat Reader Dc » Classic Edition
Versions from including (>=) 15.006.30060 and up to, including, (<=) 15.006.30456
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
Adobe » Acrobat Reader Dc » Continuous Edition
Versions from including (>=) 15.008.20082 and up to, including, (<=) 19.008.20081
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Adobe » Acrobat Reader Dc » Classic Edition
Versions from including (>=) 15.006.30060 and up to, including, (<=) 15.006.30457
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Iskysoft » Pdf Editor 6 » Version: 6.4.2.3521 Professional Edition
cpe:2.3:a:iskysoft:pdf_editor_6:6.4.2.3521:*:*:*:professional:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Iskysoft » Pdf Editor 6 » Version: 6.6.2.3315 Professional Edition
cpe:2.3:a:iskysoft:pdf_editor_6:6.6.2.3315:*:*:*:professional:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
Iskysoft » Pdf Editor 6 » Version: 6.7.6.3399 Professional Edition
cpe:2.3:a:iskysoft:pdf_editor_6:6.7.6.3399:*:*:*:professional:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
Iskysoft » Pdfelement6 » Version: 6.8.0.3523 Professional Edition
cpe:2.3:a:iskysoft:pdfelement6:6.8.0.3523:*:*:*:professional:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Iskysoft » Pdfelement6 » Version: 6.8.4.3921 Professional Edition
cpe:2.3:a:iskysoft:pdfelement6:6.8.4.3921:*:*:*:professional:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Iskysoft » Pdfelement6 » Version: 6.7.1.3355 Professional Edition
cpe:2.3:a:iskysoft:pdfelement6:6.7.1.3355:*:*:*:professional:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
Iskysoft » Pdfelement6 » Version: 6.7.6.3399 Professional Edition
cpe:2.3:a:iskysoft:pdfelement6:6.7.6.3399:*:*:*:professional:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2018-16042

EPSS FAQ

23.00%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 95 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-16042

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:P/A:N	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	3.9	2.5	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None

CWE ids for CVE-2018-16042

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-16042

https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities/

Recently identified PDF digital signature vulnerabilities – PDF Association
Third Party Advisory

CVEs referencing this url
https://helpx.adobe.com/security/products/acrobat/apsb18-41.html

Adobe Security Bulletin
Patch;Vendor Advisory

CVEs referencing this url
https://pdf-insecurity.org/signature/signature.html

PDF Insecurity Website
Third Party Advisory

CVEs referencing this url
https://pdf-insecurity.org/signature/evaluation_2018.html

PDF Insecurity Website
Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/106159

Adobe Acrobat and Reader CVE-2018-16042 Security Bypass Vulnerability
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2018-16042

Products affected by CVE-2018-16042

Exploit prediction scoring system (EPSS) score for CVE-2018-16042

CVSS scores for CVE-2018-16042

CWE ids for CVE-2018-16042

References for CVE-2018-16042