Use After Free Vulnerability in Adobe Acrobat and Reader
CVE-2017-16360
Key Information:
- Vendor
- Adobe
- Vendor
- CVE Published:
- 9 December 2017
Summary
A vulnerability in Adobe Acrobat and Reader manifests as a use after free flaw in the MakeAccessible plugin. This issue occurs when the software creates an internal data structure and results in discrepancies between the old and new object states. Consequently, an attacker may exploit this vulnerability to gain unintended access to memory, potentially resulting in code corruption, control flow hijacking, or information leakage. If successfully exploited, this could allow an attacker to execute arbitrary code within the application.
Affected Version(s)
Adobe Acrobat Reader 2017.012.20098 and earlier , 2017.011.30066 and earlier , 2015.006.30355 and earlier , 11.0.22 and earlier Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved