Multiple vulnerabilities in Adobe Reader and Acrobat

1) Out-of-bounds read

EUVDB-ID: #VU9202

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16362

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU9203

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16370

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU9204

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16376

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU9205

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16382

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds read

EUVDB-ID: #VU9206

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16394

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU9207

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16397

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds read

EUVDB-ID: #VU9208

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16399

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds read

EUVDB-ID: #VU9209

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16400

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds read

EUVDB-ID: #VU9210

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16401

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds read

EUVDB-ID: #VU9211

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16402

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds read

EUVDB-ID: #VU9212

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16403

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds read

EUVDB-ID: #VU9213

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16404

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds read

EUVDB-ID: #VU9214

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16405

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Out-of-bounds read

EUVDB-ID: #VU9215

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16408

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds read

EUVDB-ID: #VU9216

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16409

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Out-of-bounds read

EUVDB-ID: #VU9217

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16412

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Out-of-bounds read

EUVDB-ID: #VU9218

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16414

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Out-of-bounds read

EUVDB-ID: #VU9219

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16417

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Out-of-bounds read

EUVDB-ID: #VU9220

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16418

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds read

EUVDB-ID: #VU9221

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16420

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Out-of-bounds read

EUVDB-ID: #VU9222

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-11293

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Buffer over-read

EUVDB-ID: #VU9223

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16363

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to buffer over-read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Buffer over-read

EUVDB-ID: #VU9224

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16365

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to buffer over-read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Buffer over-read

EUVDB-ID: #VU9225

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16374

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to buffer over-read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Buffer over-read

EUVDB-ID: #VU9226

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16384

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to buffer over-read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Buffer over-read

EUVDB-ID: #VU9227

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16386

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to buffer over-read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Buffer over-read

EUVDB-ID: #VU9228

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16387

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to buffer over-read. A remote attacker can gain access to arbitrary data.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Security restrictions bypass

EUVDB-ID: #VU9229

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16369

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper access control. A remote attacker can bypass security restrictions and gain access to arbitrary data.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Use-after-free error

EUVDB-ID: #VU9230

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16360

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Use-after-free error

EUVDB-ID: #VU9231

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16388

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Use-after-free error

EUVDB-ID: #VU9232

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16389

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Use-after-free error

EUVDB-ID: #VU9233

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16390

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Use-after-free error

EUVDB-ID: #VU9234

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16393

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Use-after-free error

EUVDB-ID: #VU9235

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16398

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Access of uninitialized pointer

EUVDB-ID: #VU9236

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16377

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to access of uninitialized pointer. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Access of uninitialized pointer

EUVDB-ID: #VU9237

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16378

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to access of uninitialized pointer. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Buffer access with incorrect length value

EUVDB-ID: #VU9238

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16381

CWE-ID: CWE-805 - Buffer Access with Incorrect Length Value

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer access with incorrect length value. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Buffer access with incorrect length value

EUVDB-ID: #VU9239

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16385

CWE-ID: CWE-805 - Buffer Access with Incorrect Length Value

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer access with incorrect length value. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Buffer access with incorrect length value

EUVDB-ID: #VU9240

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16392

CWE-ID: CWE-805 - Buffer Access with Incorrect Length Value

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer access with incorrect length value. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Buffer access with incorrect length value

EUVDB-ID: #VU9241

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16395

CWE-ID: CWE-805 - Buffer Access with Incorrect Length Value

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer access with incorrect length value. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Buffer access with incorrect length value

EUVDB-ID: #VU9242

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16396

CWE-ID: CWE-805 - Buffer Access with Incorrect Length Value

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer access with incorrect length value. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Memory corruption

EUVDB-ID: #VU9243

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16368

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow or underflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Heap-based buffer overflow

EUVDB-ID: #VU9244

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16383

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Improper validation of array index

EUVDB-ID: #VU9245

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16391

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to improper validation of array index. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Improper validation of array index

EUVDB-ID: #VU9246

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16410

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to improper validation of array index. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Out-of-bounds write

