July Vulnerability of the Month: Two Zero-Days Caught in Development

Tenable Research

An Adobe Reader double free vulnerability on Windows and macOS systems earns the nod for its interesting discovery and patch story.

Novelty, sophistication or just plain weirdness are some of the potential criteria we use to select the Tenable vulnerability of the month. We collect nominations from our 70+ research team members, shortlist the finalists and give the entire team the chance to vote -- combining the total experience and knowledge of Tenable Research to identify the vulnerability of the month.

Background

This month, Tenable Research highlights CVE-2018-4990, an Adobe Reader double free vulnerability on Windows and macOS systems. CVE-2018-4990 has an interesting discovery and patch story. It was discovered by ESET researchers in March 2018 because the developers uploaded their malicious PDF to their public repository. Because the sample didn’t contain the final payload, researchers concluded it was still in development. The researchers disclosed this vulnerability -- along with CVE-2018-8120, a privilege escalation bug in Microsoft Windows -- to the vendors. Security patches were issued in mid-May.

What makes this the vulnerability of the month?

It’s always interesting when the (potential) attackers tip their hands. Uploading malicious samples to a public repository while they’re still in development wasn’t the smartest move, assuming stealth was desired. Uploading the incomplete sample might have been a tactic to determine if any antivirus software would detect it. The samples “demonstrated a high level of skills in vulnerability discovery and exploit writing," according to ESET.

This is also an excellent example of how vulnerabilities can be chained to achieve remote code execution with highest privileges. Had the vulnerabilities not been discovered and patched before the exploits were fully developed, it’s likely they would have been widely used by attackers, particularly in exploit kits, with potentially disastrous consequences.

Vulnerability details

This vulnerability impacts Adobe Reader/DC 2018.011.20038 and earlier versions along with Adobe Acrobat Reader 2017/DC 2017.011.30079 and earlier versions.

An attacker who successfully exploits the vulnerability could achieve arbitrary code execution in the context of the current user. While the malicious PDF is available on VirusTotal, we are not aware of any reports of these vulnerabilities being exploited in the wild yet.

When the two vulnerabilities (CVE-2018-4990 and CVE-2018-8120) are combined, as they were in the upload to VirusTotal, an attacker could gain complete control of an affected system. We’ve released the following Nessus® plugins to assist our customers in finding and securing their exposure to CVE-2018-4990 as well as the other vulnerabilities patched in the update.

Plugin ID

Description

109895

Adobe Acrobat

109896

Adobe Reader

109897

Adobe Acrobat

109898

Adobe Reader

109604

KB4103712: Windows 7 and Windows Server 2008 R2 May 2018 Security Update

109651

Security Updates for Windows Server 2008 (May 2018)

Additional resources

Learn more about Tenable.io, the first Cyber Exposure platform for holistic management of your modern attack surface. Get a free 60-day trial of Tenable.io Vulnerability Management.

Read more >

Published on Jul 31, 2018

People also viewed

Customer Success Manager - ANZ

North Sydney Australia Pacific Highway, North Sydney, Australia, NSW 2060 Customer Success Sales
Your Role:Tenable has an immediate need for a Customer Success Manager who will be responsible for establishing and driving sales activities for our software products within a designated geography.Companies today are grappling with an ever expandi...

Field and Channel Marketing Manager, Nordics and Benelux

Uxbridge United Kingdom Furzeground Way , Stockley Park, Uxbridge, United Kingdom, UB11 1EZ Field & Channel Marketing Marketing
Your Role:Tenable seeks an experienced field and channel marketing manager to generate demand for Tenable products and solutions across our Scandinavia and Benelux territories.  The successful candidate will have demonstrated experience creating, ...

Finance & Investor Relations Intern

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Finance Internships
Your Role:Tenable has a Finance and Investor Relations Intern opportunity for college students entering their senior year or actively enrolled in an MBA program. If you're looking for a chance to apply what you're learning in your degree program, ...

Senior Data Engineer

Dublin Ireland Campshires, Sir John Rogerson's Quay, Dublin, Ireland Research Engineering
Your Role:Data Engineers here are involved in designing, developing and maintaining systems for data analysis, transformation, modelling and visualisation. We work directly with the data scientists to develop cutting edge uses of the data we colle...

Technical Support Manager

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Technical Support Technical Support
Your Role:Tenable is seeking a high energy, results oriented customer advocate capable of motivating an already exceptional support team to even higher levels of customer satisfaction. Our current global rating is over 93% satisfaction and we expe...

Cloud Security Intern

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Information Security Internships
Your Role: The Cloud Security Intern will help the Tenable secure their use of cloud systems across the company.  The intern will develop, implement and monitor security solutions for cloud that assess risk, keep Tenable data safe and bake in secu...

We have big plans for continued global growth, and we’re looking for people who are creative, flexible and dedicated to helping us build something great – something that matters.