Discovered by Aleksandar Nikolic of Cisco Talos
Today, Talos is releasing details of a new vulnerability within Adobe Acrobat Reader DC. Adobe Acrobat Reader is the most popular and most feature-rich PDF reader. It has a big user base, is usually a default PDF reader on systems and integrates into web browsers as a plugin for rendering PDFs. As such, tricking a user into visiting a malicious web page or sending a specially crafted email attachment can be enough to trigger this vulnerability.
TALOS-2017-0505 - Adobe Acrobat Reader DC Document ID Remote Code Execution Vulnerability (CVE-2018-4901)
Known vulnerable versions
Adobe Acrobat Reader DC 2018.009.20044
The following Snort Rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your FireSIGHT Management Center or Snort.org.
Snort Rules: 45102-3