Multiple vulnerabilities in Adobe Reader and Acrobat

Published: 2017-08-08 19:31:50 | Updated: 2017-08-14 15:26:38
Severity High
Patch available YES
Number of vulnerabilities 67
CVE ID CVE-2017-3016
CVE-2017-3038
CVE-2017-3113
CVE-2017-3115
CVE-2017-3116
CVE-2017-3117
CVE-2017-3118
CVE-2017-3119
CVE-2017-3120
CVE-2017-3121
CVE-2017-3122
CVE-2017-3123
CVE-2017-3124
CVE-2017-11209
CVE-2017-11210
CVE-2017-11211
CVE-2017-11212
CVE-2017-11214
CVE-2017-11216
CVE-2017-11217
CVE-2017-11218
CVE-2017-11219
CVE-2017-11220
CVE-2017-11221
CVE-2017-11222
CVE-2017-11223
CVE-2017-11224
CVE-2017-11226
CVE-2017-11227
CVE-2017-11228
CVE-2017-11229
CVE-2017-11230
CVE-2017-11231
CVE-2017-11232
CVE-2017-11233
CVE-2017-11234
CVE-2017-11235
CVE-2017-11236
CVE-2017-11237
CVE-2017-11238
CVE-2017-11239
CVE-2017-11241
CVE-2017-11242
CVE-2017-11243
CVE-2017-11244
CVE-2017-11245
CVE-2017-11246
CVE-2017-11248
CVE-2017-11249
CVE-2017-11251
CVE-2017-11252
CVE-2017-11254
CVE-2017-11255
CVE-2017-11256
CVE-2017-11257
CVE-2017-11258
CVE-2017-11259
CVE-2017-11260
CVE-2017-11261
CVE-2017-11262
CVE-2017-11263
CVE-2017-11265
CVE-2017-11267
CVE-2017-11268
CVE-2017-11269
CVE-2017-11270
CVE-2017-11271
CVSSv3 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-119
CWE-416
CWE-20
CWE-122
CWE-843
CWE-264
Exploitation vector Network
Public exploit Not available
Vulnerable software Adobe Reader
Adobe Acrobat
Adobe Acrobat Reader DC
Adobe Acrobat DC
Vulnerable software versions Adobe Reader 11.0.20
Adobe Reader 2017.008.30051
Adobe Reader 11.0.19
Show more
Adobe Acrobat 11.0.20
Adobe Acrobat 2017.008.30051
Adobe Acrobat 11.0.19
Show more
Adobe Acrobat Reader DC 2015.006.30306
Adobe Acrobat Reader DC 2017.009.20058
Adobe Acrobat Reader DC 2017.009.20044
Show more
Adobe Acrobat DC 2015.006.30306
Adobe Acrobat DC 2017.009.20058
Adobe Acrobat DC 2017.009.20044
Show more
Vendor URL Adobe

Security Advisory

1) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious content. A remote attacker can send a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

2) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling malicious content. A remote unauthenticated attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of this vulnerability may result in remote code execution.

The vulnerability was patched in https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

Remediation

Update Adobe Reader DC and Acrobat DC to version 2015.006.30352 or 2017.011.30059.
Update Adobe Reader and Acrobat to version 11.0.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-11.html

3) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling malicious content. A remote attacker can send a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

4) Information disclosure

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted .pdf file, trick the victim into opening it and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

5) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious content. A remote attacker can send a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

6) Heap-based buffer overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when handling malicious content. A remote attacker can send a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

7) Security restrictions bypass

Description

The vulnerability allows a remote attacker to bypass security restrictions.

The weakness exists due to improper access controls. A remote attacker can send a specially crafted file, trick the victim into opening it, execute malicious attachments and gain access to arbitrary data.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

8) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious content. A remote attacker can send a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

9) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in the XFA parsing engine when handling certain types of internal instructions. A remote attacker can send a specially crafted content, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

10) Heap-based buffer overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when handling malicious content. A remote attacker can send a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

11) Memory corruption

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to Bezier curves. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

12) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data drawing position definitio. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

13) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the picture exchange (PCX) file format parsing module. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

14) Memory corruption

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error when reading a JPEG file embedded within XML Paper Specification (XPS) file. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

15) Memory corruption

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the font parsing, where the font is embedded in the XML Paper Specification (XPS) file. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

16) Heap-based buffer overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow in the JPEG parser. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

17) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text output. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

18) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to rendering a path. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

19) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to bitmap transformations. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

20) Memory corruption

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error when processing Enhanced Metafile Format (EMF) data related to drawing of Unicode text strings. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

21) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in XFA event management. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

22) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in the XFA rendering engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

23) Heap-based buffer overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow in an internal data structure. A remote attacker can send a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

24) Type confusion error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion error in the annotation functionality. A remote attacker can send a specially crafted file, trick the victim into opening it and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

25) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the Product Representation Compact (PRC) engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

26) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in the core of the XFA engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

27) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in the XFA layout engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

28) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image processing engine when processing JPEG 2000 (JP2) code stream data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

29) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

30) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing JPEG 2000 (JP2) code stream data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

31) Security restrictions bypass

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to improper access controls when manipulating Forms Data Format (FDF). A remote attacker can send a specially crafted file, trick the victim into opening it, bypass security restrictions and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

32) Memory corruption

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the JPEG 2000 engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

33) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in Acrobat/Reader rendering engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

34) Use-after-free error

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to use-after-free error when processing Enhanced Metafile Format (EMF) data related to brush manipulation. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

35) Memory corruption

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to block transfer of pixels. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

36) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing TIFF data related to the way how the components of each pixel are stored. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

37) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in the image conversion engine when decompressing JPEG data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

38) Memory corruption

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the internal handling of UTF-16 literal strings. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

39) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the font parsing module. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

40) Memory corruption

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to curve drawing. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

41) Memory corruption

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text strings. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

42) Heap-based buffer overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to polygons. A remote attacker can send a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

43) Memory corruption

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to line segments. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

44) Memory corruption

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the XSLT engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

45) Memory corruption

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transformation of blocks of pixels. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

46) Memory corruption

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

47) Memory corruption

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error  in the image conversion engine when parsing JPEG data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

48) Memory corruption

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to pixel block transfer. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

49) Memory corruption

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the image conversion engine when parsing an invalid Enhanced Metafile Format (EMF) record. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

50) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the JPEG 2000 parsing module. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

51) Memory corruption

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the Adobe Graphics Manager (AGM) module. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

52) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in the Acrobat/Reader's JavaScript engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

53) Memory corruption

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the image conversion engine when processing TIFF color map data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

54) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when generating content using XFA layout engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

55) Type confusion error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion error in the XFA layout engine. A remote attacker can send a specially crafted file, trick the victim into opening it and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

56) Memory corruption

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded GIF image. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

57) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

58) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as a GIF image. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

59) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded TIF image. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

60) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing ASCII text string. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

61) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the internal data structure manipulation related to document encoding. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

62) Memory corruption

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as JPEG data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

63) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as JPEG data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

64) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private JPEG data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

65) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) image stream data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

66) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data representing icons. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

67) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transfer of pixel blocks. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update Acrobat DC and Acrobat Reader DC to version 2015.006.30352 or 2017.012.20093.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30059.
Update Acrobat XI and Reader XI to version 11.21.

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

Back to List