CVE-2018-4879

Name of the Vulnerable Software and Affected Versions Adobe Acrobat Reader versions 2018.009.20050 and earlier Adobe Acrobat Reader versions 2017.011.30070 and earlier Adobe Acrobat Reader versions 2015.006.30394 and earlier

Description The issue is caused by a computation that writes data past the end of the intended buffer, which is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. This can potentially allow an attacker to corrupt sensitive data or execute arbitrary code. The vulnerability can be exploited by a remote attacker using specially crafted EMF+ data, leading to memory corruption or arbitrary code execution.

Recommendations For Adobe Acrobat Reader versions 2018.009.20050 and earlier, update to a version later than 2018.009.20050 to resolve the issue. For Adobe Acrobat Reader versions 2017.011.30070 and earlier, update to a version later than 2017.011.30070 to resolve the issue. For Adobe Acrobat Reader versions 2015.006.30394 and earlier, update to a version later than 2015.006.30394 to resolve the issue. As a temporary workaround, consider disabling the image conversion module that processes EMF+ data until a patch is available.