Zscaler to Expand Zero Trust Exchange Platform's AI Cloud with Data Fabric Purpose-built for Security

Zscaler Security Advisories

Security Advisory - September 19, 2018

Zscaler protects against 29 new vulnerabilities for Adobe Reader

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 29 vulnerabilities included in the September 2018 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the September release and deploy additional protections as necessary.

APSB18-34 – Security updates available for Adobe Acrobat and Reader

Adobe has released security updates for Adobe Acrobat and Reader for Windows, macOS, Linux and Chrome OS. These updates address important vulnerabilities in Adobe Acrobat Reader.  Successful exploitation could lead to arbitrary code execution in the context of the current user.

Severity: Important

Affected Software

  • Acrobat DC Continuous 2018.011.20058 and earlier versions for Windows and macOS
  • Acrobat Reader DC Continuous 2018.011.20058 and earlier versions for Windows and macOS
  • Acrobat 2017 Classic 2017 2017.011.30099 and earlier versions for Windows and macOS
  • Acrobat Reader 2017 Classic 2017 2017.011.30099 and earlier versions for Windows and macOS
  • Acrobat DC Classic 2015 2015.006.30448 and earlier versions for Windows and macOS
  • Acrobat Reader DC Classic 2015 2015.006.30448 and earlier versions for Windows and macOS

CVE-2018-12775 – Adobe Acrobat Reader Out-of-Bounds Write Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the HTML to PDF conversion. A malformed HTML input related to style raster representation leads to flawed computation that involves pointer offset arithmetic which does not adequately account for the buffer boundaries. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-12778 – Adobe Acrobat Reader Out-of-bounds read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the HTML to PDF conversion engine. Malformed HTML input related to Cascading Stylesheet specification leads to flawed computation that involves pointer offset arithmetic which does not adequately account for the buffer boundaries. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-12840 – Adobe Acrobat Reader Out-of-bounds read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of JBIG2 processing. Well-formed JBIG2 encoded input leads to flawed computation due to flawed loop processing that involves pointer offset arithmetic which does not adequately account for the buffer boundaries. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-12849 – Adobe Acrobat Reader Out-of-bounds read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the EMF processing in the ImageConversion module. A malformed input leads to flawed computation that involves pointer offset arithmetic which does not adequately account for the buffer boundaries. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

APSB18-30 – Security updates available for Adobe Acrobat and Reader

Adobe has released security updates for Adobe Acrobat and Reader for Windows, macOS, Linux and Chrome OS. These updates address important vulnerabilities in Adobe Acrobat Reader.  Successful exploitation could lead to arbitrary code execution in the context of the current user.

SeverityImportant

Affected Software

  • Acrobat DC Continuous 2018.011.20063 and earlier versions for Windows and macOS
  • Acrobat Reader DC Continuous 2018.011.20063 and earlier versions for Windows and macOS
  • Acrobat 2017 Classic 2017 2017.011.30102 and earlier versions for Windows and macOS
  • Acrobat Reader 2017 Classic 2017 2017.011.30102 and earlier versions for Windows and macOS
  • Acrobat DC Classic 2015 2015.006.30452 and earlier versions for Windows and macOS
  • Acrobat Reader DC Classic 2015 2015.006.30452 and earlier versions for Windows and macOS

CVE-2018-12759 – Adobe Acrobat Reader Out of Bounds Write Vulnerability

The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion engine that handles Enhanced Metafile Format Plus (EMF+) data at a lower level. A crafted EMF+ input triggers the flawed computation where pointer arithmetic is not appropriately checked against boundary conditions, which leads to memory write operation through the pointer that points to an invalid memory location. The vulnerability is a result of out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

CVE-2018-12769 – Adobe Acrobat Reader Use After Free Vulnerability

This vulnerability is due to a dangling pointer that leads to a use after free vulnerability in the JavaScript API related to Annotation functionality. Specifically, the vulnerability is triggered by a crafted JavaScript within a PDF file which leads to a temporal safety violation if it is possible to perform read / write dereferences on the dangling pointer. This instance causes access violation exception because of the computation within the JavaScript engine that dereferences the dangling pointer. A constraint for exploitation of this vulnerability is that the memory area of the freed (i.e., old) object is reused by another object. The mismatch between the old and the new object can provide attacker with an unintended memory access.

CVE-2018-12831 – Adobe Acrobat Reader Use After Free Vulnerability

This vulnerability is due to a dangling pointer that leads to a use after free vulnerability in the internal document representation. Specifically, the vulnerability is triggered due to a vulnerability in the rendering engine and it is not relate to a specific PDF file. The vulnerability leads to a temporal safety violation if it is possible to perform read / write dereferences on the dangling pointer. This instance causes access violation exception because of the computation within the rendering engine that dereferences the dangling pointer. A constraint for exploitation of this vulnerability is that the memory area of the freed (i.e., old) object is reused by another object. The mismatch between the old and the new object can provide attacker with an unintended memory access -- potentially leading to code corruption or control-flow hijack attack. Successful exploitation could lead to arbitrary code execution.

CVE-2018-12835 – Adobe Acrobat Reader Type Confusion Vulnerability

This vulnerability is an instance of a type confusion vulnerability in the WebCapture module serving as HTML2PDF conversion engine. The flawed computation allocates or initializes an object using one type, but later access that object using a type that is incompatible with the original type. If an attacker can effectively control object of incompatible type, then the computation can result with out of bounds reads or write.

CVE-2018-12836 – Adobe Acrobat Reader Heap Overflow Vulnerability

This vulnerability is an instance of a heap overflow vulnerability that occurs when manipulating JavaScript API. In particular, the vulnerability is triggered by a crafted JavaScript code embedded within a PDF file which causes an out of bounds memory access, due to improper bounds checking when manipulating an array pointer. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads.

CVE-2018-12837 – Adobe Acrobat Reader Heap Overflow Vulnerability

This vulnerability is an instance of a heap overflow vulnerability in the XPS . In particular, the vulnerability is triggered by a crafted XPS file that embeds malformed JPEG data which causes an out of bounds memory access, due to improper bounds checking when manipulating an array pointer. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes or frees potentially leading to code corruption, control-flow hijack, or information leak attack.

CVE-2018-12839 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of JPEG 2000 code stream processing. A malformed JPEG 2000 code-stream input leads to flawed computation that involves pointer offset arithmetic which does not adequately account for the buffer boundaries. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-12842 – Adobe Acrobat Reader Integer Overflow Vulnerability

This vulnerability is an instance of an integer overflow vulnerability in the processing Enhanced Metafile Format Plus (EMF+) data. It occurs due to a crafted EMF+ file that causes internal arithmetic calculations which create a value that exceeds the maximum size of the integer type storage. The value is used to calculate the size of the buffer; when the calculated size of the buffer is smaller than used by the operation, memory corruption occurs. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes. Successful exploitation could lead to an arbitrary code execution.

CVE-2018-12853 – Adobe Acrobat Reader Buffer Errors Vulnerability

This vulnerability leads to stack-based buffer overflow condition in XSLT engine. This condition results with the stack allocated buffer being overwritten as a result of a flawed buffer boundary checks. It is triggered by a crafted PDF file which causes an out of bounds memory access of a stack allocated buffer, due to improper checks when manipulating and offset of a pointer to the buffer. Attackers can exploit the vulnerability and achieve an arbitrary code execution if they can effectively control the accessible memory.

CVE-2018-12858 – Adobe Acrobat Reader Type Confusion Vulnerability

This vulnerability is an instance of a type confusion vulnerability in the XFA engine. The flawed computation allocates or initializes an object using one type, but later access that object using a type that is incompatible with the original type. If an attacker can effectively control object of incompatible type, then the computation can result with out of bounds reads or write.

