ID OPENVAS:1361412562310811343 Type openvas Reporter Copyright (C) 2017 Greenbone Networks GmbH Modified 2019-05-17T00:00:00
Description
This host is installed with Adobe Acrobat
and is prone to multiple vulnerabilities.
###############################################################################
# OpenVAS Vulnerability Test
#
# Adobe Acrobat Security Updates(apsb17-36)-Windows
#
# Authors:
# Antu Sanadi <santu@secpod.com>
#
# Copyright:
# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
CPE = "cpe:/a:adobe:acrobat";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.811343");
script_version("2019-05-17T13:14:58+0000");
script_cve_id("CVE-2017-16377", "CVE-2017-16378", "CVE-2017-16360", "CVE-2017-16388",
"CVE-2017-16389", "CVE-2017-16390", "CVE-2017-16393", "CVE-2017-16398",
"CVE-2017-16381", "CVE-2017-16385", "CVE-2017-16392", "CVE-2017-16395",
"CVE-2017-16396", "CVE-2017-16363", "CVE-2017-16365", "CVE-2017-16374",
"CVE-2017-16384", "CVE-2017-16386", "CVE-2017-16387", "CVE-2017-16368",
"CVE-2017-16383", "CVE-2017-16391", "CVE-2017-16410", "CVE-2017-16362",
"CVE-2017-16370", "CVE-2017-16376", "CVE-2017-16382", "CVE-2017-16394",
"CVE-2017-16397", "CVE-2017-16399", "CVE-2017-16400", "CVE-2017-16401",
"CVE-2017-16402", "CVE-2017-16403", "CVE-2017-16404", "CVE-2017-16405",
"CVE-2017-16408", "CVE-2017-16409", "CVE-2017-16412", "CVE-2017-16414",
"CVE-2017-16417", "CVE-2017-16418", "CVE-2017-16420", "CVE-2017-11293",
"CVE-2017-16407", "CVE-2017-16413", "CVE-2017-16415", "CVE-2017-16416",
"CVE-2017-16361", "CVE-2017-16366", "CVE-2017-16369", "CVE-2017-16380",
"CVE-2017-16419", "CVE-2017-16367", "CVE-2017-16379", "CVE-2017-16406",
"CVE-2017-16364", "CVE-2017-16371", "CVE-2017-16372", "CVE-2017-16373",
"CVE-2017-16375", "CVE-2017-16411", "CVE-2017-11307", "CVE-2017-11308",
"CVE-2017-11240", "CVE-2017-11250", "CVE-2017-11306", "CVE-2017-11253");
script_bugtraq_id(101821, 101818, 101831, 101824, 101816, 101823, 101819, 101812,
101830, 101820, 101814, 101817, 101815, 101813);
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"last_modification", value:"2019-05-17 13:14:58 +0000 (Fri, 17 May 2019)");
script_tag(name:"creation_date", value:"2017-11-16 11:56:52 +0530 (Thu, 16 Nov 2017)");
script_name("Adobe Acrobat Security Updates(apsb17-36)-Windows");
script_tag(name:"summary", value:"This host is installed with Adobe Acrobat
and is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Multiple flaws exist due to,
- Two access of uninitialized point vulnerabilities that could result in
remote could execution,
- Six use after free vulnerabilities that could result in remote code execution.
- Five buffer access with incorrect length value vulnerabilities that could
result in remote code execution.
- Six buffer over-read vulnerabilities that could result in remote code
execution.
- A buffer overflow vulnerability that could result in remote code execution.
- A heap overflow vulnerability that could result in remote code execution.
- Two improper validation of array index vulnerabilities that could result
in remote code execution.
- Multiple out-of-bounds read vulnerabilities that could result in remote code
execution.
- Four out-of-bounds write vulnerabilities that could result in remote code
execution.
- Two security bypass vulnerabilities that could result in drive-by-downloads.
- A security bypass vulnerability that could result in information disclosure.
- A security bypass vulnerability that could result in remote code execution.
- A stack exhaustion vulnerability that could result in excessive resource
consumption.
- Three type confusion vulnerabilities that could result in remote code
execution.
- Six untrusted pointer dereference vulnerabilities that could result in remote
code execution.
- For more details, refer the reference links mentioned.");
script_tag(name:"impact", value:"Successful exploitation will allow remote
attackers to execute arbitrary code in the context of the application.
Failed attacks may cause a denial-of-service condition. Also attackers will be
able to gain access to potentially sensitive information, get excessive resource
consumption and get unintentional downloads of malicious software.");
script_tag(name:"affected", value:"Adobe Acrobat version 11.x before 11.0.23 on Windows.");
script_tag(name:"solution", value:"Upgrade to Adobe Acrobat version 11.0.23 or later.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"registry");
script_xref(name:"URL", value:"https://helpx.adobe.com/security/products/acrobat/apsb17-36.html");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2017 Greenbone Networks GmbH");
script_family("General");
script_dependencies("secpod_adobe_prdts_detect_win.nasl");
script_mandatory_keys("Adobe/Acrobat/Win/Installed");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);
readerVer = infos['version'];
InstallPath = infos['location'];
if(version_in_range(version:readerVer, test_version:"11.0", test_version2:"11.0.22"))
{
report = report_fixed_ver(installed_version:readerVer, fixed_version:"11.0.23", install_path:InstallPath);
security_message(data:report);
exit(0);
}
{"id": "OPENVAS:1361412562310811343", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Acrobat Security Updates(apsb17-36)-Windows", "description": "This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.", "published": "2017-11-16T00:00:00", "modified": "2019-05-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811343", "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/acrobat/apsb17-36.html"], "cvelist": ["CVE-2017-16367", "CVE-2017-16377", "CVE-2017-11308", "CVE-2017-16361", "CVE-2017-16378", "CVE-2017-16404", "CVE-2017-16409", "CVE-2017-11306", "CVE-2017-16418", "CVE-2017-16370", "CVE-2017-16413", "CVE-2017-16371", "CVE-2017-16376", "CVE-2017-16408", "CVE-2017-16407", "CVE-2017-16395", "CVE-2017-16387", "CVE-2017-16396", "CVE-2017-16398", "CVE-2017-16386", "CVE-2017-16420", "CVE-2017-11293", "CVE-2017-16363", "CVE-2017-16412", "CVE-2017-16364", "CVE-2017-16374", "CVE-2017-16394", "CVE-2017-16390", "CVE-2017-11240", "CVE-2017-16399", "CVE-2017-16381", "CVE-2017-16414", "CVE-2017-16393", "CVE-2017-16379", "CVE-2017-16410", "CVE-2017-16382", "CVE-2017-16400", "CVE-2017-16362", "CVE-2017-11307", "CVE-2017-11253", "CVE-2017-16368", "CVE-2017-16419", "CVE-2017-16365", "CVE-2017-16402", "CVE-2017-16372", "CVE-2017-16373", "CVE-2017-16415", "CVE-2017-16403", "CVE-2017-16397", "CVE-2017-16417", "CVE-2017-16360", "CVE-2017-16416", "CVE-2017-16383", "CVE-2017-16369", "CVE-2017-16385", "CVE-2017-16384", "CVE-2017-16380", "CVE-2017-16401", "CVE-2017-16411", "CVE-2017-11250", "CVE-2017-16391", "CVE-2017-16389", "CVE-2017-16375", "CVE-2017-16388", "CVE-2017-16392", "CVE-2017-16405", "CVE-2017-16406", "CVE-2017-16366"], "lastseen": "2019-05-29T18:34:53", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "adobe", "idList": ["APSB17-36"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-0930", "CPAI-2017-0931", "CPAI-2017-0932", "CPAI-2017-0933", "CPAI-2017-0934", "CPAI-2017-0935", "CPAI-2017-0937", "CPAI-2017-0938", "CPAI-2017-0940", "CPAI-2017-0941", "CPAI-2017-0942", "CPAI-2017-0944", "CPAI-2017-0945", "CPAI-2017-0947", "CPAI-2017-0948", "CPAI-2017-0951", "CPAI-2017-0952", "CPAI-2017-0954", "CPAI-2017-0955", "CPAI-2017-0956", "CPAI-2017-0957", "CPAI-2017-0958", "CPAI-2017-0959", "CPAI-2017-0960", "CPAI-2017-0961", "CPAI-2017-0962", "CPAI-2017-0963", "CPAI-2017-0964", "CPAI-2017-0965", "CPAI-2017-0966", "CPAI-2017-0967", "CPAI-2017-0968", "CPAI-2017-0969", "CPAI-2017-0970", "CPAI-2017-0971", "CPAI-2017-0972", "CPAI-2017-0973", "CPAI-2017-0974", "CPAI-2017-0975", "CPAI-2017-0976", "CPAI-2017-0977", "CPAI-2017-0978", "CPAI-2017-0979", "CPAI-2017-0980", "CPAI-2017-0981", "CPAI-2017-0982", "CPAI-2017-0983", "CPAI-2017-0984", "CPAI-2017-0985", "CPAI-2017-0988", "CPAI-2017-0989", "CPAI-2017-0990", "CPAI-2017-0991", "CPAI-2017-0992", "CPAI-2017-0993", "CPAI-2017-0994", "CPAI-2017-0995", "CPAI-2018-0059"]}, {"type": "cve", "idList": ["CVE-2017-11240", "CVE-2017-11250", "CVE-2017-11253", "CVE-2017-11293", "CVE-2017-11306", "CVE-2017-11307", "CVE-2017-11308", "CVE-2017-16360", "CVE-2017-16361", "CVE-2017-16362", "CVE-2017-16363", "CVE-2017-16364", "CVE-2017-16365", "CVE-2017-16366", "CVE-2017-16367", "CVE-2017-16368", "CVE-2017-16369", "CVE-2017-16370", "CVE-2017-16371", "CVE-2017-16372", "CVE-2017-16373", "CVE-2017-16374", "CVE-2017-16375", "CVE-2017-16376", "CVE-2017-16377", "CVE-2017-16378", "CVE-2017-16379", "CVE-2017-16380", "CVE-2017-16381", "CVE-2017-16382", "CVE-2017-16383", "CVE-2017-16384", "CVE-2017-16385", "CVE-2017-16386", "CVE-2017-16387", "CVE-2017-16388", "CVE-2017-16389", "CVE-2017-16390", "CVE-2017-16391", "CVE-2017-16392", "CVE-2017-16393", "CVE-2017-16394", "CVE-2017-16395", "CVE-2017-16396", "CVE-2017-16397", "CVE-2017-16398", "CVE-2017-16399", "CVE-2017-16400", "CVE-2017-16401", "CVE-2017-16402", "CVE-2017-16403", "CVE-2017-16404", "CVE-2017-16405", "CVE-2017-16406", "CVE-2017-16407", "CVE-2017-16408", "CVE-2017-16409", "CVE-2017-16410", "CVE-2017-16411", "CVE-2017-16412", "CVE-2017-16413", "CVE-2017-16414", "CVE-2017-16415", "CVE-2017-16416", "CVE-2017-16417", "CVE-2017-16418", "CVE-2017-16419", "CVE-2017-16420"]}, {"type": "kaspersky", "idList": ["KLA11138"]}, {"type": "nessus", "idList": ["ADOBE_ACROBAT_APSB17-36.NASL", "ADOBE_READER_APSB17-36.NASL", "MACOSX_ADOBE_ACROBAT_APSB17-36.NASL", "MACOSX_ADOBE_READER_APSB17-36.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310811342", "OPENVAS:1361412562310811344", "OPENVAS:1361412562310811353", "OPENVAS:1361412562310812961", "OPENVAS:1361412562310812962", "OPENVAS:1361412562310812963", "OPENVAS:1361412562310812964", "OPENVAS:1361412562310812965", "OPENVAS:1361412562310812966", "OPENVAS:1361412562310812967", "OPENVAS:1361412562310812968", "OPENVAS:1361412562310812969", "OPENVAS:1361412562310812970"]}, {"type": "symantec", "idList": ["SMNTC-101820"]}, {"type": "talos", "idList": ["TALOS-2017-0356"]}, {"type": "talosblog", "idList": ["TALOSBLOG:A69C35FFFCE6FA744216C7784C7D2148"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:A301F14EC6B3344991D5A39F51329164"]}, {"type": "zdi", "idList": ["ZDI-17-1011", "ZDI-17-1012", "ZDI-17-1013", "ZDI-17-899", "ZDI-17-900", "ZDI-17-901", "ZDI-17-902", "ZDI-17-903", "ZDI-17-904", "ZDI-17-905", "ZDI-17-906", "ZDI-17-907", "ZDI-17-908", "ZDI-17-909", "ZDI-17-910", "ZDI-17-927", "ZDI-17-941", "ZDI-18-157", "ZDI-18-177", "ZDI-18-197", "ZDI-18-198", "ZDI-18-200", "ZDI-18-201", "ZDI-18-202", "ZDI-18-203", "ZDI-18-204", "ZDI-18-205", "ZDI-18-217"]}], "rev": 4}, "score": {"value": 8.