Security Advisory - July 10, 2018

Zscaler protects against 52 new vulnerabilities for Adobe Flash Player & Acrobat Reader.

 

 

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 52 vulnerabilities included in the July 2018 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the July release and deploy additional protections as necessary.

APSB18-21 – Security updates available for Adobe Acrobat and Reader.

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities.  Successful exploitation could lead to arbitrary code execution in the context of the current user.

 Severity: Critical

Affected Software

  • Acrobat DC Continuous 2018.011.20040 and earlier versions for Windows and macOS
  • Acrobat Reader DC Continuous 2018.011.20040 and earlier versions for Windows and macOS
  • Acrobat 2017 Classic 2017 2017.011.30080 and earlier versions for Windows and macOS
  • Acrobat Reader 2017 Classic 2017 2017.011.30080 and earlier versions for Windows and macOS
  • Acrobat DC Classic 2015 2015.006.30418 and earlier versions for Windows and macOS
  • Acrobat Reader DC Classic 2015 2015.006.30418 and earlier versions for Windows and macOS

CVE-2018-5009 – Adobe Acrobat Reader Use After Free Vulnerability

This vulnerability is due to a dangling pointer that leads to a use after free vulnerability in the annotation functionality implemented by the JavaScript API. The mismatch between the old and the new object can provide attacker with an unintended memory access -- potentially leading to code corruption or control-flow hijack attack. Successful exploitation could lead to arbitrary code execution.

CVE-2018-5010 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that successfully parses malformed Enhanced Metafile Format Plus (EMF+) data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-5017 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the CoolType font processing when handling XPS files. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-5020 – Adobe Acrobat Reader Out of Bounds Write Vulnerability

The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format (EMF) data related to a region object length. The vulnerability is a result of out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

CVE-2018-5021 – Adobe Acrobat Reader Out of Bounds Write Vulnerability

The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the JavaScript engine API. The vulnerability is a result of out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

CVE-2018-5022 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the JavaScript API when handling document fields. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-5023 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the form field computation within the JavaScript API. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-5024 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the garbage collection functionality with the JavaScript API. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-5025 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the garbage collection functionality within the JavaScript API. The use of an invalid (out-of-range) pointer offset during access of internal garbage collection tree data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-5026 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the next page JavaScript API functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-5030 – Adobe Acrobat Reader Untrusted Pointer Dereference Vulnerability

This issue is due to untrusted pointer dereference in in the image conversion engine when processing Enhanced Metafile Format Plus (EMF+) data related to combination of multiple crafted objected data size. In this scenario the input is crafted in way that the computation results with pointer to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result with sensitive data exposure.

CVE-2018-5032 – Adobe Acrobat Reader Heap Overflow Vulnerability

This vulnerability is an instance of a heap overflow vulnerability in the image conversion engine when processing Enhanced Metafile Format Plus (EMF+) data related to drawing of image points.

CVE-2018-5035 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format Plus (EMF+) data related to drawing of image points. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-5055 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format Plus (EMF+) data related to drawing of a path in an image. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-5063 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of XML parsing within XSLT engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-5064 – Adobe Acrobat Reader Out of Bounds Write Vulnerability

The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the XML / XSL processor. The vulnerability is a result of out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

CVE-2018-5065 – Adobe Acrobat Reader Use After Free Vulnerability

This vulnerability is due to a dangling pointer that leads to a use after free vulnerability in the XSLT engine. The mismatch between the old and the new object can provide attacker with an unintended memory access -- potentially leading to code corruption or control-flow hijack attack. Successful exploitation could lead to arbitrary code execution.

CVE-2018-5066 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the JavaScript API related to manipulation of the Annotation object fields. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-5067 – Adobe Acrobat Reader Heap Overflow Vulnerability

This vulnerability is an instance of a heap overflow vulnerability in vulnerability in the image conversion engine when processing Enhanced Metafile Format Plus(EMF+) data.

