July Vulnerability of the Month: Two Zero-Days Caught in Development

Tenable Research

An Adobe Reader double free vulnerability on Windows and macOS systems earns the nod for its interesting discovery and patch story.

Novelty, sophistication or just plain weirdness are some of the potential criteria we use to select the Tenable vulnerability of the month. We collect nominations from our 70+ research team members, shortlist the finalists and give the entire team the chance to vote -- combining the total experience and knowledge of Tenable Research to identify the vulnerability of the month.

Background

This month, Tenable Research highlights CVE-2018-4990, an Adobe Reader double free vulnerability on Windows and macOS systems. CVE-2018-4990 has an interesting discovery and patch story. It was discovered by ESET researchers in March 2018 because the developers uploaded their malicious PDF to their public repository. Because the sample didn’t contain the final payload, researchers concluded it was still in development. The researchers disclosed this vulnerability -- along with CVE-2018-8120, a privilege escalation bug in Microsoft Windows -- to the vendors. Security patches were issued in mid-May.

What makes this the vulnerability of the month?

It’s always interesting when the (potential) attackers tip their hands. Uploading malicious samples to a public repository while they’re still in development wasn’t the smartest move, assuming stealth was desired. Uploading the incomplete sample might have been a tactic to determine if any antivirus software would detect it. The samples “demonstrated a high level of skills in vulnerability discovery and exploit writing," according to ESET.

This is also an excellent example of how vulnerabilities can be chained to achieve remote code execution with highest privileges. Had the vulnerabilities not been discovered and patched before the exploits were fully developed, it’s likely they would have been widely used by attackers, particularly in exploit kits, with potentially disastrous consequences.

Vulnerability details

This vulnerability impacts Adobe Reader/DC 2018.011.20038 and earlier versions along with Adobe Acrobat Reader 2017/DC 2017.011.30079 and earlier versions.

An attacker who successfully exploits the vulnerability could achieve arbitrary code execution in the context of the current user. While the malicious PDF is available on VirusTotal, we are not aware of any reports of these vulnerabilities being exploited in the wild yet.

When the two vulnerabilities (CVE-2018-4990 and CVE-2018-8120) are combined, as they were in the upload to VirusTotal, an attacker could gain complete control of an affected system. We’ve released the following Nessus® plugins to assist our customers in finding and securing their exposure to CVE-2018-4990 as well as the other vulnerabilities patched in the update.

Plugin ID

Description

109895

Adobe Acrobat

109896

Adobe Reader

109897

Adobe Acrobat

109898

Adobe Reader

109604

KB4103712: Windows 7 and Windows Server 2008 R2 May 2018 Security Update

109651

Security Updates for Windows Server 2008 (May 2018)

Additional resources

Learn more about Tenable.io, the first Cyber Exposure platform for holistic management of your modern attack surface. Get a free 60-day trial of Tenable.io Vulnerability Management.

Read more >

Published on Jul 31, 2018

People also viewed

API Delivery Engineer

Uxbridge United Kingdom Furzeground Way , Stockley Park, Uxbridge, United Kingdom, UB11 1EZ Professional Services Professional Services
Your Role:Assist in the deployment and configuration of Tenable solutions within client organisations. The consultant will provide technical support, preparation and documentation to clients as part of a small delivery team. The consultant will in...

Principal Research Engineer

Paris Paris France Paris, France Sensors Research & Development
Your Opportunity:As the Cyber Exposure market leader Tenable is looking for a passionate and talented Principal Researcher for its Tenable Research team. Tenable Research is significant and growing global security research team consisting of rever...

Security Consultant - API

North Sydney Australia Pacific Highway, North Sydney, Australia, NSW 2060 Professional Services Professional Services
Your Role:Tenable’s Global Professional Services organization performs Tenable product installation, configuration, customizations, and security audits for our clients, and is looking to hire a security consultant with expertise developing scripts...

Field Product Manager

Seattle Washington United States 5th Ave, Seattle, Washington, United States, 98101 Product Management Research & Development
Your Role:The Field Product Manager  supports and works with Product Management, Engineering, Product Marketing, Sales, and other internal teams to guide on how Tenable products and services could be used to best suit customer needs. This supporti...

Technical Product Manager - Cloud Services

New York New York United States Broadway, New York, United States, 10012 Product Management Research & Development
Your Role:Tenable is looking for a Technical Product Manager - Cloud Services, responsible for driving the product strategy and management of our cloud services, platform infrastructure, and public APIs. This full-stack PMrole is expected to be sk...

Sr. UI Engineer

Los Angeles California United States West Jefferson Boulevard, Playa Vista, Los Angeles, California, United States, 90066 Cloud Platforms Research & Development
Your Role:Tenable is looking for an extraordinary Senior UI Engineer to join the Tenable.io Engineering team. This is an opportunity to make a high impact while helping the team deliver on a next-generation enterprise web application. The ideal ca...

We have big plans for continued global growth, and we’re looking for people who are creative, flexible and dedicated to helping us build something great – something that matters.