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "adobe", "idList": ["APSB17-36"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0059"]}, {"type": "cve", "idList": ["CVE-2017-11293", "CVE-2017-16360", "CVE-2017-16361", "CVE-2017-16362", "CVE-2017-16363", "CVE-2017-16364", "CVE-2017-16365", "CVE-2017-16366", "CVE-2017-16367", "CVE-2017-16368", "CVE-2017-16369", "CVE-2017-16370", "CVE-2017-16371", "CVE-2017-16372", "CVE-2017-16373", "CVE-2017-16374", "CVE-2017-16375", "CVE-2017-16376", "CVE-2017-16377", "CVE-2017-16378", "CVE-2017-16379", "CVE-2017-16380", "CVE-2017-16381", "CVE-2017-16382", "CVE-2017-16383", "CVE-2017-16384", "CVE-2017-16385", "CVE-2017-16386", "CVE-2017-16387", "CVE-2017-16388", "CVE-2017-16389", "CVE-2017-16390", "CVE-2017-16391", "CVE-2017-16392", "CVE-2017-16393", "CVE-2017-16394", "CVE-2017-16395", "CVE-2017-16396", "CVE-2017-16397", "CVE-2017-16398", "CVE-2017-16399", "CVE-2017-16400", "CVE-2017-16401", "CVE-2017-16402", "CVE-2017-16403", "CVE-2017-16404", "CVE-2017-16405", "CVE-2017-16406", "CVE-2017-16407", "CVE-2017-16408", "CVE-2017-16409", "CVE-2017-16410", "CVE-2017-16411", "CVE-2017-16412", "CVE-2017-16413", "CVE-2017-16414", "CVE-2017-16415", "CVE-2017-16416", "CVE-2017-16417", "CVE-2017-16418", "CVE-2017-16419", "CVE-2017-16420"]}, {"type": "kaspersky", "idList": ["KLA11138"]}, {"type": "nessus", "idList": ["ADOBE_ACROBAT_APSB17-36.NASL", "ADOBE_READER_APSB17-36.NASL", "MACOSX_ADOBE_ACROBAT_APSB17-36.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310811342", "OPENVAS:1361412562310811344", "OPENVAS:1361412562310811353"]}, {"type": "talos", "idList": ["TALOS-2017-0356"]}, {"type": "talosblog", "idList": ["TALOSBLOG:A69C35FFFCE6FA744216C7784C7D2148"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:A301F14EC6B3344991D5A39F51329164"]}, {"type": "zdi", "idList": ["ZDI-17-899", "ZDI-17-900", "ZDI-17-901", "ZDI-17-902", "ZDI-17-903", "ZDI-17-904", "ZDI-17-905", "ZDI-17-906", "ZDI-17-907", "ZDI-17-908", "ZDI-17-909", "ZDI-17-910", "ZDI-17-927", "ZDI-17-941"]}]}, "exploitation": null, "vulnersScore": 8.7}, "pluginID": "1361412562310811343", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat Security Updates(apsb17-36)-Windows\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811343\");\n script_version(\"2019-05-17T13:14:58+0000\");\n script_cve_id(\"CVE-2017-16377\", \"CVE-2017-16378\", \"CVE-2017-16360\", \"CVE-2017-16388\",\n\t\t\"CVE-2017-16389\", \"CVE-2017-16390\", \"CVE-2017-16393\", \"CVE-2017-16398\",\n\t\t\"CVE-2017-16381\", \"CVE-2017-16385\", \"CVE-2017-16392\", \"CVE-2017-16395\",\n\t\t\"CVE-2017-16396\", \"CVE-2017-16363\", \"CVE-2017-16365\", \"CVE-2017-16374\",\n\t\t\"CVE-2017-16384\", \"CVE-2017-16386\", \"CVE-2017-16387\", \"CVE-2017-16368\",\n\t\t\"CVE-2017-16383\", \"CVE-2017-16391\", \"CVE-2017-16410\", \"CVE-2017-16362\",\n\t\t\"CVE-2017-16370\", \"CVE-2017-16376\", \"CVE-2017-16382\", \"CVE-2017-16394\",\n\t\t\"CVE-2017-16397\", \"CVE-2017-16399\", \"CVE-2017-16400\", \"CVE-2017-16401\",\n\t\t\"CVE-2017-16402\", \"CVE-2017-16403\", \"CVE-2017-16404\", \"CVE-2017-16405\",\n\t\t\"CVE-2017-16408\", \"CVE-2017-16409\", \"CVE-2017-16412\", \"CVE-2017-16414\",\n\t\t\"CVE-2017-16417\", \"CVE-2017-16418\", \"CVE-2017-16420\", \"CVE-2017-11293\",\n\t\t\"CVE-2017-16407\", \"CVE-2017-16413\", \"CVE-2017-16415\", \"CVE-2017-16416\",\n\t\t\"CVE-2017-16361\", \"CVE-2017-16366\", \"CVE-2017-16369\", \"CVE-2017-16380\",\n\t\t\"CVE-2017-16419\", \"CVE-2017-16367\", \"CVE-2017-16379\", \"CVE-2017-16406\",\n\t\t\"CVE-2017-16364\", \"CVE-2017-16371\", \"CVE-2017-16372\", \"CVE-2017-16373\",\n\t\t\"CVE-2017-16375\", \"CVE-2017-16411\", \"CVE-2017-11307\", \"CVE-2017-11308\",\n \"CVE-2017-11240\", \"CVE-2017-11250\", \"CVE-2017-11306\", \"CVE-2017-11253\");\n script_bugtraq_id(101821, 101818, 101831, 101824, 101816, 101823, 101819, 101812,\n 101830, 101820, 101814, 101817, 101815, 101813);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 13:14:58 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-11-16 11:56:52 +0530 (Thu, 16 Nov 2017)\");\n script_name(\"Adobe Acrobat Security Updates(apsb17-36)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Two access of uninitialized point vulnerabilities that could result in\n remote could execution,\n\n - Six use after free vulnerabilities that could result in remote code execution.\n\n - Five buffer access with incorrect length value vulnerabilities that could\n result in remote code execution.\n\n - Six buffer over-read vulnerabilities that could result in remote code\n execution.\n\n - A buffer overflow vulnerability that could result in remote code execution.\n\n - A heap overflow vulnerability that could result in remote code execution.\n\n - Two improper validation of array index vulnerabilities that could result\n in remote code execution.\n\n - Multiple out-of-bounds read vulnerabilities that could result in remote code\n execution.\n\n - Four out-of-bounds write vulnerabilities that could result in remote code\n execution.\n\n - Two security bypass vulnerabilities that could result in drive-by-downloads.\n\n - A security bypass vulnerability that could result in information disclosure.\n\n - A security bypass vulnerability that could result in remote code execution.\n\n - A stack exhaustion vulnerability that could result in excessive resource\n consumption.\n\n - Three type confusion vulnerabilities that could result in remote code\n execution.\n\n - Six untrusted pointer dereference vulnerabilities that could result in remote\n code execution.\n\n - For more details, refer the reference links mentioned.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code in the context of the application.\n Failed attacks may cause a denial-of-service condition. Also attackers will be\n able to gain access to potentially sensitive information, get excessive resource\n consumption and get unintentional downloads of malicious software.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat version 11.x before 11.0.23 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat version 11.0.23 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-36.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/Win/Installed\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nreaderVer = infos['version'];\nInstallPath = infos['location'];\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.22\"))\n{\n report = report_fixed_ver(installed_version:readerVer, fixed_version:\"11.0.23\", install_path:InstallPath);\n security_message(data:report);\n exit(0);\n}\n", "naslFamily": "General", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}
{"kaspersky": [{"lastseen": "2021-12-23T00:00:02", "description": "### *Detect date*:\n11/14/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Adobe Acrobat and Adobe Reader. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service or bypass security restrictions.\n\n### *Affected products*:\nAdobe Reader XI 11.0.22 and earlier versions \nAdobe Acrobat XI 11.0.22 and earlier versions \nAdobe Acrobat 2017 2017.011.30066 and earlier versions \nAdobe Acrobat Reader 2017 2017.011.30066 and earlier versions \nAdobe Acrobat DC Classic 2015.006.30355 and earlier versions \nAdobe Acrobat DC Continuous 2017.012.20098 and earlier versions \nAdobe Acrobat Reader DC Classic 2015.006.30355 and earlier versions \nAdobe Acrobat Reader DC Continuous 2017.012.20098 and earlier versions\n\n### *Solution*:\nUpdate to the latest versions \n[Get Adobe Reader](<https://get.adobe.com/reader/?loc=ru>)\n\n### *Original advisories*:\n[Adobe Security Bulletin](<https://helpx.adobe.com/security/products/acrobat/apsb17-36.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Reader](<https://threats.kaspersky.com/en/product/Adobe-Reader/>)\n\n### *CVE-IDS*:\n[CVE-2017-16364](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16364>)9.3Critical \n[CVE-2017-16371](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16371>)9.3Critical \n[CVE-2017-16372](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16372>)9.3Critical \n[CVE-2017-16373](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16373>)9.3Critical \n[CVE-2017-16375](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16375>)9.3Critical \n[CVE-2017-16411](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16411>)9.3Critical \n[CVE-2017-16377](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16377>)9.3Critical \n[CVE-2017-16378](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16378>)9.3Critical \n[CVE-2017-16360](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16360>)9.3Critical \n[CVE-2017-16388](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16388>)9.3Critical \n[CVE-2017-16389](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16389>)9.3Critical \n[CVE-2017-16390](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16390>)9.3Critical \n[CVE-2017-16393](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16393>)9.3Critical \n[CVE-2017-16398](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16398>)9.3Critical \n[CVE-2017-16381](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16381>)9.3Critical \n[CVE-2017-16385](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16385>)9.3Critical \n[CVE-2017-16392](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16392>)9.3Critical \n[CVE-2017-16395](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16395>)9.3Critical \n[CVE-2017-16396](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16396>)9.3Critical \n[CVE-2017-16363](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16363>)9.3Critical \n[CVE-2017-16365](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16365>)9.3Critical \n[CVE-2017-16374](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16374>)9.3Critical \n[CVE-2017-16384](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16384>)9.3Critical \n[CVE-2017-16386](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16386>)9.3Critical \n[CVE-2017-16387](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16387>)9.3Critical \n[CVE-2017-16368](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16368>)9.3Critical \n[CVE-2017-16383](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16383>)9.3Critical \n[CVE-2017-16391](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16391>)9.3Critical \n[CVE-2017-16410](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16410>)9.3Critical \n[CVE-2017-16362](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16362>)9.3Critical \n[CVE-2017-16370](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16370>)9.3Critical \n[CVE-2017-16376](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16376>)9.3Critical \n[CVE-2017-16382](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16382>)9.3Critical \n[CVE-2017-16394](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16394>)9.3Critical \n[CVE-2017-16397](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16397>)9.3Critical \n[CVE-2017-16399](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16399>)9.3Critical \n[CVE-2017-16400](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16400>)9.3Critical \n[CVE-2017-16401](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16401>)9.3Critical \n[CVE-2017-16402](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16402>)9.3Critical \n[CVE-2017-16403](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16403>)9.3Critical \n[CVE-2017-16404](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16404>)9.3Critical \n[CVE-2017-16405](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16405>)9.3Critical \n[CVE-2017-16408](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16408>)9.3Critical \n[CVE-2017-16409](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16409>)9.3Critical \n[CVE-2017-16412](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16412>)9.3Critical \n[CVE-2017-16414](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16414>)9.3Critical \n[CVE-2017-16417](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16417>)9.3Critical \n[CVE-2017-16418](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16418>)9.3Critical \n[CVE-2017-16420](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16420>)9.3Critical \n[CVE-2017-16407](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16407>)9.3Critical \n[CVE-2017-16413](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16413>)9.3Critical \n[CVE-2017-16415](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16415>)9.3Critical \n[CVE-2017-16416](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16416>)9.3Critical \n[CVE-2017-16361](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16361>)4.3Warning \n[CVE-2017-16366](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16366>)5.0Critical \n[CVE-2017-16369](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16369>)4.3Warning \n[CVE-2017-16380](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16380>)9.3Critical \n[CVE-2017-16419](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16419>)4.3Warning \n[CVE-2017-16367](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16367>)9.3Critical \n[CVE-2017-16379](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16379>)9.3Critical \n[CVE-2017-16406](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16406>)9.3Critical\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "kaspersky", "title": "KLA11138 Multiple vulnerabilities in Adobe Acrobat&Reader", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16360", "CVE-2017-16361", "CVE-2017-16362", "CVE-2017-16363", "CVE-2017-16364", "CVE-2017-16365", "CVE-2017-16366", "CVE-2017-16367", "CVE-2017-16368", "CVE-2017-16369", "CVE-2017-16370", "CVE-2017-16371", "CVE-2017-16372", "CVE-2017-16373", "CVE-2017-16374", "CVE-2017-16375", "CVE-2017-16376", "CVE-2017-16377", "CVE-2017-16378", "CVE-2017-16379", "CVE-2017-16380", "CVE-2017-16381", "CVE-2017-16382", "CVE-2017-16383", "CVE-2017-16384", "CVE-2017-16385", "CVE-2017-16386", "CVE-2017-16387", "CVE-2017-16388", "CVE-2017-16389", "CVE-2017-16390", "CVE-2017-16391", "CVE-2017-16392", "CVE-2017-16393", "CVE-2017-16394", "CVE-2017-16395", "CVE-2017-16396", "CVE-2017-16397", "CVE-2017-16398", "CVE-2017-16399", "CVE-2017-16400", "CVE-2017-16401", "CVE-2017-16402", "CVE-2017-16403", "CVE-2017-16404", "CVE-2017-16405", "CVE-2017-16406", "CVE-2017-16407", "CVE-2017-16408", "CVE-2017-16409", "CVE-2017-16410", "CVE-2017-16411", "CVE-2017-16412", "CVE-2017-16413", "CVE-2017-16414", "CVE-2017-16415", "CVE-2017-16416", "CVE-2017-16417", "CVE-2017-16418", "CVE-2017-16419", "CVE-2017-16420"], "modified": "2020-06-18T00:00:00", "id": "KLA11138", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11138/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-07-17T14:17:46", "description": "This host is installed with Adobe Acrobat DC\n (Continuous Track) and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-03-06T00:00:00", "type": "openvas", "title": "Adobe Acrobat DC (Continuous Track) Multiple Vulnerabilities (apsb17-36) - Mac OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16367", "CVE-2017-16377", "CVE-2017-11308", "CVE-2017-16361", "CVE-2017-16378", "CVE-2017-16404", "CVE-2017-16409", "CVE-2017-11306", "CVE-2017-16418", "CVE-2017-16370", "CVE-2017-16413", "CVE-2017-16371", "CVE-2017-16376", "CVE-2017-16408", "CVE-2017-16407", "CVE-2017-16395", "CVE-2017-16387", "CVE-2017-16396", "CVE-2017-16398", "CVE-2017-16386", "CVE-2017-16420", "CVE-2017-11293", "CVE-2017-16363", "CVE-2017-16412", "CVE-2017-16364", "CVE-2017-16374", "CVE-2017-16394", "CVE-2017-16390", "CVE-2017-11240", "CVE-2017-16399", "CVE-2017-16381", "CVE-2017-16414", "CVE-2017-16393", "CVE-2017-16379", "CVE-2017-16410", "CVE-2017-16382", "CVE-2017-16400", "CVE-2017-16362", "CVE-2017-11307", "CVE-2017-11253", "CVE-2017-16368", "CVE-2017-16419", "CVE-2017-16365", "CVE-2017-16402", "CVE-2017-16372", "CVE-2017-16373", "CVE-2017-16415", "CVE-2017-16403", "CVE-2017-16397", "CVE-2017-16417", "CVE-2017-16360", "CVE-2017-16416", "CVE-2017-16383", "CVE-2017-16369", "CVE-2017-16385", "CVE-2017-16384", "CVE-2017-16380", "CVE-2017-16401", "CVE-2017-16411", "CVE-2017-11250", "CVE-2017-16391", "CVE-2017-16389", "CVE-2017-16375", "CVE-2017-16388", "CVE-2017-16392", "CVE-2017-16405", "CVE-2017-16406", "CVE-2017-16366"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310812970", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812970", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat DC (Continuous Track) Multiple Vulnerabilities-apsb17-36 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_dc_continuous\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812970\");\n script_version(\"2019-07-05T08:21:18+0000\");\n script_cve_id(\"CVE-2017-16377\", \"CVE-2017-16378\", \"CVE-2017-16360\", \"CVE-2017-16388\",\n\t\t\"CVE-2017-16389\", \"CVE-2017-16390\", \"CVE-2017-16393\", \"CVE-2017-16398\",\n\t\t\"CVE-2017-16381\", \"CVE-2017-16385\", \"CVE-2017-16392\", \"CVE-2017-16395\",\n\t\t\"CVE-2017-16396\", \"CVE-2017-16363\", \"CVE-2017-16365\", \"CVE-2017-16374\",\n\t\t\"CVE-2017-16384\", \"CVE-2017-16386\", \"CVE-2017-16387\", \"CVE-2017-16368\",\n\t\t\"CVE-2017-16383\", \"CVE-2017-16391\", \"CVE-2017-16410\", \"CVE-2017-16362\",\n\t\t\"CVE-2017-16370\", \"CVE-2017-16376\", \"CVE-2017-16382\", \"CVE-2017-16394\",\n\t\t\"CVE-2017-16397\", \"CVE-2017-16399\", \"CVE-2017-16400\", \"CVE-2017-16401\",\n\t\t\"CVE-2017-16402\", \"CVE-2017-16403\", \"CVE-2017-16404\", \"CVE-2017-16405\",\n\t\t\"CVE-2017-16408\", \"CVE-2017-16409\", \"CVE-2017-16412\", \"CVE-2017-16414\",\n\t\t\"CVE-2017-16417\", \"CVE-2017-16418\", \"CVE-2017-16420\", \"CVE-2017-11293\",\n\t\t\"CVE-2017-16407\", \"CVE-2017-16413\", \"CVE-2017-16415\", \"CVE-2017-16416\",\n\t\t\"CVE-2017-16361\", \"CVE-2017-16366\", \"CVE-2017-16369\", \"CVE-2017-16380\",\n\t\t\"CVE-2017-16419\", \"CVE-2017-16367\", \"CVE-2017-16379\", \"CVE-2017-16406\",\n\t\t\"CVE-2017-16364\", \"CVE-2017-16371\", \"CVE-2017-16372\", \"CVE-2017-16373\",\n\t\t\"CVE-2017-16375\", \"CVE-2017-16411\", \"CVE-2017-11307\", \"CVE-2017-11308\",\n \"CVE-2017-11240\", \"CVE-2017-11250\", \"CVE-2017-11306\", \"CVE-2017-11253\");\n script_bugtraq_id(101821, 101818, 101831, 101824, 101816, 101823, 101819, 101812,\n 101830, 101820, 101814, 101817, 101815, 101813);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:21:18 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-06 13:02:47 +0530 (Tue, 06 Mar 2018)\");\n script_name(\"Adobe Acrobat DC (Continuous Track) Multiple Vulnerabilities (apsb17-36) - Mac OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat DC\n (Continuous Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Two access of uninitialized point vulnerabilities that could result in\n remote could execution,\n\n - Six use after free vulnerabilities that could result in remote code execution.\n\n - Five buffer access with incorrect length value vulnerabilities that could\n result in remote code execution.\n\n - Six buffer over-read vulnerabilities that could result in remote code\n execution.\n\n - A buffer overflow vulnerability that could result in remote code execution.\n\n - A heap overflow vulnerability that could result in remote code execution.\n\n - Two improper validation of array index vulnerabilities that could result\n in remote code execution.\n\n - Multiple out-of-bounds read vulnerabilities that could result in remote code\n execution.\n\n - Four out-of-bounds write vulnerabilities that could result in remote code\n execution.\n\n - Two security bypass vulnerabilities that could result in drive-by-downloads.\n\n - A security bypass vulnerability that could result in information disclosure.\n\n - A security bypass vulnerability that could result in remote code execution.\n\n - A stack exhaustion vulnerability that could result in excessive resource\n consumption.\n\n - Three type confusion vulnerabilities that could result in remote code\n execution.\n\n - Six untrusted pointer dereference vulnerabilities that could result in remote\n code execution.\n\n - For more details, refer the reference links mentioned.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code in the context of the application.\n Failed attacks may cause a denial-of-service condition. Also attackers will be\n able to gain access to potentially sensitive information, get excessive resource\n consumption and get unintentional download of malicious software.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat DC (Continuous Track)\n 2017.012.20098 and earlier versions on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat DC version\n 2018.009.20044 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-36.