CVE-2018-5068 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the JFIF / JPEG decoding within the Acroform module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-5069 – Adobe Acrobat Reader Out of Bounds Write Vulnerability

The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of JPEG / JFIF decoder within Acroform module. The vulnerability is a result of out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

CVE-2018-5070 – Adobe Acrobat Reader Out of Bounds Write Vulnerability

The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is a part of the JFIF / JPEG decoding procedure within Acroform module. The vulnerability is a result of out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

CVE-2018-12754 – Adobe Acrobat Reader Out of Bounds Write Vulnerability

The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the JFIF / JPEG decoding within the Acroform module. The vulnerability is a result of out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

CVE-2018-12756 – Adobe Acrobat Reader Use After Free Vulnerability

This vulnerability is due to a dangling pointer that leads to a use after free vulnerability in the JavaScript API module related to the collaboration functionality. The mismatch between the old and the new object can provide attacker with an unintended memory access -- potentially leading to code corruption or control-flow hijack attack. Successful exploitation could lead to arbitrary code execution.

CVE-2018-12757 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XML Forms Architecture Engine (XFA) manipulated through the JavaScript API. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-12760 – Adobe Acrobat Reader Out of Bounds Write Vulnerability

The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the ImageConversion module that is reflected in a lower level graphics engine. The vulnerability is a result of out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

CVE-2018-12762 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module when processing object regions within Enhanced Metafile Format Plus (EMF+) data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-12765 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the JBIG segment decoding module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-12772 – Adobe Acrobat Reader Use After Free Vulnerability

This vulnerability is due to a dangling pointer that leads to a use after free vulnerability in the HTML to PDF conversion module. The mismatch between the old and the new object can provide attacker with an unintended memory access -- potentially leading to code corruption or control-flow hijack attack. Successful exploitation could lead to arbitrary code execution.

CVE-2018-12773 – Adobe Acrobat Reader Use After Free Vulnerability

This vulnerability is due to a dangling pointer that leads to a use after free vulnerability in the HTML to PDF module when creating a character buffer object. The mismatch between the old and the new object can provide attacker with an unintended memory access -- potentially leading to code corruption or control-flow hijack attack. Successful exploitation could lead to arbitrary code execution.

CVE-2018-12776 – Adobe Acrobat Reader Use After Free Vulnerability

This vulnerability is due to a dangling pointer that leads to a use after free vulnerability in the HTML to PDF conversion engine. The mismatch between the old and the new object can provide attacker with an unintended memory access -- potentially leading to code corruption or control-flow hijack attack. Successful exploitation could lead to arbitrary code execution.

CVE-2018-12777 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the HTML to PDF conversion engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-12780 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the HTML to PDF conversion engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-12781 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the HTML to PDF module that handles Cascading Stylesheet selector functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-12782 – Adobe Acrobat Reader Double Free Vulnerability

The Universal 3D (U3D) module contains a double free vulnerability. Specifically, an internal linked list data structure used for the cache management can be corrupted in a way that allows an arbitrary memory access. Successful exploitation could lead to an arbitrary code execution.

CVE-2018-12783 – Adobe Acrobat Reader Use After Free Vulnerability

This vulnerability is due to a dangling pointer that leads to a use after free vulnerability in the HTML to PDF conversion module. A constraint for exploitation of this vulnerability is that the memory area of the freed (i.e., old) object is reused by another object. The mismatch between the old and the new object can provide attacker with an unintended memory access.

CVE-2018-12785 – Adobe Acrobat Reader Heap Overflow Vulnerability

This vulnerability is an instance of a heap overflow vulnerability in the ImageConversion module when processing Enhanced Metafile Format Plus (EMF+) data that embeds an image data.

CVE-2018-12787 – Adobe Acrobat Reader Out of Bounds Write Vulnerability

The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format (EMF) data related to block transfer of pixels. The vulnerability is a result of out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

CVE-2018-12788 – Adobe Acrobat Reader Heap Overflow Vulnerability

This vulnerability is an instance of a heap overflow vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to a block transfer of pixels from a source bitmap to a destination rectangle, including alpha transparency.

