CVE-2018-4911

Name of the Vulnerable Software and Affected Versions Adobe Acrobat Reader versions 2018.009.20050 and earlier Adobe Acrobat Reader versions 2017.011.30070 and earlier Adobe Acrobat Reader versions 2015.006.30394 and earlier

Description The issue is related to a use after free vulnerability in the JavaScript API, specifically concerning bookmark functionality. It can be triggered by crafted JavaScript code embedded within a PDF file, potentially leading to code corruption, control-flow hijack, or a code re-use attack. This allows attackers to execute arbitrary code.

Recommendations For versions 2018.009.20050 and earlier, update to a version later than 2018.009.20050 to resolve the issue. For versions 2017.011.30070 and earlier, update to a version later than 2017.011.30070 to resolve the issue. For versions 2015.006.30394 and earlier, update to a version later than 2015.006.30394 to resolve the issue. As a temporary workaround, consider disabling JavaScript functionality in Adobe Acrobat Reader until a patch is available.