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_dc_cont_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/AcrobatDC/Continuous/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n##2018.009.20044 == 18.009.20044\nif(version_is_less(version:vers, test_version:\"18.009.20044\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"18.009.20044 (2018.009.20044)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:18:06", "description": "This host is installed with Adobe Acrobat 2017\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-03-06T00:00:00", "type": "openvas", "title": "Adobe Acrobat 2017 Multiple Vulnerabilities-apsb17-36 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16367", "CVE-2017-16377", "CVE-2017-11308", "CVE-2017-16361", "CVE-2017-16378", "CVE-2017-16404", "CVE-2017-16409", "CVE-2017-11306", "CVE-2017-16418", "CVE-2017-16370", "CVE-2017-16413", "CVE-2017-16371", "CVE-2017-16376", "CVE-2017-16408", "CVE-2017-16407", "CVE-2017-16395", "CVE-2017-16387", "CVE-2017-16396", "CVE-2017-16398", "CVE-2017-16386", "CVE-2017-16420", "CVE-2017-11293", "CVE-2017-16363", "CVE-2017-16412", "CVE-2017-16364", "CVE-2017-16374", "CVE-2017-16394", "CVE-2017-16390", "CVE-2017-11240", "CVE-2017-16399", "CVE-2017-16381", "CVE-2017-16414", "CVE-2017-16393", "CVE-2017-16379", "CVE-2017-16410", "CVE-2017-16382", "CVE-2017-16400", "CVE-2017-16362", "CVE-2017-11307", "CVE-2017-11253", "CVE-2017-16368", "CVE-2017-16419", "CVE-2017-16365", "CVE-2017-16402", "CVE-2017-16372", "CVE-2017-16373", "CVE-2017-16415", "CVE-2017-16403", "CVE-2017-16397", "CVE-2017-16417", "CVE-2017-16360", "CVE-2017-16416", "CVE-2017-16383", "CVE-2017-16369", "CVE-2017-16385", "CVE-2017-16384", "CVE-2017-16380", "CVE-2017-16401", "CVE-2017-16411", "CVE-2017-11250", "CVE-2017-16391", "CVE-2017-16389", "CVE-2017-16375", "CVE-2017-16388", "CVE-2017-16392", "CVE-2017-16405", "CVE-2017-16406", "CVE-2017-16366"], "modified": "2019-07-16T00:00:00", "id": "OPENVAS:1361412562310812961", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812961", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat 2017 Multiple Vulnerabilities-apsb17-36 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812961\");\n script_version(\"2019-07-16T10:51:36+0000\");\n script_cve_id(\"CVE-2017-16377\", \"CVE-2017-16378\", \"CVE-2017-16360\", \"CVE-2017-16388\",\n\t\t\"CVE-2017-16389\", \"CVE-2017-16390\", \"CVE-2017-16393\", \"CVE-2017-16398\",\n\t\t\"CVE-2017-16381\", \"CVE-2017-16385\", \"CVE-2017-16392\", \"CVE-2017-16395\",\n\t\t\"CVE-2017-16396\", \"CVE-2017-16363\", \"CVE-2017-16365\", \"CVE-2017-16374\",\n\t\t\"CVE-2017-16384\", \"CVE-2017-16386\", \"CVE-2017-16387\", \"CVE-2017-16368\",\n\t\t\"CVE-2017-16383\", \"CVE-2017-16391\", \"CVE-2017-16410\", \"CVE-2017-16362\",\n\t\t\"CVE-2017-16370\", \"CVE-2017-16376\", \"CVE-2017-16382\", \"CVE-2017-16394\",\n\t\t\"CVE-2017-16397\", \"CVE-2017-16399\", \"CVE-2017-16400\", \"CVE-2017-16401\",\n\t\t\"CVE-2017-16402\", \"CVE-2017-16403\", \"CVE-2017-16404\", \"CVE-2017-16405\",\n\t\t\"CVE-2017-16408\", \"CVE-2017-16409\", \"CVE-2017-16412\", \"CVE-2017-16414\",\n\t\t\"CVE-2017-16417\", \"CVE-2017-16418\", \"CVE-2017-16420\", \"CVE-2017-11293\",\n\t\t\"CVE-2017-16407\", \"CVE-2017-16413\", \"CVE-2017-16415\", \"CVE-2017-16416\",\n\t\t\"CVE-2017-16361\", \"CVE-2017-16366\", \"CVE-2017-16369\", \"CVE-2017-16380\",\n\t\t\"CVE-2017-16419\", \"CVE-2017-16367\", \"CVE-2017-16379\", \"CVE-2017-16406\",\n\t\t\"CVE-2017-16364\", \"CVE-2017-16371\", \"CVE-2017-16372\", \"CVE-2017-16373\",\n\t\t\"CVE-2017-16375\", \"CVE-2017-16411\", \"CVE-2017-11307\", \"CVE-2017-11308\",\n \"CVE-2017-11240\", \"CVE-2017-11250\", \"CVE-2017-11306\", \"CVE-2017-11253\");\n script_bugtraq_id(101821, 101818, 101831, 101824, 101816, 101823, 101819, 101812,\n 101830, 101820, 101814, 101817, 101815, 101813);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-16 10:51:36 +0000 (Tue, 16 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-06 11:59:24 +0530 (Tue, 06 Mar 2018)\");\n script_name(\"Adobe Acrobat 2017 Multiple Vulnerabilities-apsb17-36 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat 2017\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Two access of uninitialized point vulnerabilities that could result in\n remote could execution,\n\n - Six use after free vulnerabilities that could result in remote code execution.\n\n - Five buffer access with incorrect length value vulnerabilities that could\n result in remote code execution.\n\n - Six buffer over-read vulnerabilities that could result in remote code\n execution.\n\n - A buffer overflow vulnerability that could result in remote code execution.\n\n - A heap overflow vulnerability that could result in remote code execution.\n\n - Two improper validation of array index vulnerabilities that could result\n in remote code execution.\n\n - Multiple out-of-bounds read vulnerabilities that could result in remote code\n execution.\n\n - Four out-of-bounds write vulnerabilities that could result in remote code\n execution.\n\n - Two security bypass vulnerabilities that could result in drive-by-downloads.\n\n - A security bypass vulnerability that could result in information disclosure.\n\n - A security bypass vulnerability that could result in remote code execution.\n\n - A stack exhaustion vulnerability that could result in excessive resource\n consumption.\n\n - Three type confusion vulnerabilities that could result in remote code\n execution.\n\n - Six untrusted pointer dereference vulnerabilities that could result in remote\n code execution.\n\n - For more details, refer the reference links mentioned.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code in the context of the application.\n Failed attacks may cause a denial-of-service condition. Also attackers will be\n able to gain access to potentially sensitive information, get excessive resource\n consumption and get unintentional download of malicious software.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat 2017.011.30066 and earlier\n versions on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat 2017 version\n 2017.011.30068 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-36.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\n##2017.011.30068 == 17.011.30068\nif(version_in_range(version:vers, test_version:\"17.0\", test_version2:\"17.011.30067\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"17.011.30068 (2017.011.30068)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:18:09", "description": "This host is installed with Adobe Acrobat Reader\n 2017 and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-03-06T00:00:00", "type": "openvas", "title": "Adobe Acrobat Reader 2017 Multiple Vulnerabilities-apsb17-36 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16367", "CVE-2017-16377", "CVE-2017-11308", "CVE-2017-16361", "CVE-2017-16378", "CVE-2017-16404", "CVE-2017-16409", "CVE-2017-11306", "CVE-2017-16418", "CVE-2017-16370", "CVE-2017-16413", "CVE-2017-16371", "CVE-2017-16376", "CVE-2017-16408", "CVE-2017-16407", "CVE-2017-16395", "CVE-2017-16387", "CVE-2017-16396", "CVE-2017-16398", "CVE-2017-16386", "CVE-2017-16420", "CVE-2017-11293", "CVE-2017-16363", "CVE-2017-16412", "CVE-2017-16364", "CVE-2017-16374", "CVE-2017-16394", "CVE-2017-16390", "CVE-2017-11240", "CVE-2017-16399", "CVE-2017-16381", "CVE-2017-16414", "CVE-2017-16393", "CVE-2017-16379", "CVE-2017-16410", "CVE-2017-16382", "CVE-2017-16400", "CVE-2017-16362", "CVE-2017-11307", "CVE-2017-11253", "CVE-2017-16368", "CVE-2017-16419", "CVE-2017-16365", "CVE-2017-16402", "CVE-2017-16372", "CVE-2017-16373", "CVE-2017-16415", "CVE-2017-16403", "CVE-2017-16397", "CVE-2017-16417", "CVE-2017-16360", "CVE-2017-16416", "CVE-2017-16383", "CVE-2017-16369", "CVE-2017-16385", "CVE-2017-16384", "CVE-2017-16380", "CVE-2017-16401", "CVE-2017-16411", "CVE-2017-11250", "CVE-2017-16391", "CVE-2017-16389", "CVE-2017-16375", "CVE-2017-16388", "CVE-2017-16392", "CVE-2017-16405", "CVE-2017-16406", "CVE-2017-16366"], "modified": "2019-07-16T00:00:00", "id": "OPENVAS:1361412562310812963", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812963", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat Reader 2017 Multiple Vulnerabilities-apsb17-36 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812963\");\n script_version(\"2019-07-16T10:51:36+0000\");\n script_cve_id(\"CVE-2017-16377\", \"CVE-2017-16378\", \"CVE-2017-16360\", \"CVE-2017-16388\",\n\t\t\"CVE-2017-16389\", \"CVE-2017-16390\", \"CVE-2017-16393\", \"CVE-2017-16398\",\n\t\t\"CVE-2017-16381\", \"CVE-2017-16385\", \"CVE-2017-16392\", \"CVE-2017-16395\",\n\t\t\"CVE-2017-16396\", \"CVE-2017-16363\", \"CVE-2017-16365\", \"CVE-2017-16374\",\n\t\t\"CVE-2017-16384\", \"CVE-2017-16386\", \"CVE-2017-16387\", \"CVE-2017-16368\",\n\t\t\"CVE-2017-16383\", \"CVE-2017-16391\", \"CVE-2017-16410\", \"CVE-2017-16362\",\n\t\t\"CVE-2017-16370\", \"CVE-2017-16376\", \"CVE-2017-16382\", \"CVE-2017-16394\",\n\t\t\"CVE-2017-16397\", \"CVE-2017-16399\", \"CVE-2017-16400\", \"CVE-2017-16401\",\n\t\t\"CVE-2017-16402\", \"CVE-2017-16403\", \"CVE-2017-16404\", \"CVE-2017-16405\",\n\t\t\"CVE-2017-16408\", \"CVE-2017-16409\", \"CVE-2017-16412\", \"CVE-2017-16414\",\n\t\t\"CVE-2017-16417\", \"CVE-2017-16418\", \"CVE-2017-16420\", \"CVE-2017-11293\",\n\t\t\"CVE-2017-16407\", \"CVE-2017-16413\", \"CVE-2017-16415\", \"CVE-2017-16416\",\n\t\t\"CVE-2017-16361\", \"CVE-2017-16366\", \"CVE-2017-16369\", \"CVE-2017-16380\",\n\t\t\"CVE-2017-16419\", \"CVE-2017-16367\", \"CVE-2017-16379\", \"CVE-2017-16406\",\n\t\t\"CVE-2017-16364\", \"CVE-2017-16371\", \"CVE-2017-16372\", \"CVE-2017-16373\",\n\t\t\"CVE-2017-16375\", \"CVE-2017-16411\", \"CVE-2017-11307\", \"CVE-2017-11308\",\n \"CVE-2017-11240\", \"CVE-2017-11250\", \"CVE-2017-11306\", \"CVE-2017-11253\");\n script_bugtraq_id(101821, 101818, 101831, 101824, 101816, 101823, 101819, 101812,\n 101830, 101820, 101814, 101817, 101815, 101813);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-16 10:51:36 +0000 (Tue, 16 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-06 12:10:24 +0530 (Tue, 06 Mar 2018)\");\n script_name(\"Adobe Acrobat Reader 2017 Multiple Vulnerabilities-apsb17-36 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat Reader\n 2017 and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Two access of uninitialized point vulnerabilities that could result in\n remote could execution,\n\n - Six use after free vulnerabilities that could result in remote code execution.\n\n - Five buffer access with incorrect length value vulnerabilities that could\n result in remote code execution.\n\n - Six buffer over-read vulnerabilities that could result in remote code\n execution.\n\n - A buffer overflow vulnerability that could result in remote code execution.\n\n - A heap overflow vulnerability that could result in remote code execution.\n\n - Two improper validation of array index vulnerabilities that could result\n in remote code execution.\n\n - Multiple out-of-bounds read vulnerabilities that could result in remote code\n execution.\n\n - Four out-of-bounds write vulnerabilities that could result in remote code\n execution.\n\n - Two security bypass vulnerabilities that could result in drive-by-downloads.\n\n - A security bypass vulnerability that could result in information disclosure.\n\n - A security bypass vulnerability that could result in remote code execution.\n\n - A stack exhaustion vulnerability that could result in excessive resource\n consumption.\n\n - Three type confusion vulnerabilities that could result in remote code\n execution.