Global leaders are coming to Zenith Live. Are you? Learn More
Global leaders are coming to Zenith Live. Are you?
Learn More

 

Security Advisory - May 14, 2018

Zscaler protects against 38 new vulnerabilities for Adobe Flash Player and Acrobat Reader.

 

 

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 38 vulnerabilities included in the May 2018 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the May release and deploy additional protections as necessary.

APSB18-16 – Security updates available for Adobe Flash Player.

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could lead to arbitrary code execution in the context of the current user.

 Severity: Critical

Affected Software

  • Adobe Flash Player Desktop Runtime 29.0.0.140 and earlier for Windows, Macintosh and Linux
  • Adobe Flash Player for Google Chrome 29.0.0.140 and earlier for Windows, Macintosh, Linux and Chrome OS
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 29.0.0.140 and earlier for Windows 10 and 8.1

CVE-2018-4944 – Type Confusion vulnerability

This vulnerability is an instance of a type confusion overflow vulnerability in ActionScript 2 VM, when handling a native string type. If an attacker can effectively control object of incompatible type, then the computation can result with out of bounds memory reads or write. The out of bounds memory access can lead to code corruption, control-flow hijack, or memory layout disclosure.

APSB18-09 – Security updates available for Adobe Acrobat and Reader

Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could allow arbitrary code execution in context of the current user.

 Severity: Critical

Affected Software

  • Acrobat DC (Continuous Track) 2018.011.20040 and earlier versions for Windows and Macintosh
  • Acrobat Reader DC (Continuous Track) 2018.011.20040 and earlier versions Windows and Macintosh
  • Acrobat 2017 2017.011.30080 and earlier versions Windows and Macintosh
  • Acrobat Reader 2017 2017.011.30080 and earlier versions Windows and Macintosh
  • Acrobat DC (Classic Track) 2015.006.30418 and earlier versions Windows and Macintosh
  • Acrobat Reader DC (Classic Track) 2015.006.30418 and earlier versions Windows and Macintosh

CVE-2018-4946 – Use After Free Vulnerability

This vulnerability is an instance of a use after free vulnerability in the JavaScript engine related to networking functionality. The mismatch between the old and the new object can provide attacker with an unintended memory access -- potentially leading to code corruption, control-flow hijack, or information leak attack. Successful exploitation could lead to arbitrary code execution.

CVE-2018-4947 – Heap Overflow Vulnerability

This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine related to the collaboration functionality.

CVE-2018-4948 – Heap Overflow Vulnerability

This vulnerability is an instance of a heap overflow vulnerability in the image conversion engine when handling Enhanced Metafile Format (EMF) data related to pixel block transfer.

CVE-2018-4949 – Out-Of_Bounds read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of  the image conversion module related to processing of Enhanced Metafile Format Plus (EMF+) data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-4951 –  Out-Of_Bounds read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion of Enhanced Metafile Format (EMF) data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-4952 – Use After Free Vulnerability

This vulnerability is an instance of a use after free vulnerability in the XML Forms Architecture (XFA). The mismatch between the old and the new event object can provide attacker with an unintended memory access -- potentially leading to code corruption, control-flow hijack, or information leak attack. Successful exploitation could lead to arbitrary code execution.

CVE-2018-4953 – Type Confusion Vulnerability

This vulnerability is an instance of a type confusion overflow vulnerability in the XML Forms Architecture (XFA) engine.

CVE-2018-4954 – Use After Free Vulnerability

This vulnerability is an instance of a use after free vulnerability in XML Forms Architecture XFA engine. The mismatch between the old and the new node object can provide attacker with an unintended memory access -- potentially leading to code corruption, control-flow hijack, or information leak attack. Successful exploitation could lead to arbitrary code execution.

CVE-2018-4957 – Out-Of-Bounds read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the Web Capture engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-4958 – Use After Free Vulnerability

This vulnerability is due to a dangling pointer that leads to a use after free vulnerability in the JavaScript engine related to the annotations functionality. The mismatch between the old and the new object can provide attacker with an unintended memory access -- potentially leading to code corruption or control-flow hijack attack. Successful exploitation could lead to arbitrary code execution.

CVE-2018-4959 – Use After Free Vulnerability

This vulnerability is due to a dangling pointer that leads to a use after free vulnerability when manipulating annotation objects implemented in the JavaScript API. The mismatch between the old and the new object can provide attacker with an unintended memory access -- potentially leading to code corruption or control-flow hijack attack. Successful exploitation could lead to arbitrary code execution.

CVE-2018-4960 – Out-Of-Bounds read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XML Paper Specification engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-4961 – Use After Free Vulnerability

This vulnerability is due to a dangling pointer that leads to a use after free vulnerability when manipulating the JavaScript object that represents the interface between a PDF document open in viewer and the JavaScript interpreter. The mismatch between the old and the new object can provide attacker with an unintended memory access -- potentially leading to code corruption or control-flow hijack attack. Successful exploitation could lead to arbitrary code execution.

