Multiple vulnerabilities in Adobe Reader and Acrobat
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 61 |
| CVE-ID | CVE-2017-16362 CVE-2017-16370 CVE-2017-16376 CVE-2017-16382 CVE-2017-16394 CVE-2017-16397 CVE-2017-16399 CVE-2017-16400 CVE-2017-16401 CVE-2017-16402 CVE-2017-16403 CVE-2017-16404 CVE-2017-16405 CVE-2017-16408 CVE-2017-16409 CVE-2017-16412 CVE-2017-16414 CVE-2017-16417 CVE-2017-16418 CVE-2017-16420 CVE-2017-11293 CVE-2017-16363 CVE-2017-16365 CVE-2017-16374 CVE-2017-16384 CVE-2017-16386 CVE-2017-16387 CVE-2017-16369 CVE-2017-16360 CVE-2017-16388 CVE-2017-16389 CVE-2017-16390 CVE-2017-16393 CVE-2017-16398 CVE-2017-16377 CVE-2017-16378 CVE-2017-16381 CVE-2017-16385 CVE-2017-16392 CVE-2017-16395 CVE-2017-16396 CVE-2017-16368 CVE-2017-16383 CVE-2017-16391 CVE-2017-16410 CVE-2017-16407 CVE-2017-16413 CVE-2017-16415 CVE-2017-16416 CVE-2017-16380 CVE-2017-16367 CVE-2017-16379 CVE-2017-16406 CVE-2017-16364 CVE-2017-16371 CVE-2017-16372 CVE-2017-16373 CVE-2017-16375 CVE-2017-16411 CVE-2017-16419 CVE-2017-16361 |
| CWE-ID | CWE-125 CWE-126 CWE-200 CWE-416 CWE-824 CWE-805 CWE-119 CWE-122 CWE-129 CWE-787 CWE-20 CWE-843 CWE-822 CWE-400 CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Adobe Reader Client/Desktop applications / Office applications Adobe Acrobat Client/Desktop applications / Office applications |
| Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 61 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU9202
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16362
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
2) Out-of-bounds read
EUVDB-ID: #VU9203
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16370
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
3) Out-of-bounds read
EUVDB-ID: #VU9204
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16376
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
4) Out-of-bounds read
EUVDB-ID: #VU9205
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16382
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
5) Out-of-bounds read
EUVDB-ID: #VU9206
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16394
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
6) Out-of-bounds read
EUVDB-ID: #VU9207
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16397
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
7) Out-of-bounds read
EUVDB-ID: #VU9208
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16399
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
8) Out-of-bounds read
EUVDB-ID: #VU9209
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16400
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
9) Out-of-bounds read
EUVDB-ID: #VU9210
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16401
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
10) Out-of-bounds read
EUVDB-ID: #VU9211
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16402
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
11) Out-of-bounds read
EUVDB-ID: #VU9212
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16403
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
12) Out-of-bounds read
EUVDB-ID: #VU9213
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16404
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
13) Out-of-bounds read
EUVDB-ID: #VU9214
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16405
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
14) Out-of-bounds read
EUVDB-ID: #VU9215
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16408
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
15) Out-of-bounds read
EUVDB-ID: #VU9216
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16409
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
16) Out-of-bounds read
EUVDB-ID: #VU9217
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16412
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
17) Out-of-bounds read
EUVDB-ID: #VU9218
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16414
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
18) Out-of-bounds read
EUVDB-ID: #VU9219
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16417
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
19) Out-of-bounds read
EUVDB-ID: #VU9220
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16418
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
20) Out-of-bounds read
EUVDB-ID: #VU9221
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16420
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
21) Out-of-bounds read
EUVDB-ID: #VU9222
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-11293
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
22) Buffer over-read
EUVDB-ID: #VU9223
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16363
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to buffer over-read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
23) Buffer over-read
EUVDB-ID: #VU9224
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16365
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to buffer over-read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
24) Buffer over-read
EUVDB-ID: #VU9225
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16374
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to buffer over-read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
25) Buffer over-read
EUVDB-ID: #VU9226
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16384
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to buffer over-read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
26) Buffer over-read
EUVDB-ID: #VU9227
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16386
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to buffer over-read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
27) Buffer over-read
EUVDB-ID: #VU9228
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16387
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to buffer over-read. A remote attacker can gain access to arbitrary data.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
28) Security restrictions bypass
EUVDB-ID: #VU9229
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16369
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to improper access control. A remote attacker can bypass security restrictions and gain access to arbitrary data.
