CVE-2017-2967

EUVD-2017-12108
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the XFA engine related to a form's structure and organization. Successful exploitation could lead to arbitrary code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
adobeacrobat
𝑥
≤ 11.0.18
adobeacrobat_dc
𝑥
≤ 15.006.30244
adobeacrobat_dc
𝑥
≤ 15.020.20042
adobeacrobat_reader_dc
𝑥
≤ 15.006.30244
adobeacrobat_reader_dc
𝑥
≤ 15.020.20042
adobereader
𝑥
≤ 11.0.18
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/95345
http://www.securitytracker.com/id/1037574
http://www.zerodayinitiative.com/advisories/ZDI-17-031
https://helpx.adobe.com/security/products/acrobat/apsb17-01.html
http://www.securityfocus.com/bid/95345
http://www.securitytracker.com/id/1037574
http://www.zerodayinitiative.com/advisories/ZDI-17-031
https://helpx.adobe.com/security/products/acrobat/apsb17-01.html