| Vulnerability Name: | CVE-2017-16399 (CCN-134761) | ||||||||||||
| Assigned: | 2017-11-14 | ||||||||||||
| Published: | 2017-11-14 | ||||||||||||
| Updated: | 2017-12-15 | ||||||||||||
| Summary: | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the XPS parsing module. In this scenario, the input is crafted in a way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure. | ||||||||||||
| CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-125 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2017-16399 Source: BID Type: Third Party Advisory, VDB Entry 102140 Source: CCN Type: BID-102140 Adobe Reader and Acrobat Out-of-bounds Read Multiple Remote Code Execution Vulnerabilities Source: SECTRACK Type: Third Party Advisory, VDB Entry 1039791 Source: XF Type: UNKNOWN adobe-reader-cve201716399-code-exec(134761) Source: CCN Type: Adobe Security Bulletin APSB17-36 Security Updates Available for Adobe Acrobat and Reader Source: CONFIRM Type: Vendor Advisory https://helpx.adobe.com/security/products/acrobat/apsb17-36.html | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||