Successful exploitation of the vulnerability results in information disclosure.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
29) Use-after-free error
EUVDB-ID: #VU9230
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16360
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
30) Use-after-free error
EUVDB-ID: #VU9231
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16388
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
31) Use-after-free error
EUVDB-ID: #VU9232
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16389
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
32) Use-after-free error
EUVDB-ID: #VU9233
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16390
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
33) Use-after-free error
EUVDB-ID: #VU9234
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16393
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
34) Use-after-free error
EUVDB-ID: #VU9235
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16398
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
35) Access of uninitialized pointer
EUVDB-ID: #VU9236
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16377
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to access of uninitialized pointer. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
36) Access of uninitialized pointer
EUVDB-ID: #VU9237
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16378
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to access of uninitialized pointer. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
37) Buffer access with incorrect length value
EUVDB-ID: #VU9238
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16381
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer access with incorrect length value. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
38) Buffer access with incorrect length value
EUVDB-ID: #VU9239
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16385
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer access with incorrect length value. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
39) Buffer access with incorrect length value
EUVDB-ID: #VU9240
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16392
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer access with incorrect length value. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
40) Buffer access with incorrect length value
EUVDB-ID: #VU9241
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16395
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer access with incorrect length value. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
41) Buffer access with incorrect length value
EUVDB-ID: #VU9242
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16396
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer access with incorrect length value. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
42) Memory corruption
EUVDB-ID: #VU9243
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16368
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow or underflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
43) Heap-based buffer overflow
EUVDB-ID: #VU9244
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16383
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
44) Improper validation of array index
EUVDB-ID: #VU9245
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16391
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of array index. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
45) Improper validation of array index
EUVDB-ID: #VU9246
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16410
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of array index. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
46) Out-of-bounds write
EUVDB-ID: #VU9247
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16407
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
47) Out-of-bounds write
EUVDB-ID: #VU9248
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16413
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
48) Out-of-bounds write
EUVDB-ID: #VU9249
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16415
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
49) Out-of-bounds write
EUVDB-ID: #VU9250
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16416
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
50) Security restrictions bypass
EUVDB-ID: #VU9251
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16380
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim into opening a specially crafted .pdf file, bypass security restrictions and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
51) Type confusion
EUVDB-ID: #VU9252
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16367
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
52) Type confusion
EUVDB-ID: #VU9253
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16379
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
53) Type confusion
EUVDB-ID: #VU9254
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16406
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
54) Untrusted pointer dereference
EUVDB-ID: #VU9255
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16364
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to untrusted pointer dereference when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
55) Untrusted pointer dereference
EUVDB-ID: #VU9256
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16371
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to untrusted pointer dereference when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
56) Untrusted pointer dereference
EUVDB-ID: #VU9257
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16372
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to untrusted pointer dereference when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
57) Untrusted pointer dereference
EUVDB-ID: #VU9258
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16373
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to untrusted pointer dereference when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
58) Untrusted pointer dereference
EUVDB-ID: #VU9259
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16375
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to untrusted pointer dereference when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
59) Untrusted pointer dereference
EUVDB-ID: #VU9260
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-16411
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to untrusted pointer dereference when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
60) Resource exhaustion
EUVDB-ID: #VU9261
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16419
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to stack exhaustion when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger excessive resource consumption and cause the service to crash.
Successful exploitation of the vulnerability results in denial of service.
Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
61) Security restrictions bypass
EUVDB-ID: #VU9262
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-16361
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to improper acesss control. A remote attacker can trick the victim into opening a specially crafted .pdf file, bypass security restrictions and conduct drive-by-download attack.
MitigationUpdate Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.
Adobe Reader: 11.0.0 - 2017.012.20098
Adobe Acrobat: 11.0.0 - 17.012.20098
Fixed software versionsCPE2.3 External links
http://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
