An attacker could leverage social engineering to trick a user into opening malicious file or remotely via maliciously crafted email. In the scenario of receiving a malicious email, it may be possible to exploit the issue by convincing the user to open the malicious file.
What kind of files might an attacker try to exploit this issue with? Applications that receive a large amount of email traffic such as work email or shared hosting email applications. Or it could be any file type that receives a large amount of traffic such as JPEG, MP3, PDF, or Word file types.
The update addresses the vulnerability by correcting the code that parses the malicious file.
Adobe recommends that users update their software to the latest version. Additionally, administrators should be aware that this vulnerability is easily exploitable by remote attackers, so they should monitor remote access activity for attempts to open malicious files.
Indicators of compromise (IoC) If you believe that one of your systems or applications has been affected by this issue, we recommend that you review the following information. IoC Discovery Vulnerability - CVE-2018-5407 This issue was discovered by Dawid Golunski of the Google Security Team. For more information about the researchers responsible for discovering recently discovered security issues, visit the Vulnerability Details page
What is the attack vector for this vulnerability?
The attack vector for this vulnerability is via maliciously crafted email.
References:
- https://blogs.adobe.com/security/2018/09/12/adobe-security-bulletin-adbele4a64
Adobe Security Bulletin: APSB18-07
References br r
www.adobe.com/support/security/bulletins/apsb18-05
Timeline
Published on: 10/14/2022 20:15:00 UTC
Last modified on: 10/14/2022 20:31:00 UTC