Multiple vulnerabilities in Adobe Reader and Acrobat



Published: 2017-11-14
Risk High
Patch available YES
Number of vulnerabilities 61
CVE-ID CVE-2017-16362
CVE-2017-16370
CVE-2017-16376
CVE-2017-16382
CVE-2017-16394
CVE-2017-16397
CVE-2017-16399
CVE-2017-16400
CVE-2017-16401
CVE-2017-16402
CVE-2017-16403
CVE-2017-16404
CVE-2017-16405
CVE-2017-16408
CVE-2017-16409
CVE-2017-16412
CVE-2017-16414
CVE-2017-16417
CVE-2017-16418
CVE-2017-16420
CVE-2017-11293
CVE-2017-16363
CVE-2017-16365
CVE-2017-16374
CVE-2017-16384
CVE-2017-16386
CVE-2017-16387
CVE-2017-16369
CVE-2017-16360
CVE-2017-16388
CVE-2017-16389
CVE-2017-16390
CVE-2017-16393
CVE-2017-16398
CVE-2017-16377
CVE-2017-16378
CVE-2017-16381
CVE-2017-16385
CVE-2017-16392
CVE-2017-16395
CVE-2017-16396
CVE-2017-16368
CVE-2017-16383
CVE-2017-16391
CVE-2017-16410
CVE-2017-16407
CVE-2017-16413
CVE-2017-16415
CVE-2017-16416
CVE-2017-16380
CVE-2017-16367
CVE-2017-16379
CVE-2017-16406
CVE-2017-16364
CVE-2017-16371
CVE-2017-16372
CVE-2017-16373
CVE-2017-16375
CVE-2017-16411
CVE-2017-16419
CVE-2017-16361
CWE-ID CWE-125
CWE-126
CWE-200
CWE-416
CWE-824
CWE-805
CWE-119
CWE-122
CWE-129
CWE-787
CWE-20
CWE-843
CWE-822
CWE-400
CWE-284
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Adobe Reader
Client/Desktop applications / Office applications

Adobe Acrobat
Client/Desktop applications / Office applications

Vendor Adobe

Security Bulletin

This security bulletin contains information about 61 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU9202

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16362

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Out-of-bounds read

EUVDB-ID: #VU9203

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16370

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Out-of-bounds read

EUVDB-ID: #VU9204

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16376

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Out-of-bounds read

EUVDB-ID: #VU9205

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16382

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

5) Out-of-bounds read

EUVDB-ID: #VU9206

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16394

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

6) Out-of-bounds read

EUVDB-ID: #VU9207

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16397

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

7) Out-of-bounds read

EUVDB-ID: #VU9208

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16399

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

8) Out-of-bounds read

EUVDB-ID: #VU9209

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16400

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

9) Out-of-bounds read

EUVDB-ID: #VU9210

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16401

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

10) Out-of-bounds read

EUVDB-ID: #VU9211

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16402

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

11) Out-of-bounds read

EUVDB-ID: #VU9212

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16403

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

12) Out-of-bounds read

EUVDB-ID: #VU9213

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16404

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

13) Out-of-bounds read

EUVDB-ID: #VU9214

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16405

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

14) Out-of-bounds read

EUVDB-ID: #VU9215

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16408

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

15) Out-of-bounds read

EUVDB-ID: #VU9216

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16409

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

16) Out-of-bounds read

EUVDB-ID: #VU9217

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16412

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

17) Out-of-bounds read

EUVDB-ID: #VU9218

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16414

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

18) Out-of-bounds read

EUVDB-ID: #VU9219

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16417

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

19) Out-of-bounds read

EUVDB-ID: #VU9220

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16418

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

20) Out-of-bounds read

EUVDB-ID: #VU9221

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16420

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

21) Out-of-bounds read

EUVDB-ID: #VU9222

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-11293

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

22) Buffer over-read

EUVDB-ID: #VU9223

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16363

CWE-ID: CWE-126 - Buffer Over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to buffer over-read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

23) Buffer over-read

EUVDB-ID: #VU9224

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16365

CWE-ID: CWE-126 - Buffer Over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to buffer over-read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

24) Buffer over-read

EUVDB-ID: #VU9225

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16374

CWE-ID: CWE-126 - Buffer Over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to buffer over-read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

25) Buffer over-read

EUVDB-ID: #VU9226

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16384

CWE-ID: CWE-126 - Buffer Over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to buffer over-read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

26) Buffer over-read

EUVDB-ID: #VU9227

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16386

CWE-ID: CWE-126 - Buffer Over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to buffer over-read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

