Discovered by Aleksandar Nikolic of Cisco Talos
Today, Cisco Talos is releasing details of a new vulnerability within Adobe Acrobat Reader DC. Adobe Acrobat Reader is the most popular and most feature-rich PDF reader. It has a large user base, is usually a default PDF reader on systems and integrates into web browsers as a plugin for rendering PDFs. As such, tricking a user into visiting a malicious web page or sending a specially crafted email attachment can be enough to trigger this vulnerability. The one method call required to trigger this vulnerability is privileged and can only be called from trusted functions or a trusted location. Additionally, the use-after-free condition is only triggered upon closing the application.
TALOS-2017-0623 - Adobe Acrobat Reader DC Collab reviewServer Remote Code Execution Vulnerability (CVE-2018-12852)
Known vulnerable versions
Adobe Acrobat Reader DC 2018.011.20040
The following Snort Rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.
Snort Rule: 47074 - 47075