\n\n - Six untrusted pointer dereference vulnerabilities that could result in remote\n code execution.\n\n - For more details, refer the reference links mentioned.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code in the context of the application.\n Failed attacks may cause a denial-of-service condition. Also attackers will be\n able to gain access to potentially sensitive information, get excessive resource\n consumption and get unintentional download of malicious software.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat Reader 2017.011.30066 and earlier\n versions on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat 2017 version\n 2017.011.30068 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-36.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Reader/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\n##2017.011.30068 == 17.011.30068\nif(version_in_range(version:vers, test_version:\"17.0\", test_version2:\"17.011.30067\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"17.011.30068 (2017.011.30068)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:24:05", "description": "This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-11-16T00:00:00", "type": "openvas", "title": "Adobe Reader Security Updates(apsb17-36)-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16367", "CVE-2017-16377", "CVE-2017-11308", "CVE-2017-16361", "CVE-2017-16378", "CVE-2017-16404", "CVE-2017-16409", "CVE-2017-11306", "CVE-2017-16418", "CVE-2017-16370", "CVE-2017-16413", "CVE-2017-16371", "CVE-2017-16376", "CVE-2017-16408", "CVE-2017-16407", "CVE-2017-16395", "CVE-2017-16387", "CVE-2017-16396", "CVE-2017-16398", "CVE-2017-16386", "CVE-2017-16420", "CVE-2017-11293", "CVE-2017-16363", "CVE-2017-16412", "CVE-2017-16364", "CVE-2017-16374", "CVE-2017-16394", "CVE-2017-16390", "CVE-2017-11240", "CVE-2017-16399", "CVE-2017-16381", "CVE-2017-16414", "CVE-2017-16393", "CVE-2017-16379", "CVE-2017-16410", "CVE-2017-16382", "CVE-2017-16400", "CVE-2017-16362", "CVE-2017-11307", "CVE-2017-11253", "CVE-2017-16368", "CVE-2017-16419", "CVE-2017-16365", "CVE-2017-16402", "CVE-2017-16372", "CVE-2017-16373", "CVE-2017-16415", "CVE-2017-16403", "CVE-2017-16397", "CVE-2017-16417", "CVE-2017-16360", "CVE-2017-16416", "CVE-2017-16383", "CVE-2017-16369", "CVE-2017-16385", "CVE-2017-16384", "CVE-2017-16380", "CVE-2017-16401", "CVE-2017-16411", "CVE-2017-11250", "CVE-2017-16391", "CVE-2017-16389", "CVE-2017-16375", "CVE-2017-16388", "CVE-2017-16392", "CVE-2017-16405", "CVE-2017-16406", "CVE-2017-16366"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310811342", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811342", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Reader Security Updates(apsb17-36)-MAC OS X\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811342\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2017-16377\", \"CVE-2017-16378\", \"CVE-2017-16360\", \"CVE-2017-16388\",\n \"CVE-2017-16389\", \"CVE-2017-16390\", \"CVE-2017-16393\", \"CVE-2017-16398\",\n \"CVE-2017-16381\", \"CVE-2017-16385\", \"CVE-2017-16392\", \"CVE-2017-16395\",\n \"CVE-2017-16396\", \"CVE-2017-16363\", \"CVE-2017-16365\", \"CVE-2017-16374\",\n \"CVE-2017-16384\", \"CVE-2017-16386\", \"CVE-2017-16387\", \"CVE-2017-16368\",\n \"CVE-2017-16383\", \"CVE-2017-16391\", \"CVE-2017-16410\", \"CVE-2017-16362\",\n \"CVE-2017-16370\", \"CVE-2017-16376\", \"CVE-2017-16382\", \"CVE-2017-16394\",\n \"CVE-2017-16397\", \"CVE-2017-16399\", \"CVE-2017-16400\", \"CVE-2017-16401\",\n \"CVE-2017-16402\", \"CVE-2017-16403\", \"CVE-2017-16404\", \"CVE-2017-16405\",\n \"CVE-2017-16408\", \"CVE-2017-16409\", \"CVE-2017-16412\", \"CVE-2017-16414\",\n \"CVE-2017-16417\", \"CVE-2017-16418\", \"CVE-2017-16420\", \"CVE-2017-11293\",\n \"CVE-2017-16407\", \"CVE-2017-16413\", \"CVE-2017-16415\", \"CVE-2017-16416\",\n \"CVE-2017-16361\", \"CVE-2017-16366\", \"CVE-2017-16369\", \"CVE-2017-16380\",\n \"CVE-2017-16419\", \"CVE-2017-16367\", \"CVE-2017-16379\", \"CVE-2017-16406\",\n \"CVE-2017-16364\", \"CVE-2017-16371\", \"CVE-2017-16372\", \"CVE-2017-16373\",\n \"CVE-2017-16375\", \"CVE-2017-16411\", \"CVE-2017-11307\", \"CVE-2017-11308\",\n \"CVE-2017-11240\", \"CVE-2017-11250\", \"CVE-2017-11306\", \"CVE-2017-11253\");\n script_bugtraq_id(101821, 101818, 101831, 101824, 101816, 101823, 101819, 101812,\n 101830, 101820, 101814, 101817, 101815, 101813);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-11-16 11:56:52 +0530 (Thu, 16 Nov 2017)\");\n script_name(\"Adobe Reader Security Updates(apsb17-36)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Two access of uninitialized point vulnerabilities that could result in\n remote could execution,\n\n - Six use after free vulnerabilities that could result in remote code execution.\n\n - Five buffer access with incorrect length value vulnerabilities that could\n result in remote code execution.\n\n - Six buffer over-read vulnerabilities that could result in remote code\n execution.\n\n - A buffer overflow vulnerability that could result in remote code execution.\n\n - A heap overflow vulnerability that could result in remote code execution.\n\n - Two improper validation of array index vulnerabilities that could result\n in remote code execution.\n\n - Multiple out-of-bounds read vulnerabilities that could result in remote code\n execution.\n\n - Four out-of-bounds write vulnerabilities that could result in remote code\n execution.\n\n - Two security bypass vulnerabilities that could result in drive-by-downloads.\n\n - A security bypass vulnerability that could result in information disclosure.\n\n - A security bypass vulnerability that could result in remote code execution.\n\n - A stack exhaustion vulnerability that could result in excessive resource\n consumption.\n\n - Three type confusion vulnerabilities that could result in remote code\n execution.\n\n - Six untrusted pointer dereference vulnerabilities that could result in remote\n code execution.\n\n - For more details, refer the reference links mentioned.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code in the context of the application.\n Failed attacks may cause a denial-of-service condition. Also attackers will be\n able to gain access to potentially sensitive information, get excessive resource\n consumption and get unintentional downloads of malicious software.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader version 11.x before 11.0.23 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader version 11.0.23 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-36.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Reader/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nreaderVer = infos['version'];\nInstallPath = infos['location'];\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.22\"))\n{\n report = report_fixed_ver(installed_version:readerVer, fixed_version:\"11.0.23\", install_path:InstallPath);\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:17:40", "description": "This host is installed with Adobe Acrobat Reader\n DC (Classic Track) and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-03-06T00:00:00", "type": "openvas", "title": "Adobe Acrobat Reader DC (Classic Track) Multiple Vulnerabilities (apsb17-36) - Mac OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16367", "CVE-2017-16377", "CVE-2017-11308", "CVE-2017-16361", "CVE-2017-16378", "CVE-2017-16404", "CVE-2017-16409", "CVE-2017-11306", "CVE-2017-16418", "CVE-2017-16370", "CVE-2017-16413", "CVE-2017-16371", "CVE-2017-16376", "CVE-2017-16408", "CVE-2017-16407", "CVE-2017-16395", "CVE-2017-16387", "CVE-2017-16396", "CVE-2017-16398", "CVE-2017-16386", "CVE-2017-16420", "CVE-2017-11293", "CVE-2017-16363", "CVE-2017-16412", "CVE-2017-16364", "CVE-2017-16374", "CVE-2017-16394", "CVE-2017-16390", "CVE-2017-11240", "CVE-2017-16399", "CVE-2017-16381", "CVE-2017-16414", "CVE-2017-16393", "CVE-2017-16379", "CVE-2017-16410", "CVE-2017-16382", "CVE-2017-16400", "CVE-2017-16362", "CVE-2017-11307", "CVE-2017-11253", "CVE-2017-16368", "CVE-2017-16419", "CVE-2017-16365", "CVE-2017-16402", "CVE-2017-16372", "CVE-2017-16373", "CVE-2017-16415", "CVE-2017-16403", "CVE-2017-16397", "CVE-2017-16417", "CVE-2017-16360", "CVE-2017-16416", "CVE-2017-16383", "CVE-2017-16369", "CVE-2017-16385", "CVE-2017-16384", "CVE-2017-16380", "CVE-2017-16401", "CVE-2017-16411", "CVE-2017-11250", "CVE-2017-16391", "CVE-2017-16389", "CVE-2017-16375", "CVE-2017-16388", "CVE-2017-16392", "CVE-2017-16405", "CVE-2017-16406", "CVE-2017-16366"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310812968", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812968", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat Reader DC (Classic Track) Multiple Vulnerabilities-apsb17-36 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader_dc_classic\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812968\");\n script_version(\"2019-07-05T08:21:18+0000\");\n script_cve_id(\"CVE-2017-16377\", \"CVE-2017-16378\", \"CVE-2017-16360\", \"CVE-2017-16388\",\n\t\t\"CVE-2017-16389\", \"CVE-2017-16390\", \"CVE-2017-16393\", \"CVE-2017-16398\",\n\t\t\"CVE-2017-16381\", \"CVE-2017-16385\", \"CVE-2017-16392\", \"CVE-2017-16395\",\n\t\t\"CVE-2017-16396\", \"CVE-2017-16363\", \"CVE-2017-16365\", \"CVE-2017-16374\",\n\t\t\"CVE-2017-16384\", \"CVE-2017-16386\", \"CVE-2017-16387\", \"CVE-2017-16368\",\n\t\t\"CVE-2017-16383\", \"CVE-2017-16391\", \"CVE-2017-16410\", \"CVE-2017-16362\",\n\t\t\"CVE-2017-16370\", \"CVE-2017-16376\", \"CVE-2017-16382\", \"CVE-2017-16394\",\n\t\t\"CVE-2017-16397\", \"CVE-2017-16399\", \"CVE-2017-16400\", \"CVE-2017-16401\",\n\t\t\"CVE-2017-16402\", \"CVE-2017-16403\", \"CVE-2017-16404\", \"CVE-2017-16405\",\n\t\t\"CVE-2017-16408\", \"CVE-2017-16409\", \"CVE-2017-16412\", \"CVE-2017-16414\",\n\t\t\"CVE-2017-16417\", \"CVE-2017-16418\", \"CVE-2017-16420\", \"CVE-2017-11293\",\n\t\t\"CVE-2017-16407\", \"CVE-2017-16413\", \"CVE-2017-16415\", \"CVE-2017-16416\",\n\t\t\"CVE-2017-16361\", \"CVE-2017-16366\", \"CVE-2017-16369\", \"CVE-2017-16380\",\n\t\t\"CVE-2017-16419\", \"CVE-2017-16367\", \"CVE-2017-16379\", \"CVE-2017-16406\",\n\t\t\"CVE-2017-16364\", \"CVE-2017-16371\", \"CVE-2017-16372\", \"CVE-2017-16373\",\n\t\t\"CVE-2017-16375\", \"CVE-2017-16411\", \"CVE-2017-11307\", \"CVE-2017-11308\",\n \"CVE-2017-11240\", \"CVE-2017-11250\", \"CVE-2017-11306\", \"CVE-2017-11253\");\n script_bugtraq_id(101821, 101818, 101831, 101824, 101816, 101823, 101819, 101812,\n 101830, 101820, 101814, 101817, 101815, 101813);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:21:18 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-06 12:52:14 +0530 (Tue, 06 Mar 2018)\");\n script_name(\"Adobe Acrobat Reader DC (Classic Track) Multiple Vulnerabilities (apsb17-36) - Mac OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat Reader\n DC (Classic Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Two access of uninitialized point vulnerabilities that could result in\n remote could execution,\n\n - Six use after free vulnerabilities that could result in remote code execution.