SB2017111411 - Multiple vulnerabilities in Adobe Reader and Acrobat
Published: November 14, 2017
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 61 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2017-16362)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
2) Out-of-bounds read (CVE-ID: CVE-2017-16370)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
3) Out-of-bounds read (CVE-ID: CVE-2017-16376)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
4) Out-of-bounds read (CVE-ID: CVE-2017-16382)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
5) Out-of-bounds read (CVE-ID: CVE-2017-16394)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
6) Out-of-bounds read (CVE-ID: CVE-2017-16397)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
7) Out-of-bounds read (CVE-ID: CVE-2017-16399)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
8) Out-of-bounds read (CVE-ID: CVE-2017-16400)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
9) Out-of-bounds read (CVE-ID: CVE-2017-16401)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
10) Out-of-bounds read (CVE-ID: CVE-2017-16402)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
11) Out-of-bounds read (CVE-ID: CVE-2017-16403)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
12) Out-of-bounds read (CVE-ID: CVE-2017-16404)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
13) Out-of-bounds read (CVE-ID: CVE-2017-16405)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
14) Out-of-bounds read (CVE-ID: CVE-2017-16408)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
15) Out-of-bounds read (CVE-ID: CVE-2017-16409)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
16) Out-of-bounds read (CVE-ID: CVE-2017-16412)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
17) Out-of-bounds read (CVE-ID: CVE-2017-16414)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
18) Out-of-bounds read (CVE-ID: CVE-2017-16417)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
19) Out-of-bounds read (CVE-ID: CVE-2017-16418)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
20) Out-of-bounds read (CVE-ID: CVE-2017-16420)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
21) Out-of-bounds read (CVE-ID: CVE-2017-11293)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.
22) Buffer over-read (CVE-ID: CVE-2017-16363)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to buffer over-read. A remote attacker can gain access to arbitrary data.
23) Buffer over-read (CVE-ID: CVE-2017-16365)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to buffer over-read. A remote attacker can gain access to arbitrary data.
24) Buffer over-read (CVE-ID: CVE-2017-16374)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to buffer over-read. A remote attacker can gain access to arbitrary data.
25) Buffer over-read (CVE-ID: CVE-2017-16384)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to buffer over-read. A remote attacker can gain access to arbitrary data.
26) Buffer over-read (CVE-ID: CVE-2017-16386)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to buffer over-read. A remote attacker can gain access to arbitrary data.
27) Buffer over-read (CVE-ID: CVE-2017-16387)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to buffer over-read. A remote attacker can gain access to arbitrary data.
28) Security restrictions bypass (CVE-ID: CVE-2017-16369)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to improper access control. A remote attacker can bypass security restrictions and gain access to arbitrary data.
Successful exploitation of the vulnerability results in information disclosure.
29) Use-after-free error (CVE-ID: CVE-2017-16360)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to a use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
30) Use-after-free error (CVE-ID: CVE-2017-16388)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to a use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
31) Use-after-free error (CVE-ID: CVE-2017-16389)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to a use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
32) Use-after-free error (CVE-ID: CVE-2017-16390)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to a use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
33) Use-after-free error (CVE-ID: CVE-2017-16393)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to a use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
34) Use-after-free error (CVE-ID: CVE-2017-16398)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to a use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
35) Access of uninitialized pointer (CVE-ID: CVE-2017-16377)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to access of uninitialized pointer. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
36) Access of uninitialized pointer (CVE-ID: CVE-2017-16378)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to access of uninitialized pointer. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
37) Buffer access with incorrect length value (CVE-ID: CVE-2017-16381)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer access with incorrect length value. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
38) Buffer access with incorrect length value (CVE-ID: CVE-2017-16385)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer access with incorrect length value. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
39) Buffer access with incorrect length value (CVE-ID: CVE-2017-16392)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer access with incorrect length value. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
40) Buffer access with incorrect length value (CVE-ID: CVE-2017-16395)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer access with incorrect length value. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
41) Buffer access with incorrect length value (CVE-ID: CVE-2017-16396)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer access with incorrect length value. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
42) Memory corruption (CVE-ID: CVE-2017-16368)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow or underflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
43) Heap-based buffer overflow (CVE-ID: CVE-2017-16383)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
44) Improper validation of array index (CVE-ID: CVE-2017-16391)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of array index. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
45) Improper validation of array index (CVE-ID: CVE-2017-16410)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of array index. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
46) Out-of-bounds write (CVE-ID: CVE-2017-16407)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
47) Out-of-bounds write (CVE-ID: CVE-2017-16413)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
48) Out-of-bounds write (CVE-ID: CVE-2017-16415)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
49) Out-of-bounds write (CVE-ID: CVE-2017-16416)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
50) Security restrictions bypass (CVE-ID: CVE-2017-16380)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim into opening a specially crafted .pdf file, bypass security restrictions and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
51) Type confusion (CVE-ID: CVE-2017-16367)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
52) Type confusion (CVE-ID: CVE-2017-16379)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
53) Type confusion (CVE-ID: CVE-2017-16406)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
54) Untrusted pointer dereference (CVE-ID: CVE-2017-16364)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to untrusted pointer dereference when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
55) Untrusted pointer dereference (CVE-ID: CVE-2017-16371)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to untrusted pointer dereference when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
56) Untrusted pointer dereference (CVE-ID: CVE-2017-16372)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to untrusted pointer dereference when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
57) Untrusted pointer dereference (CVE-ID: CVE-2017-16373)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to untrusted pointer dereference when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
58) Untrusted pointer dereference (CVE-ID: CVE-2017-16375)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to untrusted pointer dereference when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
59) Untrusted pointer dereference (CVE-ID: CVE-2017-16411)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to untrusted pointer dereference when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
60) Resource exhaustion (CVE-ID: CVE-2017-16419)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to stack exhaustion when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger excessive resource consumption and cause the service to crash.
Successful exploitation of the vulnerability results in denial of service.
61) Security restrictions bypass (CVE-ID: CVE-2017-16361)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to improper acesss control. A remote attacker can trick the victim into opening a specially crafted .pdf file, bypass security restrictions and conduct drive-by-download attack.
Remediation
Install update from vendor's website.