EUVDB-ID: #VU9247

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16407

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Out-of-bounds write

EUVDB-ID: #VU9248

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16413

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Out-of-bounds write

EUVDB-ID: #VU9249

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16415

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Out-of-bounds write

EUVDB-ID: #VU9250

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16416

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Security restrictions bypass

EUVDB-ID: #VU9251

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16380

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim into opening a specially crafted .pdf file, bypass security restrictions and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Type confusion

EUVDB-ID: #VU9252

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16367

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Type confusion

EUVDB-ID: #VU9253

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16379

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Type confusion

EUVDB-ID: #VU9254

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16406

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Untrusted pointer dereference

EUVDB-ID: #VU9255

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16364

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to untrusted pointer dereference when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Untrusted pointer dereference

EUVDB-ID: #VU9256

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16371

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to untrusted pointer dereference when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Untrusted pointer dereference

EUVDB-ID: #VU9257

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16372

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to untrusted pointer dereference when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Untrusted pointer dereference

EUVDB-ID: #VU9258

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16373

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to untrusted pointer dereference when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Untrusted pointer dereference

EUVDB-ID: #VU9259

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16375

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to untrusted pointer dereference when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Untrusted pointer dereference

EUVDB-ID: #VU9260

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-16411

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to untrusted pointer dereference when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Resource exhaustion

EUVDB-ID: #VU9261

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16419

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to stack exhaustion when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger excessive resource consumption and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Security restrictions bypass

EUVDB-ID: #VU9262

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16361

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper acesss control. A remote attacker can trick the victim into opening a specially crafted .pdf file, bypass security restrictions and conduct drive-by-download attack.

Mitigation

Update Acrobat DC and Acrobat Reader DC 2017.x to version 2018.009.20044.
Update Acrobat 2017 and Acrobat Reader 2017 to version 2017.011.30068.
Update Acrobat DC and Acrobat Reader DC 2015.x to version 2015.006.30392.
Update Acrobat XI and Reader XI to version 11.0.23.

Vulnerable software versions

Adobe Reader: 11.0.0 - 2017.012.20098

Adobe Acrobat: 11.0.0 - 17.012.20098

CPE2.3

External links

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Risk	High
Patch available	YES
Number of vulnerabilities	61
CVE-ID	CVE-2017-16362 CVE-2017-16370 CVE-2017-16376 CVE-2017-16382 CVE-2017-16394 CVE-2017-16397 CVE-2017-16399 CVE-2017-16400 CVE-2017-16401 CVE-2017-16402 CVE-2017-16403 CVE-2017-16404 CVE-2017-16405 CVE-2017-16408 CVE-2017-16409 CVE-2017-16412 CVE-2017-16414 CVE-2017-16417 CVE-2017-16418 CVE-2017-16420 CVE-2017-11293 CVE-2017-16363 CVE-2017-16365 CVE-2017-16374 CVE-2017-16384 CVE-2017-16386 CVE-2017-16387 CVE-2017-16369 CVE-2017-16360 CVE-2017-16388 CVE-2017-16389 CVE-2017-16390 CVE-2017-16393 CVE-2017-16398 CVE-2017-16377 CVE-2017-16378 CVE-2017-16381 CVE-2017-16385 CVE-2017-16392 CVE-2017-16395 CVE-2017-16396 CVE-2017-16368 CVE-2017-16383 CVE-2017-16391 CVE-2017-16410 CVE-2017-16407 CVE-2017-16413 CVE-2017-16415 CVE-2017-16416 CVE-2017-16380 CVE-2017-16367 CVE-2017-16379 CVE-2017-16406 CVE-2017-16364 CVE-2017-16371 CVE-2017-16372 CVE-2017-16373 CVE-2017-16375 CVE-2017-16411 CVE-2017-16419 CVE-2017-16361
CWE-ID	CWE-125 CWE-126 CWE-200 CWE-416 CWE-824 CWE-805 CWE-119 CWE-122 CWE-129 CWE-787 CWE-20 CWE-843 CWE-822 CWE-400 CWE-284
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Adobe Reader Client/Desktop applications / Office applications Adobe Acrobat Client/Desktop applications / Office applications
Vendor	Adobe