CVE-2017-2951

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2017-2951
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to sub-form functionality. Successful exploitation could lead to arbitrary code execution.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector : AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://www.securityfocus.com/bid/95343
http://www.securitytracker.com/id/1037574
http://www.zerodayinitiative.com/advisories/ZDI-17-022
https://helpx.adobe.com/security/products/acrobat/apsb17-01.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2017-01-11 04:59

Updated : 2023-12-10 12:01

NVD link : CVE-2017-2951

Mitre link : CVE-2017-2951

CVE.ORG link : CVE-2017-2951

JSON object : View

Products Affected

adobe

  • acrobat
  • acrobat_reader_dc
  • acrobat_dc
  • reader

microsoft

  • windows

apple

  • mac_os_x
CWE
CWE-416

Use After Free