CVE-2017-11256

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when generating content using XFA layout engine. Successful exploitation could lead to arbitrary code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
adobeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
adobeacrobat
11.0.0 ≤
𝑥
≤ 11.0.20
adobeacrobat
17.011.00000 ≤
𝑥
≤ 17.011.30066
adobeacrobat_dc
15.006.30060 ≤
𝑥
≤ 15.006.30306
adobeacrobat_dc
15.007.20033 ≤
𝑥
≤ 17.009.20058
adobeacrobat_reader
17.011.00000 ≤
𝑥
≤ 17.011.30066
adobeacrobat_reader_dc
15.006.30060 ≤
𝑥
≤ 15.006.30306
adobeacrobat_reader_dc
15.007.20033 ≤
𝑥
≤ 17.009.20058
adobereader
11.0.0 ≤
𝑥
≤ 11.0.20
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/100182
http://www.securitytracker.com/id/1039098
https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
http://www.securityfocus.com/bid/100182
http://www.securitytracker.com/id/1039098
https://helpx.adobe.com/security/products/acrobat/apsb17-24.html