CVE-2017-3017

Published Apr 12, 2017

Last updated 20 days ago

CVSS high 7.8

Overview

Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when handling a malformed PDF file. Successful exploitation could lead to arbitrary code execution.
Source: psirt@adobe.com
NVD status: Deferred

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "920C2C98-5D86-4436-BEFF-54D9A41D43C8",
            "versionEndIncluding": "11.0.19"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E065F497-3396-4F95-B19F-35628C8AA570",
            "versionEndIncluding": "15.006.30280"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FAC7EE17-469A-45D6-94B1-7C84E8727A06",
            "versionEndIncluding": "15.023.20070"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF2B91EA-41D3-4054-958C-5F174D2ADDF0",
            "versionEndIncluding": "15.006.30280"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E18E48C-BDDD-4A01-91F1-C233D53C0978",
            "versionEndIncluding": "15.023.20070"
          },
          {
            "criteria": "cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E65E415E-1C3C-472E-9750-3295B65CC6F0",
            "versionEndIncluding": "11.0.19"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References