CVE-2018-4895

Name of the Vulnerable Software and Affected Versions Adobe Acrobat versions prior to the fixed version Adobe Reader versions prior to the fixed version Adobe Acrobat Document Cloud versions prior to the fixed version Adobe Reader Document Cloud versions prior to the fixed version Adobe Acrobat Reader 2018 versions prior to 2018.009.20050 Adobe Acrobat Reader 2017 versions prior to 2017.011.30070 Adobe Acrobat Reader 2015 versions prior to 2015.006.30394

Description The issue is caused by a computation that writes data past the end of the intended buffer, which is part of the image conversion engine when processing Enhanced Metafile Format Plus (EMF+) data. This can lead to memory corruption or execution of arbitrary code by a remote attacker using specially crafted EMF+ data.

Recommendations For Adobe Acrobat and Adobe Reader, update to a version that is not affected by this issue. For Adobe Acrobat Reader 2018 versions prior to 2018.009.20050, update to version 2018.009.20050 or later. For Adobe Acrobat Reader 2017 versions prior to 2017.011.30070, update to version 2017.011.30070 or later. For Adobe Acrobat Reader 2015 versions prior to 2015.006.30394, update to version 2015.006.30394 or later. As a temporary workaround, consider disabling the processing of Enhanced Metafile Format Plus (EMF+) data until a patch is available.