Adobe Reader Remote Code Execution

Reference: CERT.be Advisory #2018-015
Version: 1.0
Affected software:
• CVE-2018-4990 :
o Acrobat DC (2018.011.20038 and earlier versions)
o Acrobat Reader DC (2018.011.20038 and earlier versions )
o Acrobat 2017 (011.30079 and earlier versions)
o Acrobat Reader DC 2017 (2017.011.30079 and earlier versions)
o Acrobat DC (Classic 2015) (2015.006.30417 and earlier versions)
o Acrobat Reader DC (Classic 2015) (2015.006.30417 and earlier versions)
Type : Double Free Vulnerability in Adobe Reader allowing for remote code execution
CVSS score : Not known yet

Sources

https://www.welivesecurity.com/2018/05/15/tale-two-zero-days/

Risks

CVE-2018-4990 : remote code execution.

Summary

Adobe Reader can be used to execute a JavaScript at the opening of the PDF in order to gain access to the memory and execute a malicious code.
This vulnerability can be combined with another vulnerability in Microsoft. This vulnerability is described in CERT.be advisory #2018-016.
“ … The use of the combined vulnerabilities is extremely powerful, as it allows an attacker to execute arbitrary code with the highest possible privileges on the vulnerable target, and with only the most minimal of user interaction. APT groups regularly use such combinations to perform their attacks …”

Recommended actions

CERT.be recommends you to :
• Disable JavaScript execution in PDF files
• Patch your systems :
https://helpx.adobe.com/security/products/acrobat/apsb18-09.html