\n\n - Five buffer access with incorrect length value vulnerabilities that could\n result in remote code execution.\n\n - Six buffer over-read vulnerabilities that could result in remote code\n execution.\n\n - A buffer overflow vulnerability that could result in remote code execution.\n\n - A heap overflow vulnerability that could result in remote code execution.\n\n - Two improper validation of array index vulnerabilities that could result\n in remote code execution.\n\n - Multiple out-of-bounds read vulnerabilities that could result in remote code\n execution.\n\n - Four out-of-bounds write vulnerabilities that could result in remote code\n execution.\n\n - Two security bypass vulnerabilities that could result in drive-by-downloads.\n\n - A security bypass vulnerability that could result in information disclosure.\n\n - A security bypass vulnerability that could result in remote code execution.\n\n - A stack exhaustion vulnerability that could result in excessive resource\n consumption.\n\n - Three type confusion vulnerabilities that could result in remote code\n execution.\n\n - Six untrusted pointer dereference vulnerabilities that could result in remote\n code execution.\n\n - For more details, refer the reference links mentioned.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code in the context of the application.\n Failed attacks may cause a denial-of-service condition. Also attackers will be\n able to gain access to potentially sensitive information, get excessive resource\n consumption and get unintentional download of malicious software.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat Reader DC (Classic Track)\n 2015.006.30355 and earlier versions on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat DC (Classic Track)\n version 2015.006.30392 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-36.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_reader_dc_classic_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/ReaderDC/Classic/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n##2015.006.30392 == 15.006.30392\nif(version_is_less(version:vers, test_version:\"15.006.30392\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"15.006.30392 (2015.006.30392)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:17:46", "description": "This host is installed with Adobe Acrobat Reader\n DC (Classic Track) and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-03-06T00:00:00", "type": "openvas", "title": "Adobe Acrobat Reader DC (Classic Track) Multiple Vulnerabilities (apsb17-36) - Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16367", "CVE-2017-16377", "CVE-2017-11308", "CVE-2017-16361", "CVE-2017-16378", "CVE-2017-16404", "CVE-2017-16409", "CVE-2017-11306", "CVE-2017-16418", "CVE-2017-16370", "CVE-2017-16413", "CVE-2017-16371", "CVE-2017-16376", "CVE-2017-16408", "CVE-2017-16407", "CVE-2017-16395", "CVE-2017-16387", "CVE-2017-16396", "CVE-2017-16398", "CVE-2017-16386", "CVE-2017-16420", "CVE-2017-11293", "CVE-2017-16363", "CVE-2017-16412", "CVE-2017-16364", "CVE-2017-16374", "CVE-2017-16394", "CVE-2017-16390", "CVE-2017-11240", "CVE-2017-16399", "CVE-2017-16381", "CVE-2017-16414", "CVE-2017-16393", "CVE-2017-16379", "CVE-2017-16410", "CVE-2017-16382", "CVE-2017-16400", "CVE-2017-16362", "CVE-2017-11307", "CVE-2017-11253", "CVE-2017-16368", "CVE-2017-16419", "CVE-2017-16365", "CVE-2017-16402", "CVE-2017-16372", "CVE-2017-16373", "CVE-2017-16415", "CVE-2017-16403", "CVE-2017-16397", "CVE-2017-16417", "CVE-2017-16360", "CVE-2017-16416", "CVE-2017-16383", "CVE-2017-16369", "CVE-2017-16385", "CVE-2017-16384", "CVE-2017-16380", "CVE-2017-16401", "CVE-2017-16411", "CVE-2017-11250", "CVE-2017-16391", "CVE-2017-16389", "CVE-2017-16375", "CVE-2017-16388", "CVE-2017-16392", "CVE-2017-16405", "CVE-2017-16406", "CVE-2017-16366"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310812967", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812967", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat Reader DC (Classic Track) Multiple Vulnerabilities-apsb17-36 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader_dc_classic\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812967\");\n script_version(\"2019-07-05T08:21:18+0000\");\n script_cve_id(\"CVE-2017-16377\", \"CVE-2017-16378\", \"CVE-2017-16360\", \"CVE-2017-16388\",\n\t\t\"CVE-2017-16389\", \"CVE-2017-16390\", \"CVE-2017-16393\", \"CVE-2017-16398\",\n\t\t\"CVE-2017-16381\", \"CVE-2017-16385\", \"CVE-2017-16392\", \"CVE-2017-16395\",\n\t\t\"CVE-2017-16396\", \"CVE-2017-16363\", \"CVE-2017-16365\", \"CVE-2017-16374\",\n\t\t\"CVE-2017-16384\", \"CVE-2017-16386\", \"CVE-2017-16387\", \"CVE-2017-16368\",\n\t\t\"CVE-2017-16383\", \"CVE-2017-16391\", \"CVE-2017-16410\", \"CVE-2017-16362\",\n\t\t\"CVE-2017-16370\", \"CVE-2017-16376\", \"CVE-2017-16382\", \"CVE-2017-16394\",\n\t\t\"CVE-2017-16397\", \"CVE-2017-16399\", \"CVE-2017-16400\", \"CVE-2017-16401\",\n\t\t\"CVE-2017-16402\", \"CVE-2017-16403\", \"CVE-2017-16404\", \"CVE-2017-16405\",\n\t\t\"CVE-2017-16408\", \"CVE-2017-16409\", \"CVE-2017-16412\", \"CVE-2017-16414\",\n\t\t\"CVE-2017-16417\", \"CVE-2017-16418\", \"CVE-2017-16420\", \"CVE-2017-11293\",\n\t\t\"CVE-2017-16407\", \"CVE-2017-16413\", \"CVE-2017-16415\", \"CVE-2017-16416\",\n\t\t\"CVE-2017-16361\", \"CVE-2017-16366\", \"CVE-2017-16369\", \"CVE-2017-16380\",\n\t\t\"CVE-2017-16419\", \"CVE-2017-16367\", \"CVE-2017-16379\", \"CVE-2017-16406\",\n\t\t\"CVE-2017-16364\", \"CVE-2017-16371\", \"CVE-2017-16372\", \"CVE-2017-16373\",\n\t\t\"CVE-2017-16375\", \"CVE-2017-16411\", \"CVE-2017-11307\", \"CVE-2017-11308\",\n \"CVE-2017-11240\", \"CVE-2017-11250\", \"CVE-2017-11306\", \"CVE-2017-11253\");\n script_bugtraq_id(101821, 101818, 101831, 101824, 101816, 101823, 101819, 101812,\n 101830, 101820, 101814, 101817, 101815, 101813);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:21:18 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-06 12:23:24 +0530 (Tue, 06 Mar 2018)\");\n script_name(\"Adobe Acrobat Reader DC (Classic Track) Multiple Vulnerabilities (apsb17-36) - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat Reader\n DC (Classic Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Two access of uninitialized point vulnerabilities that could result in\n remote could execution,\n\n - Six use after free vulnerabilities that could result in remote code execution.\n\n - Five buffer access with incorrect length value vulnerabilities that could\n result in remote code execution.\n\n - Six buffer over-read vulnerabilities that could result in remote code\n execution.\n\n - A buffer overflow vulnerability that could result in remote code execution.\n\n - A heap overflow vulnerability that could result in remote code execution.\n\n - Two improper validation of array index vulnerabilities that could result\n in remote code execution.\n\n - Multiple out-of-bounds read vulnerabilities that could result in remote code\n execution.\n\n - Four out-of-bounds write vulnerabilities that could result in remote code\n execution.\n\n - Two security bypass vulnerabilities that could result in drive-by-downloads.\n\n - A security bypass vulnerability that could result in information disclosure.\n\n - A security bypass vulnerability that could result in remote code execution.\n\n - A stack exhaustion vulnerability that could result in excessive resource\n consumption.\n\n - Three type confusion vulnerabilities that could result in remote code\n execution.\n\n - Six untrusted pointer dereference vulnerabilities that could result in remote\n code execution.\n\n - For more details, refer the reference links mentioned.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code in the context of the application.\n Failed attacks may cause a denial-of-service condition. Also attackers will be\n able to gain access to potentially sensitive information, get excessive resource\n consumption and get unintentional download of malicious software.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat Reader DC (Classic Track)\n 2015.006.30355 and earlier versions on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat DC (Classic Track)\n version 2015.006.30392 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-36.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_reader_dc_classic_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/ReaderDC/Classic/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n##2015.006.30392 == 15.006.30392\nif(version_is_less(version:vers, test_version:\"15.006.30392\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"15.006.30392 (2015.006.30392)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:18:14", "description": "This host is installed with Adobe Acrobat DC\n (Continuous Track) and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-03-06T00:00:00", "type": "openvas", "title": "Adobe Acrobat DC (Continuous Track) Multiple Vulnerabilities (apsb17-36) - Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16367", "CVE-2017-16377", "CVE-2017-11308", "CVE-2017-16361", "CVE-2017-16378", "CVE-2017-16404", "CVE-2017-16409", "CVE-2017-11306", "CVE-2017-16418", "CVE-2017-16370", "CVE-2017-16413", "CVE-2017-16371", "CVE-2017-16376", "CVE-2017-16408", "CVE-2017-16407", "CVE-2017-16395", "CVE-2017-16387", "CVE-2017-16396", "CVE-2017-16398", "CVE-2017-16386", "CVE-2017-16420", "CVE-2017-11293", "CVE-2017-16363", "CVE-2017-16412", "CVE-2017-16364", "CVE-2017-16374", "CVE-2017-16394", "CVE-2017-16390", "CVE-2017-11240", "CVE-2017-16399", "CVE-2017-16381", "CVE-2017-16414", "CVE-2017-16393", "CVE-2017-16379", "CVE-2017-16410", "CVE-2017-16382", "CVE-2017-16400", "CVE-2017-16362", "CVE-2017-11307", "CVE-2017-11253", "CVE-2017-16368", "CVE-2017-16419", "CVE-2017-16365", "CVE-2017-16402", "CVE-2017-16372", "CVE-2017-16373", "CVE-2017-16415", "CVE-2017-16403", "CVE-2017-16397", "CVE-2017-16417", "CVE-2017-16360", "CVE-2017-16416", "CVE-2017-16383", "CVE-2017-16369", "CVE-2017-16385", "CVE-2017-16384", "CVE-2017-16380", "CVE-2017-16401", "CVE-2017-16411", "CVE-2017-11250", "CVE-2017-16391", "CVE-2017-16389", "CVE-2017-16375", "CVE-2017-16388", "CVE-2017-16392", "CVE-2017-16405", "CVE-2017-16406", "CVE-2017-16366"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310812969", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812969", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat DC (Continuous Track) Multiple