Main Vulnerability Database Vulnerabilities #VU4132

Security bypass in Adobe Acrobat and Adobe Reader - CVE-2017-2947

Published: January 10, 2017

Vulnerability identifier: #VU4132

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-2947

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Adobe

Affected software:
Adobe Acrobat
Adobe Reader

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to unspecified error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and bypass certain security restrictions.

Successful exploitation of the vulnerability may lead to sensitive information disclosure.

How to mitigate CVE-2017-2947

Install the latest version of Adobe Reader and Acrobat:

Acrobat DC Continuous 15.023.20053
Acrobat Reader DC Continuous 15.023.20053
Acrobat DC Classic 15.006.30279
Acrobat Reader DC Classic 15.006.30279
Acrobat XI 11.0.19
Reader XI 11.0.19

Sources

https://helpx.adobe.com/security/products/acrobat/apsb17-01.html

Security bypass in Adobe Acrobat and Adobe Reader - CVE-2017-2947

Detailed vulnerability description

How to mitigate CVE-2017-2947

Sources

Please verify you're human