DLL Hijacking Vulnerability in Adobe Acrobat Reader
CVE-2017-3013

7.8HIGH

Key Information:

Vendor
Adobe
Status
Adobe Acrobat Reader 11.0.19 And Earlier, 15.006.30280 And Earlier, 15.023.20070 And Earlier.
Vendor
CVE Published:
12 April 2017

Summary

Adobe Acrobat Reader contains a vulnerability that allows for insecure library loading, specifically related to remote logging functionalities. This flaw occurs in versions 11.0.19 and earlier, as well as in early releases of version 15.x, enabling malicious libraries to be loaded under certain conditions. Attackers can exploit this vulnerability to execute unauthorized code, posing significant risks to users who utilize these affected versions.

Affected Version(s)

Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier. Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.

References

http://www.securitytracker.com/id/1038228
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/97547
vdb-entryx_refsource_BID
https://helpx.adobe.com/security/products/acrobat/apsb17-...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.