Vulnerabilities-apsb17-36 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_dc_continuous\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812969\");\n script_version(\"2019-07-05T08:21:18+0000\");\n script_cve_id(\"CVE-2017-16377\", \"CVE-2017-16378\", \"CVE-2017-16360\", \"CVE-2017-16388\",\n\t\t\"CVE-2017-16389\", \"CVE-2017-16390\", \"CVE-2017-16393\", \"CVE-2017-16398\",\n\t\t\"CVE-2017-16381\", \"CVE-2017-16385\", \"CVE-2017-16392\", \"CVE-2017-16395\",\n\t\t\"CVE-2017-16396\", \"CVE-2017-16363\", \"CVE-2017-16365\", \"CVE-2017-16374\",\n\t\t\"CVE-2017-16384\", \"CVE-2017-16386\", \"CVE-2017-16387\", \"CVE-2017-16368\",\n\t\t\"CVE-2017-16383\", \"CVE-2017-16391\", \"CVE-2017-16410\", \"CVE-2017-16362\",\n\t\t\"CVE-2017-16370\", \"CVE-2017-16376\", \"CVE-2017-16382\", \"CVE-2017-16394\",\n\t\t\"CVE-2017-16397\", \"CVE-2017-16399\", \"CVE-2017-16400\", \"CVE-2017-16401\",\n\t\t\"CVE-2017-16402\", \"CVE-2017-16403\", \"CVE-2017-16404\", \"CVE-2017-16405\",\n\t\t\"CVE-2017-16408\", \"CVE-2017-16409\", \"CVE-2017-16412\", \"CVE-2017-16414\",\n\t\t\"CVE-2017-16417\", \"CVE-2017-16418\", \"CVE-2017-16420\", \"CVE-2017-11293\",\n\t\t\"CVE-2017-16407\", \"CVE-2017-16413\", \"CVE-2017-16415\", \"CVE-2017-16416\",\n\t\t\"CVE-2017-16361\", \"CVE-2017-16366\", \"CVE-2017-16369\", \"CVE-2017-16380\",\n\t\t\"CVE-2017-16419\", \"CVE-2017-16367\", \"CVE-2017-16379\", \"CVE-2017-16406\",\n\t\t\"CVE-2017-16364\", \"CVE-2017-16371\", \"CVE-2017-16372\", \"CVE-2017-16373\",\n\t\t\"CVE-2017-16375\", \"CVE-2017-16411\", \"CVE-2017-11307\", \"CVE-2017-11308\",\n \"CVE-2017-11240\", \"CVE-2017-11250\", \"CVE-2017-11306\", \"CVE-2017-11253\");\n script_bugtraq_id(101821, 101818, 101831, 101824, 101816, 101823, 101819, 101812,\n 101830, 101820, 101814, 101817, 101815, 101813);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:21:18 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-06 12:57:24 +0530 (Tue, 06 Mar 2018)\");\n script_name(\"Adobe Acrobat DC (Continuous Track) Multiple Vulnerabilities (apsb17-36) - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat DC\n (Continuous Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Two access of uninitialized point vulnerabilities that could result in\n remote could execution,\n\n - Six use after free vulnerabilities that could result in remote code execution.\n\n - Five buffer access with incorrect length value vulnerabilities that could\n result in remote code execution.\n\n - Six buffer over-read vulnerabilities that could result in remote code\n execution.\n\n - A buffer overflow vulnerability that could result in remote code execution.\n\n - A heap overflow vulnerability that could result in remote code execution.\n\n - Two improper validation of array index vulnerabilities that could result\n in remote code execution.\n\n - Multiple out-of-bounds read vulnerabilities that could result in remote code\n execution.\n\n - Four out-of-bounds write vulnerabilities that could result in remote code\n execution.\n\n - Two security bypass vulnerabilities that could result in drive-by-downloads.\n\n - A security bypass vulnerability that could result in information disclosure.\n\n - A security bypass vulnerability that could result in remote code execution.\n\n - A stack exhaustion vulnerability that could result in excessive resource\n consumption.\n\n - Three type confusion vulnerabilities that could result in remote code\n execution.\n\n - Six untrusted pointer dereference vulnerabilities that could result in remote\n code execution.\n\n - For more details, refer the reference links mentioned.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code in the context of the application.\n Failed attacks may cause a denial-of-service condition. Also attackers will be\n able to gain access to potentially sensitive information, get excessive resource\n consumption and get unintentional download of malicious software.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat DC (Continuous Track)\n 2017.012.20098 and earlier versions on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat DC version\n 2018.009.20044 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-36.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_dc_cont_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/AcrobatDC/Continuous/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n##2018.009.20044 == 18.009.20044\nif(version_is_less(version:vers, test_version:\"18.009.20044\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"18.009.20044 (2018.009.20044)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:24:49", "description": "This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-11-16T00:00:00", "type": "openvas", "title": "Adobe Reader Security Updates(apsb17-36)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16367", "CVE-2017-16377", "CVE-2017-11308", "CVE-2017-16361", "CVE-2017-16378", "CVE-2017-16404", "CVE-2017-16409", "CVE-2017-11306", "CVE-2017-16418", "CVE-2017-16370", "CVE-2017-16413", "CVE-2017-16371", "CVE-2017-16376", "CVE-2017-16408", "CVE-2017-16407", "CVE-2017-16395", "CVE-2017-16387", "CVE-2017-16396", "CVE-2017-16398", "CVE-2017-16386", "CVE-2017-16420", "CVE-2017-11293", "CVE-2017-16363", "CVE-2017-16412", "CVE-2017-16364", "CVE-2017-16374", "CVE-2017-16394", "CVE-2017-16390", "CVE-2017-11240", "CVE-2017-16399", "CVE-2017-16381", "CVE-2017-16414", "CVE-2017-16393", "CVE-2017-16379", "CVE-2017-16410", "CVE-2017-16382", "CVE-2017-16400", "CVE-2017-16362", "CVE-2017-11307", "CVE-2017-11253", "CVE-2017-16368", "CVE-2017-16419", "CVE-2017-16365", "CVE-2017-16402", "CVE-2017-16372", "CVE-2017-16373", "CVE-2017-16415", "CVE-2017-16403", "CVE-2017-16397", "CVE-2017-16417", "CVE-2017-16360", "CVE-2017-16416", "CVE-2017-16383", "CVE-2017-16369", "CVE-2017-16385", "CVE-2017-16384", "CVE-2017-16380", "CVE-2017-16401", "CVE-2017-16411", "CVE-2017-11250", "CVE-2017-16391", "CVE-2017-16389", "CVE-2017-16375", "CVE-2017-16388", "CVE-2017-16392", "CVE-2017-16405", "CVE-2017-16406", "CVE-2017-16366"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310811353", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811353", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Reader Security Updates(apsb17-36)-Windows\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811353\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2017-16377\", \"CVE-2017-16378\", \"CVE-2017-16360\", \"CVE-2017-16388\",\n\t\t\"CVE-2017-16389\", \"CVE-2017-16390\", \"CVE-2017-16393\", \"CVE-2017-16398\",\n\t\t\"CVE-2017-16381\", \"CVE-2017-16385\", \"CVE-2017-16392\", \"CVE-2017-16395\",\n\t\t\"CVE-2017-16396\", \"CVE-2017-16363\", \"CVE-2017-16365\", \"CVE-2017-16374\",\n\t\t\"CVE-2017-16384\", \"CVE-2017-16386\", \"CVE-2017-16387\", \"CVE-2017-16368\",\n\t\t\"CVE-2017-16383\", \"CVE-2017-16391\", \"CVE-2017-16410\", \"CVE-2017-16362\",\n\t\t\"CVE-2017-16370\", \"CVE-2017-16376\", \"CVE-2017-16382\", \"CVE-2017-16394\",\n\t\t\"CVE-2017-16397\", \"CVE-2017-16399\", \"CVE-2017-16400\", \"CVE-2017-16401\",\n\t\t\"CVE-2017-16402\", \"CVE-2017-16403\", \"CVE-2017-16404\", \"CVE-2017-16405\",\n\t\t\"CVE-2017-16408\", \"CVE-2017-16409\", \"CVE-2017-16412\", \"CVE-2017-16414\",\n\t\t\"CVE-2017-16417\", \"CVE-2017-16418\", \"CVE-2017-16420\", \"CVE-2017-11293\",\n\t\t\"CVE-2017-16407\", \"CVE-2017-16413\", \"CVE-2017-16415\", \"CVE-2017-16416\",\n\t\t\"CVE-2017-16361\", \"CVE-2017-16366\", \"CVE-2017-16369\", \"CVE-2017-16380\",\n\t\t\"CVE-2017-16419\", \"CVE-2017-16367\", \"CVE-2017-16379\", \"CVE-2017-16406\",\n\t\t\"CVE-2017-16364\", \"CVE-2017-16371\", \"CVE-2017-16372\", \"CVE-2017-16373\",\n\t\t\"CVE-2017-16375\", \"CVE-2017-16411\", \"CVE-2017-11307\", \"CVE-2017-11308\",\n \"CVE-2017-11240\", \"CVE-2017-11250\", \"CVE-2017-11306\", \"CVE-2017-11253\");\n script_bugtraq_id(101821, 101818, 101831, 101824, 101816, 101823, 101819, 101812,\n 101830, 101820, 101814, 101817, 101815, 101813);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-11-16 11:56:52 +0530 (Thu, 16 Nov 2017)\");\n script_name(\"Adobe Reader Security Updates(apsb17-36)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Two access of uninitialized point vulnerabilities that could result in\n remote could execution,\n\n - Six use after free vulnerabilities that could result in remote code execution.\n\n - Five buffer access with incorrect length value vulnerabilities that could\n result in remote code execution.\n\n - Six buffer over-read vulnerabilities that could result in remote code\n execution.\n\n - A buffer overflow vulnerability that could result in remote code execution.\n\n - A heap overflow vulnerability that could result in remote code execution.\n\n - Two improper validation of array index vulnerabilities that could result\n in remote code execution.\n\n - Multiple out-of-bounds read vulnerabilities that could result in remote code\n execution.\n\n - Four out-of-bounds write vulnerabilities that could result in remote code\n execution.\n\n - Two security bypass vulnerabilities that could result in drive-by-downloads.\n\n - A security bypass vulnerability that could result in information disclosure.\n\n - A security bypass vulnerability that could result in remote code execution.\n\n - A stack exhaustion vulnerability that could result in excessive resource\n consumption.\n\n - Three type confusion vulnerabilities that could result in remote code\n execution.\n\n - Six untrusted pointer dereference vulnerabilities that could result in remote\n code execution.\n\n - For more details, refer the reference links mentioned.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code in the context of the application.\n Failed attacks may cause a denial-of-service condition. Also attackers will be\n able to gain access to potentially sensitive information, get excessive resource\n consumption and get unintentional downloads of malicious software.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader version 11.x before 11.0.23 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader version 11.0.23 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-36.