Lucene search

[email protected]CVE-2017-2964

HistoryJan 11, 2017 - 4:59 a.m.

CVE-2017-2964

2017-01-1104:59:00

CWE-119

[email protected]

web.nvd.nist.gov

adobe

acrobat reader

memory corruption

vulnerability

cve-2017-2964

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.421 Medium

EPSS

Percentile

97.3%

JSON

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to the parsing of JPEG EXIF metadata. Successful exploitation could lead to arbitrary code execution.

CPENameOperatorVersion
adobe:acrobatadobe acrobatle11.0.18
adobe:acrobat_dcadobe acrobat dcle15.006.30244
adobe:acrobat_dcadobe acrobat dcle15.020.20042
adobe:acrobat_reader_dcadobe acrobat reader dcle15.006.30244
adobe:acrobat_reader_dcadobe acrobat reader dcle15.020.20042
adobe:readeradobe readerle11.0.18

CPE	Name	Operator	Version
adobe:acrobat	adobe acrobat	le	11.0.18
adobe:acrobat_dc	adobe acrobat dc	le	15.006.30244
adobe:acrobat_dc	adobe acrobat dc	le	15.020.20042
adobe:acrobat_reader_dc	adobe acrobat reader dc	le	15.006.30244
adobe:acrobat_reader_dc	adobe acrobat reader dc	le	15.020.20042
adobe:reader	adobe reader	le	11.0.18