CVE-2018-4888

Name of the Vulnerable Software and Affected Versions Adobe Acrobat Reader versions 2018.009.20050 and earlier Adobe Acrobat Reader versions 2017.011.30070 and earlier Adobe Acrobat Reader versions 2015.006.30394 and earlier

Description The issue is a use after free vulnerability triggered by a crafted PDF file, causing a memory access violation exception in the XFA engine due to a dangling reference. This occurs when an object is freed during the computation that manipulates internal nodes in a graph representation of a document object model used in XFA. Successful exploitation could lead to arbitrary code execution.

Recommendations For Adobe Acrobat Reader versions 2018.009.20050 and earlier, update to a version later than 2018.009.20050 to resolve the issue. For Adobe Acrobat Reader versions 2017.011.30070 and earlier, update to a version later than 2017.011.30070 to resolve the issue. For Adobe Acrobat Reader versions 2015.006.30394 and earlier, update to a version later than 2015.006.30394 to resolve the issue. As a temporary workaround, consider avoiding the use of crafted PDF files that could trigger the XFA engine vulnerability until a patch is available.