CVE-2017-3116

EUVD-2017-12257
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the MakeAccessible plugin when parsing TrueType font data. Successful exploitation could lead to arbitrary code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
adobeacrobat
11.0.0 ≤
𝑥
< 11.0.21
adobeacrobat_dc
15.000.0000 ≤
𝑥
< 15.006.30355
adobeacrobat_dc
17.000.0000 ≤
𝑥
≤ 17.011.30066
adobeacrobat_dc
17.000.0000 ≤
𝑥
< 17.012.20098
adobeacrobat_reader_dc
15.000.0000 ≤
𝑥
< 15.006.30355
adobeacrobat_reader_dc
17.000.0000 ≤
𝑥
< 17.011.30066
adobeacrobat_reader_dc
17.000.0000 ≤
𝑥
< 17.012.20098
adobereader
11.0.0 ≤
𝑥
< 11.0.21
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/100179
http://www.securitytracker.com/id/1039098
https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
http://www.securityfocus.com/bid/100179
http://www.securitytracker.com/id/1039098
https://helpx.adobe.com/security/products/acrobat/apsb17-24.html