Home

CVE-2018-15979

Description

Adobe Acrobat and Reader versions 2019.008.20080 and earlier, 2017.011.30105 and earlier, and 2015.006.30456 and earlier have a ntlm sso hash theft vulnerability. Successful exploitation could lead to information disclosure.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
2.199

Associated Vulnerability

VulnerabilityOS Platform
Adobe Acrobat Reader DC (Continuous Track) update - All languages 19.008.20081 (APSB18-40)Windows
Adobe Acrobat Reader 2017 MUI (Classic Track) update - All languages 17.011.30106 (APSB18-40)Windows
Adobe Acrobat DC Pro and Standard (Classic Track) update - All languages 15.006.30457 (APSB18-40)Windows
Adobe Acrobat DC Pro and Standard (Continuous Track) update - All languages 19.008.20081 (APSB18-40)Windows
Adobe Acrobat 2017 MUI (Classic Track) update - All languages 17.011.30106 (APSB18-40)Windows
Vulnerabilities CVE-2018-15979 are affected in Acrobat DC 19.008.20080Windows
Multiple vulnerabilities affected in Acrobat Reader 17.011.30102Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-308380Adobe Acrobat Reader DC (Continuous Track) update - All languages 19.008.20081 (APSB18-40)
PATCH-308382Adobe Acrobat Reader 2017 MUI (Classic Track) update - All languages 17.011.30106 (APSB18-40)
PATCH-308383Adobe Acrobat DC Pro and Standard (Classic Track) update - All languages 15.006.30457 (APSB18-40)
PATCH-308384Adobe Acrobat DC Pro and Standard (Continuous Track) update - All languages 19.008.20081 (APSB18-40)
PATCH-308385Adobe Acrobat 2017 MUI (Classic Track) update - All languages 17.011.30106 (APSB18-40)
PATCH-343119Adobe Acrobat DC Pro and Standard (Continuous Track) update - All languages (24.004.20272)
PATCH-315465Adobe Acrobat Reader MUI DC (Classic Track) update - All languages (15.006.30527) (APSB20-48)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234