Vulnerability CVE-2017-3122


Published: 2017-08-11

Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to Bezier curves. Successful exploitation could lead to arbitrary code execution.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Adobe
Product: Acrobat reader dc 
Version:
2017.009.20058
2015.006.30306
17.012.20095
17.012.20093
17.011.30065
17.011.30059
17.009.20058
17.009.20044
17.000.0000
15.006.30354
15.006.30352
15.006.30306
15.006.30280
15.006.30279
15.006.30244
15.006.30243
15.006.30201
15.006.30198
15.006.30174
15.006.30173
15.006.30172
15.006.30121
15.006.30119
15.006.30097
15.006.30096
15.006.30094
15.006.30060
15.006.30033
15.000.0000
See more versions on NVD
Product: Acrobat dc 
Version:
2017.009.20058
2015.006.30306
17.012.20096
17.012.20095
17.012.20093
17.011.30066
17.011.30065
17.011.30059
17.011.30056
17.009.20058
17.009.20044
17.000.0000
15.006.30354
15.006.30352
15.006.30306
15.006.30280
15.006.30279
15.006.30244
15.006.30243
15.006.30201
15.006.30198
15.006.30174
15.006.30173
15.006.30172
15.006.30121
15.006.30119
15.006.30097
15.006.30096
15.006.30094
15.006.30060
15.006.30033
15.000.0000
See more versions on NVD
Product: Acrobat reader 
Version: 2017.008.30051; 17.011.30059;
Product: Acrobat 
Version:
2017.008.30051
17.011.30065
17.011.30059
17.011.30056
11.0.9
11.0.8
11.0.7
11.0.6
11.0.5
11.0.4
11.0.3
11.0.20
11.0.2
11.0.19
11.0.18
11.0.17
11.0.16
11.0.15
11.0.14
11.0.13
11.0.12
11.0.11
11.0.10
11.0.1
See more versions on NVD
Product: Reader 
Version:
11.0.20
11.0.19
11.0.18
11.0.17
11.0.16
11.0.15
11.0.14
11.0.13
11.0.12
11.0.11
11.0.10
11.0.09
11.0.08
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://www.securityfocus.com/bid/100184
http://www.securitytracker.com/id/1039098
https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

Related CVE
CVE-2018-19725
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2019-8075
Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
CVE-2019-8074
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user.
CVE-2019-8073
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user.
CVE-2019-8072
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
CVE-2019-8076
Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
CVE-2019-8070
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
CVE-2019-8069
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.

Copyright 2019, cxsecurity.com

 

Back to Top