HTTP: Adobe Acrobat and Reader JPEG2000 Parsing Out of Bounds Read
This signature detects attempts to exploit a known vulnerability in the JPEG2000 component of Adobe Acrobat and Acrobat Reader. Successful exploitation could result in remote code execution.
Extended Description
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
References
CVE: CVE-2018-4990
Short Name
HTTP:STC:ADOBE:CVE-2018-4990OOB
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Acrobat Adobe Bounds CVE-2018-4990 JPEG2000 Out Parsing Read Reader and of
Release Date
05/28/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3377
False Positive
Unknown
CVSS Score
6.8