CVE-2018-12789 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format (EMF) data related to a block transfer of pixels from a source bitmap to a destination rectangle, including alpha transparency data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-12790 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the JPEG 2000 header processing. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-12791 – Adobe Acrobat Reader Use After Free Vulnerability

This vulnerability is due to a dangling pointer that leads to a use after free vulnerability in the HTML to PDF conversion engine. The mismatch between the old and the new object can provide attacker with an unintended memory access -- potentially leading to code corruption or control-flow hijack attack. Successful exploitation could lead to arbitrary code execution.

CVE-2018-12792 – Adobe Acrobat Reader Use After Free Vulnerability

This vulnerability is due to a dangling pointer that leads to a use after free vulnerability in the HTML to PDF conversion engine. A constraint for exploitation of this vulnerability is that the memory area of the freed (i.e., old) object is reused by another object. The mismatch between the old and the new object can provide attacker with an unintended memory read access.

CVE-2018-12793 – Adobe Acrobat Reader Type Confusion Vulnerability

This vulnerability is an instance of a type confusion vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to a generic comment record.

CVE-2018-12794 – Adobe Acrobat Reader Type Confusion Vulnerability

This vulnerability is an instance of a type confusion overflow vulnerability in the XML Forms Architecture (XFA) module.

CVE-2018-12796 – Adobe Acrobat Reader Use After Free Vulnerability

This vulnerability is due to a dangling pointer that leads to a use after free vulnerability in in the image conversion engine when processing Enhanced Metafile Format Plus (EMF+) data related to rectangle drawing specification. The mismatch between the old and the new object can provide attacker with an unintended memory access -- potentially leading to code corruption or control-flow hijack attack. Successful exploitation could lead to arbitrary code execution.

CVE-2018-12797 – Adobe Acrobat Reader Use After Free Vulnerability

This vulnerability is due to a dangling pointer that leads to a use after free vulnerability in the Weblink module. A constraint for exploitation of this vulnerability is that the memory area of the freed (i.e., old) object is reused by another object. The mismatch between the old and the new object can provide attacker with an unintended memory access.

CVE-2018-12798 – Adobe Acrobat Reader Heap Overflow Vulnerability

This vulnerability is an instance of a heap overflow vulnerability in the core PDF engine page rendering.

CVE-2018-12779 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of HTML to PDF conversion related to Cascading Stylesheet elements. Malformed HTML style input leads to flawed computation that involves pointer offset arithmetic which does not adequately account for the buffer boundaries. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVE-2018-12795 – Adobe Acrobat Reader Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of in the image conversion engine when processing Enhanced Metafile Format Plus (EMF+) data related to drawing a graphics path. A malformed EMF input leads to flawed computation that involves pointer offset arithmetic which does not adequately account for the buffer boundaries. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

APSB18-24 – Security updates available for Flash Player.

Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address critical vulnerabilities in Adobe Flash Player 30.0.0.113 and earlier versions. Successful exploitation could lead to arbitrary code execution in the context of the current user.

 Severity: Critical

Affected Software

  • Adobe Flash Player Desktop Runtime 30.0.0.113 and earlier versions for Windows, macOS and Linux
  • Adobe Flash Player for Google Chrome 30.0.0.113 and earlier versions for Windows, macOS, Linux and Chrome OS 
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 30.0.0.113 and earlier versions for Windows 10 and 8.1

CVE-2018-5007 – Adobe Flash Player Type Confusion Vulnerability

This vulnerability is an instance of a type confusion vulnerability in the ActionScript 2 NetConnection object implementation. If an attacker can effectively control object of incompatible type, then the computation can result with out of bounds memory reads or write. The out of bounds memory access can lead to code corruption, control-flow hijack, or memory layout disclosure.

CVE-2018-5008 – Adobe Flash Player Out of Bounds Read Vulnerability

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the SWF parsing module. The use of an invalid (out-of-range) pointer offset during access of internal string data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.