Risk | High |
Patch available | YES |
Number of vulnerabilities | 67 |
CVE-ID | CVE-2017-3016 CVE-2017-3038 CVE-2017-3113 CVE-2017-3115 CVE-2017-3116 CVE-2017-3117 CVE-2017-3118 CVE-2017-3119 CVE-2017-3120 CVE-2017-3121 CVE-2017-3122 CVE-2017-3123 CVE-2017-3124 CVE-2017-11209 CVE-2017-11210 CVE-2017-11211 CVE-2017-11212 CVE-2017-11214 CVE-2017-11216 CVE-2017-11217 CVE-2017-11218 CVE-2017-11219 CVE-2017-11220 CVE-2017-11221 CVE-2017-11222 CVE-2017-11223 CVE-2017-11224 CVE-2017-11226 CVE-2017-11227 CVE-2017-11228 CVE-2017-11229 CVE-2017-11230 CVE-2017-11231 CVE-2017-11232 CVE-2017-11233 CVE-2017-11234 CVE-2017-11235 CVE-2017-11236 CVE-2017-11237 CVE-2017-11238 CVE-2017-11239 CVE-2017-11241 CVE-2017-11242 CVE-2017-11243 CVE-2017-11244 CVE-2017-11245 CVE-2017-11246 CVE-2017-11248 CVE-2017-11249 CVE-2017-11251 CVE-2017-11252 CVE-2017-11254 CVE-2017-11255 CVE-2017-11256 CVE-2017-11257 CVE-2017-11258 CVE-2017-11259 CVE-2017-11260 CVE-2017-11261 CVE-2017-11262 CVE-2017-11263 CVE-2017-11265 CVE-2017-11267 CVE-2017-11268 CVE-2017-11269 CVE-2017-11270 CVE-2017-11271 |
CWE-ID | CWE-119 CWE-416 CWE-20 CWE-122 CWE-843 CWE-264 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
Adobe Reader Client/Desktop applications / Office applications Adobe Acrobat Client/Desktop applications / Office applications Other |
Vendor |
Adobe |
Security Bulletin
This security bulletin contains information about 67 vulnerabilities.
EUVDB-ID: #VU7711
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-3016
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling malicious content. A remote attacker can send a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU6227
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-3038
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when handling malicious content. A remote unauthenticated attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may result in remote code execution.
The vulnerability was patched in https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Update Adobe Reader DC and Acrobat DC to version 2015.006.30352 or 2017.011.30059.
Update Adobe Reader and Acrobat to version 11.0.21.
Adobe Reader: 11.0.19 - 17.009.20044
Adobe Acrobat: 11.0.19 - 17.009.20044
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-11.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7762
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-3113
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling malicious content. A remote attacker can send a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7826
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3115
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted .pdf file, trick the victim into opening it and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7763
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-3116
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling malicious content. A remote attacker can send a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7764
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-3117
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when handling malicious content. A remote attacker can send a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7825
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3118
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The weakness exists due to improper access controls. A remote attacker can send a specially crafted file, trick the victim into opening it, execute malicious attachments and gain access to arbitrary data.
Successful exploitation of the vulnerability results in information disclosure.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7765
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-3119
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling malicious content. A remote attacker can send a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7766
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-3120
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in the XFA parsing engine when handling certain types of internal instructions. A remote attacker can send a specially crafted content, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7767
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-3121
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when handling malicious content. A remote attacker can send a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7824
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3122
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to Bezier curves. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7768
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-3123
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data drawing position definitio. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7769
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-3124
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the picture exchange (PCX) file format parsing module. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7823
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-11209
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to boundary error when reading a JPEG file embedded within XML Paper Specification (XPS) file. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7822
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-11210
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to boundary error in the font parsing, where the font is embedded in the XML Paper Specification (XPS) file. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7770
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11211
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow in the JPEG parser. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7771
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11212
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text output. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7772
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11214
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to rendering a path. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7773
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11216
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to bitmap transformations. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7821
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-11217
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to boundary error when processing Enhanced Metafile Format (EMF) data related to drawing of Unicode text strings. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7774
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11218
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in XFA event management. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7775
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11219
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in the XFA rendering engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7776
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11220
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow in an internal data structure. A remote attacker can send a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7777
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11221
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error in the annotation functionality. A remote attacker can send a specially crafted file, trick the victim into opening it and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7778
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11222
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the Product Representation Compact (PRC) engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7779
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11223
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in the core of the XFA engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7780
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11224
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in the XFA layout engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7781
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11226
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the image processing engine when processing JPEG 2000 (JP2) code stream data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7782
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11227
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7783
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11228
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the image conversion engine when processing JPEG 2000 (JP2) code stream data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7784
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11229
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to improper access controls when manipulating Forms Data Format (FDF). A remote attacker can send a specially crafted file, trick the victim into opening it, bypass security restrictions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7820
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-11230
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to boundary error in the JPEG 2000 engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7785
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11231
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in Acrobat/Reader rendering engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7819
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-11232
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to use-after-free error when processing Enhanced Metafile Format (EMF) data related to brush manipulation. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7818
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-11233
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to block transfer of pixels. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7786
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11234
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the image conversion engine when processing TIFF data related to the way how the components of each pixel are stored. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7787
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11235
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in the image conversion engine when decompressing JPEG data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7817
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-11236
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to boundary error in the internal handling of UTF-16 literal strings. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7788
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11237
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the font parsing module. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7816
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-11238
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to curve drawing. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7815
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-11239
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text strings. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7789
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11241
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to polygons. A remote attacker can send a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7814
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-11242
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to line segments. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7813
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-11243
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to boundary error in the XSLT engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7812
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-11244
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transformation of blocks of pixels. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7811
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-11245
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7810
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-11246
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to boundary error in the image conversion engine when parsing JPEG data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7809
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-11248
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to pixel block transfer. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7808
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-11249
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to boundary error in the image conversion engine when parsing an invalid Enhanced Metafile Format (EMF) record. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7790
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11251
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the JPEG 2000 parsing module. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7807
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-11252
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to boundary error in the Adobe Graphics Manager (AGM) module. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7791
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11254
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in the Acrobat/Reader's JavaScript engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7806
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-11255
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to boundary error in the image conversion engine when processing TIFF color map data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7792
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11256
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when generating content using XFA layout engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7793
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11257
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error in the XFA layout engine. A remote attacker can send a specially crafted file, trick the victim into opening it and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7805
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-11258
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded GIF image. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7794
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11259
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7795
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11260
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as a GIF image. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7796
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11261
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded TIF image. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7797
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11262
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing ASCII text string. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7798
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11263
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the internal data structure manipulation related to document encoding. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7804
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-11265
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as JPEG data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7799
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11267
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as JPEG data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7800
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11268
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private JPEG data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7801
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11269
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) image stream data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7802
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11270
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data representing icons. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7803
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11271
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transfer of pixel blocks. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.
Adobe Reader: 11.0.0 - 17.009.20058
Adobe Acrobat: 11.0.0 - 17.009.20058
CPE2.3https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.