CVE-2017-11293
critical
CVSS v3
9.8
CVSS v2
10.0
VIR risk
9.8
Description
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
Predictions
Exploit likelihood
97%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: nvd@nist.gov — https://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| adobe | acrobat | {"endIncluding":"11.0.22"} | |
| adobe | acrobat_dc | {"startIncluding":"-","endIncluding":"17.012.20098"} | |
| adobe | acrobat_reader | {"endIncluding":"11.0.22"} | |
| adobe | acrobat_reader_dc | {"startIncluding":"-","endIncluding":"17.012.20098"} | |
References
- http://www.securityfocus.com/bid/102140
- http://www.securitytracker.com/id/1039791
- https://helpx.adobe.com/security/products/acrobat/aspb17-36.html
- https://helpx.adobe.com/security/products/acrobat/apsb17-36.html
- http://www.securityfocus.com/bid/102140
- http://www.securitytracker.com/id/1039791
- https://helpx.adobe.com/security/products/acrobat/aspb17-36.html
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.