CVE-2017-3034

EUVD-2017-12175
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture (XFA) engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution.
Wrap or Wraparound
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
adobeacrobat
𝑥
≤ 11.0.19
adobeacrobat_dc
𝑥
≤ 15.006.30280
adobeacrobat_dc
𝑥
≤ 15.023.20070
adobeacrobat_reader_dc
𝑥
≤ 15.006.30280
adobeacrobat_reader_dc
𝑥
≤ 15.023.20070
adobereader
𝑥
≤ 11.0.19
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/97548
http://www.securitytracker.com/id/1038228
https://helpx.adobe.com/security/products/acrobat/apsb17-11.html
http://www.zerodayinitiative.com/advisories/ZDI-17-260/
http://www.securityfocus.com/bid/97548
http://www.securitytracker.com/id/1038228
https://helpx.adobe.com/security/products/acrobat/apsb17-11.html