CVE-2017-11209
medium
CVSS v3
6.5
CVSS v2
4.3
VIR risk
6.5
Description
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability that occurs when reading a JPEG file embedded within XML Paper Specification (XPS) file. Successful exploitation could lead to arbitrary code execution.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@adobe.com — https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| macos | not-affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| adobe | acrobat | {"startIncluding":"11.0.0","endIncluding":"11.0.20"} | |
| adobe | acrobat_dc | {"startIncluding":"15.006.30060","endIncluding":"15.006.30306"} | |
| adobe | acrobat_reader | {"startIncluding":"17.011.00000","endIncluding":"17.011.30066"} | |
| adobe | acrobat_reader_dc | {"startIncluding":"15.006.30060","endIncluding":"15.006.30306"} | |
| adobe | reader | {"startIncluding":"11.0.0","endIncluding":"11.0.20"} | |
References
- http://www.securityfocus.com/bid/100184
- http://www.securitytracker.com/id/1039098
- https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
- http://www.zerodayinitiative.com/advisories/ZDI-17-577/
- http://www.securityfocus.com/bid/100184
- http://www.securitytracker.com/id/1039098
- https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.