Use After Free Vulnerability in Adobe Acrobat and Reader
CVE-2017-16388

8.8HIGH

Key Information:

Vendor
Adobe
Status
Adobe Acrobat Reader 2017.012.20098 And Earlier Versions, 2017.011.30066 And Earlier Versions, 2015.006.30355 And Earlier Versions, 11.0.22 And Earlier Versions
Vendor
CVE Published:
9 December 2017

Summary

A vulnerability in Adobe Acrobat and Reader allows for unintended memory access through the JavaScript API engine due to a use after free condition. This occurs when there is an object mismatch between old and new instances, potentially allowing attackers to exploit the flaw to execute arbitrary code, corrupt data, or leak sensitive information. Systems running affected versions are at risk; thus, timely updates and security measures are strongly advised.

Affected Version(s)

Adobe Acrobat Reader 2017.012.20098 and earlier , 2017.011.30066 and earlier , 2015.006.30355 and earlier , 11.0.22 and earlier Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions

References

http://www.securityfocus.com/bid/101818
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039791
vdb-entryx_refsource_SECTRACK
https://helpx.adobe.com/security/products/acrobat/apsb17-...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.