CVE-2018-4962 – Out-Of-Bounds read vulnerability

This vulnerability is due to a dangling pointer that leads to a use after free vulnerability when manipulating the JavaScript object that represents the interface between a PDF document open in viewer and the JavaScript interpreter. The mismatch between the old and the new object can provide attacker with an unintended memory access -- potentially leading to code corruption or control-flow hijack attack. Successful exploitation could lead to arbitrary code execution.

CVE-2018-4963 – Out-Of-Bounds read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module when processing Enhanced Metafile Format (EMF) bitmap buffer data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-4964 – Out-Of-Bounds read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module when processing Enhanced Metafile Format (EMF) data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-4965 – Buffer Error

This vulnerability leads to stack-based buffer overflow condition in the image conversion module when processing Enhanced Metafile Format Plust(EMF+) data. It is triggered by a crafted EMF+ data where PathPoints with very large / small values ( out of the range [-16777215, 16777215]) lead to an internal computation causes an out of bounds memory access of a stack allocated buffer, due to improper checks when manipulating and offset of a pointer to the buffer. Attackers can exploit the vulnerability and achieve an arbitrary code execution if they can effectively control the accessible memory.

CVE-2018-4966 – Heap Overflow Vulnerability

This vulnerability is an instance of a heap overflow vulnerability in the image conversion module when processing GIF data embedded with an EMF file.

CVE-2018-4967 – Use After Free Vulnerability

The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of  the path rendering in the XML Paper Specification (XPS) engine. The vulnerability is a result of out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

CVE-2018-4968 – Heap Overflow Vulnerability

This vulnerability is an instance of a heap overflow vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data.

CVE-2018-4970 – Out-Of-Bounds read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module when handling Enhanced Metafile Format Plus (EMF+) data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-4971 – Use After Free Vulnerability

This vulnerability is an instance of a use after free vulnerability in font processing engine. The mismatch between the old and the new object can provide attacker with an unintended memory access. Successful exploitation could lead to arbitrary code execution.

CVE-2018-4972 – Out-Of-Bounds read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of image conversion module that draws an EMF text record. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-4974 – Use After Free Vulnerability

This vulnerability is an instance of a use after free vulnerability in the XML Forms Architecture (XFA) engine. The mismatch between the old and the new object can provide attacker with an unintended memory access. Successful exploitation could lead to arbitrary code execution.

CVE-2018-4976 – Out-Of-Bounds read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-4977 – Use After Free Vulnerability

This vulnerability is an instance of a use after free vulnerability when manipulating internal node representation in the XML Formal Architecture engine. The mismatch between the old and the new object can provide attacker with an unintended memory access. Successful exploitation could lead to arbitrary code execution.

CVE-2018-4978 – Heap Overflow Vulnerability

This vulnerability is an instance of a heap overflow vulnerability in the image conversion engine that handles Enhanced Metafile Format (Plus Extensions) file.

CVE-2018-4980 – Use After Free Vulnerability

This vulnerability is an instance of a use after free vulnerability in the Compare File functionality. The mismatch between the old and the new object can provide attacker with an unintended memory access. Successful exploitation could lead to arbitrary code execution.

CVE-2018-4981 – Out-Of-Bounds read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles JPEG data embedded within the Enhanced Metafile Format (EMF) data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-4982 – Heap Overflow Vulnerability

This vulnerability is an instance of a heap overflow vulnerability in the image conversion engine when processing bitmap (BMP) data embedded within Enhanced Metafile Format (EMF) data.

CVE-2018-4983 – Heap Overflow Vulnerability

This vulnerability is due to a dangling pointer that leads to a use after free vulnerability in the message dispatch loop of the JavaScript interpreter. The mismatch between the old and the new object can provide attacker with an unintended memory access -- potentially leading to code corruption or control-flow hijack attack. Successful exploitation could lead to arbitrary code execution.

CVE-2018-4984 – Heap Overflow Vulnerability

This vulnerability is an instance of a heap overflow vulnerability in the indexing functionality.

CVE-2018-4985 – Out-Of-Bounds read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles JPEG 2000 data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-4986 – Out-Of-Bounds read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-4987 – Untrusted pointer dereference Vulnerability

This issue is due to untrusted pointer dereference in a module that handles internal PDF representation. In this scenario the input is crafted in way that the computation results with pointer to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result with sensitive data exposure.

CVE-2018-4988 – Use After Free Vulnerability

This vulnerability is due to a dangling pointer that leads to a use after free vulnerability when attempting to load a plugin. The mismatch between the old and the new object can provide an attacker with an unintended memory access -- potentially leading to code corruption or control-flow hijack attack. Successful exploitation could lead to arbitrary code execution.

CVE-2018-4993 – Data Leakage Vulnerability

This issue leads to an disclosure of information that can be abused by a malicious actor to extract victim’s NTLM credentials. The vulnerability exists due to the way Acrobat / Reader engine handles certain action dictionaries. In general, action dictionary defines the characteristics and behavior of an action. The problem exists when handling go-to actions that allow for the specification of a file location.