27) Buffer over-read

EUVDB-ID: #VU9228

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16387

CWE-ID: CWE-126 - Buffer Over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to buffer over-read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

28) Security restrictions bypass

EUVDB-ID: #VU9229

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16369

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper access control. A remote attacker can bypass security restrictions and gain access to arbitrary data.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

29) Use-after-free error

EUVDB-ID: #VU9230

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16360

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

30) Use-after-free error

EUVDB-ID: #VU9231

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16388

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

31) Use-after-free error

EUVDB-ID: #VU9232

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16389

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

32) Use-after-free error

EUVDB-ID: #VU9233

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16390

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

33) Use-after-free error

EUVDB-ID: #VU9234

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16393

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

34) Use-after-free error

EUVDB-ID: #VU9235

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16398

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

35) Access of uninitialized pointer

EUVDB-ID: #VU9236

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16377

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to access of uninitialized pointer. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

36) Access of uninitialized pointer

EUVDB-ID: #VU9237

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16378

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to access of uninitialized pointer. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

37) Buffer access with incorrect length value

EUVDB-ID: #VU9238

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16381

CWE-ID: CWE-805 - Buffer Access with Incorrect Length Value

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer access with incorrect length value. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

38) Buffer access with incorrect length value

EUVDB-ID: #VU9239

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16385

CWE-ID: CWE-805 - Buffer Access with Incorrect Length Value

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer access with incorrect length value. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

39) Buffer access with incorrect length value

EUVDB-ID: #VU9240

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16392

CWE-ID: CWE-805 - Buffer Access with Incorrect Length Value

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer access with incorrect length value. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

40) Buffer access with incorrect length value

EUVDB-ID: #VU9241

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16395

CWE-ID: CWE-805 - Buffer Access with Incorrect Length Value

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer access with incorrect length value. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

41) Buffer access with incorrect length value

EUVDB-ID: #VU9242

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16396

CWE-ID: CWE-805 - Buffer Access with Incorrect Length Value

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer access with incorrect length value. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

42) Memory corruption

EUVDB-ID: #VU9243

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16368

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow or underflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

43) Heap-based buffer overflow

EUVDB-ID: #VU9244

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16383

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

44) Improper validation of array index

EUVDB-ID: #VU9245

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16391

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to improper validation of array index. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

45) Improper validation of array index

EUVDB-ID: #VU9246

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16410

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to improper validation of array index. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

46) Out-of-bounds write

EUVDB-ID: #VU9247

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16407

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

47) Out-of-bounds write

EUVDB-ID: #VU9248

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16413

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

48) Out-of-bounds write

EUVDB-ID: #VU9249

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16415

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

49) Out-of-bounds write

EUVDB-ID: #VU9250

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16416

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

50) Security restrictions bypass

EUVDB-ID: #VU9251

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16380

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim into opening a specially crafted .pdf file, bypass security restrictions and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

51) Type confusion

EUVDB-ID: #VU9252

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16367

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

52) Type confusion

EUVDB-ID: #VU9253

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16379

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

53) Type confusion

EUVDB-ID: #VU9254

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16406

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

54) Untrusted pointer dereference

EUVDB-ID: #VU9255

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16364

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to untrusted pointer dereference when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

55) Untrusted pointer dereference

EUVDB-ID: #VU9256

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16371

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to untrusted pointer dereference when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

56) Untrusted pointer dereference

EUVDB-ID: #VU9257

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16372

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to untrusted pointer dereference when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

57) Untrusted pointer dereference

EUVDB-ID: #VU9258

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16373

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to untrusted pointer dereference when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

58) Untrusted pointer dereference

EUVDB-ID: #VU9259

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16375

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to untrusted pointer dereference when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

59) Untrusted pointer dereference

EUVDB-ID: #VU9260

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-16411

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to untrusted pointer dereference when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

60) Resource exhaustion

EUVDB-ID: #VU9261

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16419

CWE-ID: CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to stack exhaustion when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger excessive resource consumption and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

61) Security restrictions bypass

EUVDB-ID: #VU9262

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16361

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper acesss control. A remote attacker can trick the victim into opening a specially crafted .pdf file, bypass security restrictions and conduct drive-by-download attack.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 2017.008.30051 - 2017.012.20098, 2015.006.30306 - 2015.006.30355, 11.0.0 - 11.0.22

Adobe Acrobat: 2015.006.30306 - 2015.006.30355, 2017.008.30051 - 2017.012.20098


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###