Heap Overflow Vulnerability in Adobe Acrobat and Reader
CVE-2017-11308

9.8CRITICAL

Key Information:

Vendor: Adobe
Status: Adobe Acrobat And Reader 2017.012.20098 And Earlier Versions, 2017.011.30066 And Earlier Versions, 2015.006.30355 And Earlier Versions, 11.0.22 And Earlier Versions
Vendor: CVE Published:; 19 May 2018

Summary

A vulnerability exists in Adobe Acrobat and Reader that allows for a heap overflow. This exploitable flaw could enable an attacker to execute arbitrary code within the context of the current user. Affected versions include Adobe Acrobat 2017.012.20098 and earlier, 2017.011.30066 and earlier, and others up to version 11.0.22. Users should update their applications to mitigate potential security threats.

Affected Version(s)

Adobe Acrobat and Reader 2017.012.20098 and earlier , 2017.011.30066 and earlier , 2015.006.30355 and earlier , 11.0.22 and earlier Adobe Acrobat and Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions

References

https://helpx.adobe.com/security/products/acrobat/apsb17-...

x_refsource_MISC

EPSS Score

52% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 19, 2018
Vulnerability Reserved
Jul 13, 2017