Vulnerability CVE-2017-2967
Published: 2017-01-10   Modified: 2017-01-11

Description:
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the XFA engine related to a form's structure and organization. Successful exploitation could lead to arbitrary code execution.

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Adobe -> Acrobat dc 
Adobe -> Acrobat reader dc 
Adobe -> Acrobat 
Adobe -> Reader 

 References:
http://www.securityfocus.com/bid/95345
http://www.securitytracker.com/id/1037574
http://www.zerodayinitiative.com/advisories/ZDI-17-031
https://helpx.adobe.com/security/products/acrobat/apsb17-01.html
Copyright 2024, cxsecurity.com

 

Back to Top