CVE-2017-16367

Опубликовано: 09 дек. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 9.3

EPSS Низкий

Описание

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion overflow vulnerability. The vulnerability leads to an out of bounds memory access. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads or writes -- potentially leading to code corruption, control-flow hijack, or an information leak attack.

Ссылки

http://www.securityfocus.com/bid/101815
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039791
Third Party Advisory
VDB Entry
https://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Vendor Advisory
http://www.securityfocus.com/bid/101815
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039791
Third Party Advisory
VDB Entry
https://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*

Версия до 11.0.22 (включая)

cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*

Версия от 17.0 (включая) до 17.011.30066 (включая)

cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*

Версия от - (включая) до 17.012.20098 (включая)

cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*

Версия от 15.0 (включая) до 15.006.30355 (включая)

cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*

Версия до 11.0.22 (включая)

cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*

Версия от 17.0 (включая) до 17.011.30066 (включая)

cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*

Версия от - (включая) до 17.012.20098 (включая)

cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*

Версия от 15.0 (включая) до 15.006.30355 (включая)

EPSS

Процентиль: 92%

0.08675

Низкий

8.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-704

Связанные уязвимости

GHSA-xvmr-xj68-h5hr