{"id":86281,"date":"2018-05-16T18:40:48","date_gmt":"2018-05-16T13:10:48","guid":{"rendered":"https:\/\/blogs_admin.quickheal.com\/?p=86281"},"modified":"2018-05-16T18:40:48","modified_gmt":"2018-05-16T13:10:48","slug":"cve-2018-4990-adobe-reader-double-free-zero-day-vulnerability-alert","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/cve-2018-4990-adobe-reader-double-free-zero-day-vulnerability-alert\/","title":{"rendered":"CVE-2018-4990 \u2013 Adobe Reader Double Free (Zero Day) vulnerability alert!"},"content":{"rendered":"<p>The recent zero-day vulnerability <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-4990\">CVE-2018-4990<\/a> in Adobe Reader enables attackers to perform a Remote Code Execution on targeted machines. Adobe has released a security advisory <a href=\"https:\/\/helpx.adobe.com\/security\/products\/acrobat\/apsb18-09.html\">APSB18-09<\/a> on May 14, 2018 to address this issue. According to Adobe, the in-wild attack is targeted and it impacts limited Windows users.<\/p>\n<p><strong>Vulnerable versions<\/strong><\/p>\n<ul>\n<li>Acrobat DC 2018.011.20038 and earlier versions<\/li>\n<li>Acrobat Reader DC 2018.011.20038 and earlier versions<\/li>\n<li>Acrobat 2017 2017.011.30079 and earlier versions<\/li>\n<li>Acrobat Reader 2017 2017.011.30079 and earlier versions<\/li>\n<li>Acrobat DC 2015.006.30417 and earlier versions<\/li>\n<li>Acrobat Reader DC 2015.006.30417 and earlier versions<\/li>\n<\/ul>\n<p><strong>About the vulnerability<\/strong><\/p>\n<p>This is a Double free vulnerability in Adobe Reader which allows attackers to perform a Remote Code Execution on targeted machines. After successful exploitation, attackers can take control of the vulnerable systems and download and execute malware on them.<\/p>\n<p>The vulnerability is currently being exploited in the wild through a malicious PDF (Portable Document Format) file. The PDF sample embeds a JavaScript code which manipulates Button1 object. This object contains a crafted JPEG2000 image, which triggers the double-free vulnerability in Adobe Reader.<\/p>\n<p><strong>Quick Heal detection<\/strong><\/p>\n<p>Quick Heal has released the following detection for the vulnerability <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-4990\">CVE-2018-4990<\/a>.<\/p>\n<ul>\n<li>Exp.PDF.CVE-2018-4990<\/li>\n<\/ul>\n<p>Quick Heal Security Labs is actively looking for new in-wild exploits for this vulnerability and ensuring coverage for them.<\/p>\n<p><strong>References <\/strong><\/p>\n<p><a href=\"https:\/\/helpx.adobe.com\/security\/products\/acrobat\/apsb18-09.html\">https:\/\/helpx.adobe.com\/security\/products\/acrobat\/apsb18-09.html<\/a> <a href=\"https:\/\/www.welivesecurity.com\/2018\/05\/15\/tale-two-zero-days\/\">https:\/\/www.welivesecurity.com\/2018\/05\/15\/tale-two-zero-days\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The recent zero-day vulnerability CVE-2018-4990 in Adobe Reader enables attackers to perform a Remote Code Execution on targeted machines. Adobe has released a security advisory APSB18-09 on May 14, 2018 to address this issue. According to Adobe, the in-wild attack is targeted and it impacts limited Windows users. Vulnerable versions Acrobat DC 2018.011.20038 and earlier [&hellip;]<\/p>\n","protected":false},"author":42,"featured_media":85415,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[70,24,75,1395],"tags":[1605,1604,247,1606,1603,718],"class_list":["post-86281","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-adobe","category-malware","category-microsoft-windows","category-vulnerability","tag-adobe-reader","tag-heapspray","tag-javascript","tag-pdf","tag-rop","tag-zero-day"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/86281"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=86281"}],"version-history":[{"count":3,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/86281\/revisions"}],"predecessor-version":[{"id":86287,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/86281\/revisions\/86287"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media\/85415"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=86281"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=86281"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=86281"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}