CVE-2018-12862 – Adobe Acrobat Reader Out of Bounds Write Vulnerability

The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the EMF processing in the ImageConversion module. A crafted input triggers the flawed computation where pointer arithmetic is not appropriately checked against boundary conditions, which leads to memory write operation through the pointer that points to an invalid memory location. The vulnerability is a result of out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

CVE-2018-12870 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of JBIG2 processing. A malformed input leads to flawed computation that involves pointer offset arithmetic which does not adequately account for the buffer boundaries. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-12871 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the JBIG2 processing. A malformed input leads to flawed computation that involves pointer offset arithmetic which does not adequately account for the buffer boundaries. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-12872 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the JBIG2 processing. A malformed input leads to flawed computation that involves pointer offset arithmetic which does not adequately account for the buffer boundaries. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-12873 – Adobe Acrobat Reader Out of Bounds Read Vulnerability 

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the JBIG2 processing. A malformed input leads to flawed computation that involves pointer offset arithmetic which does not adequately account for the buffer boundaries. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-12875 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XFA processing. A malformed input leads to flawed computation that involves pointer offset arithmetic which does not adequately account for the buffer boundaries. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-12880 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the EMF processing. A malformed input leads to flawed computation that involves pointer offset arithmetic which does not adequately account for the buffer boundaries. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-12881 – Adobe Acrobat Reader Integer Overflow Vulnerability

This vulnerability is an instance of an integer overflow vulnerability in the EMF processing. It occurs due to a crafted EMF file that causes internal arithmetic calculations which create a value that exceeds the maximum size of the integer type storage. The value is used to calculate the size of the buffer; when the calculated size of the buffer is smaller than used by the operation, memory corruption occurs. Successful exploitation could lead to an arbitrary code execution.

CVE-2018-15920 – Adobe Acrobat Reader Use After Free Vulnerability

This vulnerability is due to a dangling pointer that leads to a use after free vulnerability in the JavaScript engine. Specifically, the vulnerability is triggered by a crafted JavaScript code embedded within a PDF file which leads to a temporal safety violation if it is possible to perform read / write dereferences on the dangling pointer. This instance causes access violation exception because of the computation within the PDF engine that dereferences the dangling pointer. A constraint for exploitation of this vulnerability is that the memory area of the freed (i.e., old) object is reused by another object. The mismatch between the old and the new object can provide attacker with an unintended memory access.

CVE-2018-15922 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the JavaScript engine. A malformed input leads to flawed computation that involves pointer offset arithmetic which does not adequately account for the buffer boundaries. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-15925 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the JavaScript engine. A malformed input leads to flawed computation that involves pointer offset arithmetic which does not adequately account for the buffer boundaries. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-15929 – Adobe Acrobat Reader Out of Bounds Write Vulnerability

The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of  the JBIG2 processing. A crafted input triggers the flawed computation where pointer arithmetic is not appropriately checked against boundary conditions, which leads to memory write operation through the pointer that points to an invalid memory location. The vulnerability is a result of out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

CVE-2018-15943 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the EMF processing. A malformed input leads to flawed computation that involves pointer offset arithmetic which does not adequately account for the buffer boundaries. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-15944 – Adobe Acrobat Reader Out of Bounds Write Vulnerability

The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the EMF processing. A crafted input triggers the flawed computation where pointer arithmetic is not appropriately checked against boundary conditions, which leads to memory write operation through the pointer that points to an invalid memory location. The vulnerability is a result of out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

CVE-2018-15951 – Adobe Acrobat Reader Buffer Errors Vulnerability

This vulnerability leads to stack-based buffer overflow condition in the EMF processing module. This condition results with the stack allocated buffer being overwritten as a result of a flawed buffer boundary checks. It is triggered by a crafted EMF file which causes an out of bounds memory access of a stack allocated buffer, due to improper checks when manipulating and offset of a pointer to the buffer. Attackers can exploit the vulnerability and achieve an arbitrary code execution if they can effectively control the accessible memory.