10
CVSSv2

CVE-2018-12755

Published: 20/07/2018 Updated: 24/02/2020
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 891
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Adobe Acrobat and Reader 2018.011.20040 and previous versions, 2017.011.30080 and previous versions, and 2015.006.30418 and previous versions versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Vulnerability Trend

Affected Products

Vendor Product Versions
AdobeAcrobat Dc15.006.30060, 15.006.30094, 15.006.30096, 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30172, 15.006.30173, 15.006.30174, 15.006.30198, 15.006.30201, 15.006.30243, 15.006.30244, 15.006.30279, 15.006.30280, 15.006.30306, 15.006.30352, 15.006.30354, 15.006.30355, 15.006.30392, 15.006.30394, 15.006.30413, 15.006.30416, 15.006.30417, 15.006.30418, 15.008.20082, 15.009.20069, 15.009.20071, 15.009.20077, 15.009.20079, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20039, 15.016.20041, 15.016.20045, 15.017.20050, 15.017.20053, 15.020.20039, 15.020.20042, 15.023.20053, 15.023.20056, 15.023.20070, 17.000.0000, 17.009.20044, 17.009.20058, 17.011.30059, 17.011.30065, 17.011.30066, 17.011.30068, 17.011.30070, 17.011.30078, 17.011.30079, 17.011.30080, 17.012.20093, 17.012.20095, 17.012.20096, 17.012.20098, 18.009.20044, 18.009.20050, 18.011.20038, 18.011.20040
AdobeAcrobat Reader Dc15.006.30060, 15.006.30094, 15.006.30096, 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30172, 15.006.30173, 15.006.30174, 15.006.30198, 15.006.30201, 15.006.30243, 15.006.30244, 15.006.30279, 15.006.30280, 15.006.30306, 15.006.30352, 15.006.30354, 15.006.30355, 15.006.30392, 15.006.30394, 15.006.30416, 15.006.30417, 15.006.30418, 15.008.20082, 15.009.20069, 15.009.20071, 15.009.20077, 15.009.20079, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20039, 15.016.20041, 15.016.20045, 15.017.20050, 15.017.20053, 15.020.20039, 15.020.20042, 15.023.20053, 15.023.20056, 15.023.20070, 17.000.0000, 17.009.20044, 17.009.20058, 17.011.30059, 17.011.30065, 17.011.30066, 17.011.30068, 17.011.30070, 17.011.30078, 17.011.30079, 17.011.30080, 17.012.20093, 17.012.20095, 17.012.20098, 18.009.20044, 18.009.20050, 18.011.20038, 18.011.20040

Github Repositories

My little changes Inspired shell-stormorg/blog/In-Memory-fuzzing-with-Pin/ Many of applications can not be fuzzed through traditional AFL approach For example windows services require initial procedure In same time WINAFL not deliver fuzz data into target process It makes the tested application through stdin/readfile or sockets However, firstly, it is a bit slow met

WinAFL Original AFL code written by Michal Zalewski <lcamtuf@googlecom> Windows fork written and maintained by Ivan Fratric <ifratric@googlecom> Copyright 2016 Google Inc All Rights Reserved Licensed under the Apache License, Version 20 (the "License"); you may not use this file except in compliance with the License

WinAFL Original AFL code written by Michal Zalewski <lcamtuf@googlecom> Windows fork written and maintained by Ivan Fratric <ifratric@googlecom> Copyright 2016 Google Inc All Rights Reserved Licensed under the Apache License, Version 20 (the "License"); you may not use this file except in compliance with the License

my changes to winafl