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Reader/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nreaderVer = infos['version'];\nInstallPath = infos['location'];\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.22\"))\n{\n report = report_fixed_ver(installed_version:readerVer, fixed_version:\"11.0.23\", install_path:InstallPath);\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:24:04", "description": "This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-11-16T00:00:00", "type": "openvas", "title": "Adobe Acrobat Security Updates(apsb17-36)-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16367", "CVE-2017-16377", "CVE-2017-11308", "CVE-2017-16361", "CVE-2017-16378", "CVE-2017-16404", "CVE-2017-16409", "CVE-2017-11306", "CVE-2017-16418", "CVE-2017-16370", "CVE-2017-16413", "CVE-2017-16371", "CVE-2017-16376", "CVE-2017-16408", "CVE-2017-16407", "CVE-2017-16395", "CVE-2017-16387", "CVE-2017-16396", "CVE-2017-16398", "CVE-2017-16386", "CVE-2017-16420", "CVE-2017-11293", "CVE-2017-16363", "CVE-2017-16412", "CVE-2017-16364", "CVE-2017-16374", "CVE-2017-16394", "CVE-2017-16390", "CVE-2017-11240", "CVE-2017-16399", "CVE-2017-16381", "CVE-2017-16414", "CVE-2017-16393", "CVE-2017-16379", "CVE-2017-16410", "CVE-2017-16382", "CVE-2017-16400", "CVE-2017-16362", "CVE-2017-11307", "CVE-2017-11253", "CVE-2017-16368", "CVE-2017-16419", "CVE-2017-16365", "CVE-2017-16402", "CVE-2017-16372", "CVE-2017-16373", "CVE-2017-16415", "CVE-2017-16403", "CVE-2017-16397", "CVE-2017-16417", "CVE-2017-16360", "CVE-2017-16416", "CVE-2017-16383", "CVE-2017-16369", "CVE-2017-16385", "CVE-2017-16384", "CVE-2017-16380", "CVE-2017-16401", "CVE-2017-16411", "CVE-2017-11250", "CVE-2017-16391", "CVE-2017-16389", "CVE-2017-16375", "CVE-2017-16388", "CVE-2017-16392", "CVE-2017-16405", "CVE-2017-16406", "CVE-2017-16366"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310811344", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811344", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat Security Updates(apsb17-36)-MAC OS X\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811344\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2017-16377\", \"CVE-2017-16378\", \"CVE-2017-16360\", \"CVE-2017-16388\",\n \"CVE-2017-16389\", \"CVE-2017-16390\", \"CVE-2017-16393\", \"CVE-2017-16398\",\n \"CVE-2017-16381\", \"CVE-2017-16385\", \"CVE-2017-16392\", \"CVE-2017-16395\",\n \"CVE-2017-16396\", \"CVE-2017-16363\", \"CVE-2017-16365\", \"CVE-2017-16374\",\n \"CVE-2017-16384\", \"CVE-2017-16386\", \"CVE-2017-16387\", \"CVE-2017-16368\",\n \"CVE-2017-16383\", \"CVE-2017-16391\", \"CVE-2017-16410\", \"CVE-2017-16362\",\n \"CVE-2017-16370\", \"CVE-2017-16376\", \"CVE-2017-16382\", \"CVE-2017-16394\",\n \"CVE-2017-16397\", \"CVE-2017-16399\", \"CVE-2017-16400\", \"CVE-2017-16401\",\n \"CVE-2017-16402\", \"CVE-2017-16403\", \"CVE-2017-16404\", \"CVE-2017-16405\",\n \"CVE-2017-16408\", \"CVE-2017-16409\", \"CVE-2017-16412\", \"CVE-2017-16414\",\n \"CVE-2017-16417\", \"CVE-2017-16418\", \"CVE-2017-16420\", \"CVE-2017-11293\",\n \"CVE-2017-16407\", \"CVE-2017-16413\", \"CVE-2017-16415\", \"CVE-2017-16416\",\n \"CVE-2017-16361\", \"CVE-2017-16366\", \"CVE-2017-16369\", \"CVE-2017-16380\",\n \"CVE-2017-16419\", \"CVE-2017-16367\", \"CVE-2017-16379\", \"CVE-2017-16406\",\n \"CVE-2017-16364\", \"CVE-2017-16371\", \"CVE-2017-16372\", \"CVE-2017-16373\",\n \"CVE-2017-16375\", \"CVE-2017-16411\", \"CVE-2017-11307\", \"CVE-2017-11308\",\n \"CVE-2017-11240\", \"CVE-2017-11250\", \"CVE-2017-11306\", \"CVE-2017-11253\");\n script_bugtraq_id(101821, 101818, 101831, 101824, 101816, 101823, 101819, 101812,\n 101830, 101820, 101814, 101817, 101815, 101813);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-11-16 11:56:52 +0530 (Thu, 16 Nov 2017)\");\n script_name(\"Adobe Acrobat Security Updates(apsb17-36)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Two access of uninitialized point vulnerabilities that could result in\n remote could execution,\n\n - Six use after free vulnerabilities that could result in remote code execution.\n\n - Five buffer access with incorrect length value vulnerabilities that could\n result in remote code execution.\n\n - Six buffer over-read vulnerabilities that could result in remote code\n execution.\n\n - A buffer overflow vulnerability that could result in remote code execution.\n\n - A heap overflow vulnerability that could result in remote code execution.\n\n - Two improper validation of array index vulnerabilities that could result\n in remote code execution.\n\n - Multiple out-of-bounds read vulnerabilities that could result in remote code\n execution.\n\n - Four out-of-bounds write vulnerabilities that could result in remote code\n execution.\n\n - Two security bypass vulnerabilities that could result in drive-by-downloads.\n\n - A security bypass vulnerability that could result in information disclosure.\n\n - A security bypass vulnerability that could result in remote code execution.\n\n - A stack exhaustion vulnerability that could result in excessive resource\n consumption.\n\n - Three type confusion vulnerabilities that could result in remote code\n execution.\n\n - Six untrusted pointer dereference vulnerabilities that could result in remote\n code execution.\n\n - For more details, refer the reference links mentioned.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code in the context of the application.\n Failed attacks may cause a denial-of-service condition. Also attackers will be\n able to gain access to potentially sensitive information, get excessive resource\n consumption and get unintentional downloads of malicious software.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat version 11.x before 11.0.23 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat version 11.0.23 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-36.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nreaderVer = infos['version'];\nInstallPath = infos['location'];\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.22\"))\n{\n report = report_fixed_ver(installed_version:readerVer, fixed_version:\"11.0.23\", install_path:InstallPath);\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:18:00", "description": "This host is installed with Adobe Acrobat Reader\n 2017 and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-03-06T00:00:00", "type": "openvas", "title": "Adobe Acrobat Reader 2017 Multiple Vulnerabilities-apsb17-36 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16367", "CVE-2017-16377", "CVE-2017-11308", "CVE-2017-16361", "CVE-2017-16378", "CVE-2017-16404", "CVE-2017-16409", "CVE-2017-11306", "CVE-2017-16418", "CVE-2017-16370", "CVE-2017-16413", "CVE-2017-16371", "CVE-2017-16376", "CVE-2017-16408", "CVE-2017-16407", "CVE-2017-16395", "CVE-2017-16387", "CVE-2017-16396", "CVE-2017-16398", "CVE-2017-16386", "CVE-2017-16420", "CVE-2017-11293", "CVE-2017-16363", "CVE-2017-16412", "CVE-2017-16364", "CVE-2017-16374", "CVE-2017-16394", "CVE-2017-16390", "CVE-2017-11240", "CVE-2017-16399", "CVE-2017-16381", "CVE-2017-16414", "CVE-2017-16393", "CVE-2017-16379", "CVE-2017-16410", "CVE-2017-16382", "CVE-2017-16400", "CVE-2017-16362", "CVE-2017-11307", "CVE-2017-11253", "CVE-2017-16368", "CVE-2017-16419", "CVE-2017-16365", "CVE-2017-16402", "CVE-2017-16372", "CVE-2017-16373", "CVE-2017-16415", "CVE-2017-16403", "CVE-2017-16397", "CVE-2017-16417", "CVE-2017-16360", "CVE-2017-16416", "CVE-2017-16383", "CVE-2017-16369", "CVE-2017-16385", "CVE-2017-16384", "CVE-2017-16380", "CVE-2017-16401", "CVE-2017-16411", "CVE-2017-11250", "CVE-2017-16391", "CVE-2017-16389", "CVE-2017-16375", "CVE-2017-16388", "CVE-2017-16392", "CVE-2017-16405", "CVE-2017-16406", "CVE-2017-16366"], "modified": "2019-07-16T00:00:00", "id": "OPENVAS:1361412562310812964", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812964", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat Reader 2017 Multiple Vulnerabilities-apsb17-36 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812964\");\n script_version(\"2019-07-16T10:51:36+0000\");\n script_cve_id(\"CVE-2017-16377\", \"CVE-2017-16378\", \"CVE-2017-16360\", \"CVE-2017-16388\",\n\t\t\"CVE-2017-16389\", \"CVE-2017-16390\", \"CVE-2017-16393\", \"CVE-2017-16398\",\n\t\t\"CVE-2017-16381\", \"CVE-2017-16385\", \"CVE-2017-16392\", \"CVE-2017-16395\",\n\t\t\"CVE-2017-16396\", \"CVE-2017-16363\", \"CVE-2017-16365\", \"CVE-2017-16374\",\n\t\t\"CVE-2017-16384\", \"CVE-2017-16386\", \"CVE-2017-16387\", \"CVE-2017-16368\",\n\t\t\"CVE-2017-16383\", \"CVE-2017-16391\", \"CVE-2017-16410\", \"CVE-2017-16362\",\n\t\t\"CVE-2017-16370\", \"CVE-2017-16376\", \"CVE-2017-16382\", \"CVE-2017-16394\",\n\t\t\"CVE-2017-16397\", \"CVE-2017-16399\", \"CVE-2017-16400\", \"CVE-2017-16401\",\n\t\t\"CVE-2017-16402\", \"CVE-2017-16403\", \"CVE-2017-16404\", \"CVE-2017-16405\",\n\t\t\"CVE-2017-16408\", \"CVE-2017-16409\", \"CVE-2017-16412\", \"CVE-2017-16414\",\n\t\t\"CVE-2017-16417\", \"CVE-2017-16418\", \"CVE-2017-16420\", \"CVE-2017-11293\",\n\t\t\"CVE-2017-16407\", \"CVE-2017-16413\", \"CVE-2017-16415\", \"CVE-2017-16416\",\n\t\t\"CVE-2017-16361\", \"CVE-2017-16366\", \"CVE-2017-16369\", \"CVE-2017-16380\",\n\t\t\"CVE-2017-16419\", \"CVE-2017-16367\", \"CVE-2017-16379\", \"CVE-2017-16406\",\n\t\t\"CVE-2017-16364\", \"CVE-2017-16371\", \"CVE-2017-16372\", \"CVE-2017-16373\",\n\t\t\"CVE-2017-16375\", \"CVE-2017-16411\", \"CVE-2017-11307\", \"CVE-2017-11308\",\n \"CVE-2017-11240\", \"CVE-2017-11250\", \"CVE-2017-11306\", \"CVE-2017-11253\");\n script_bugtraq_id(101821, 101818, 101831, 101824, 101816, 101823, 101819, 101812,\n 101830, 101820, 101814, 101817, 101815, 101813);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-16 10:51:36 +0000 (Tue, 16 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-06 12:10:48 +0530 (Tue, 06 Mar 2018)\");\n script_name(\"Adobe Acrobat Reader 2017 Multiple Vulnerabilities-apsb17-36 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat Reader\n 2017 and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Two access of uninitialized point vulnerabilities that could result in\n remote could execution,\n\n - Six use after free vulnerabilities that could result in remote code execution.\n\n - Five buffer access with incorrect length value vulnerabilities that could\n result in remote code execution.\n\n - Six buffer over-read vulnerabilities that could result in remote code\n execution.\n\n - A buffer overflow vulnerability that could result in remote code execution.\n\n - A heap overflow vulnerability that could result in remote code execution.\n\n - Two improper validation of array index vulnerabilities that could result\n in remote code execution.\n\n - Multiple out-of-bounds read vulnerabilities that could result in remote code\n execution.\n\n - Four out-of-bounds write vulnerabilities that could result in remote code\n execution.\n\n - Two security bypass vulnerabilities that could result in drive-by-downloads.\n\n - A security bypass vulnerability that could result in information disclosure.\n\n - A security bypass vulnerability that could result in remote code execution.\n\n - A stack exhaustion vulnerability that could result in excessive resource\n consumption.\n\n - Three type confusion vulnerabilities that could result in remote code\n execution.\n\n - Six untrusted pointer dereference vulnerabilities that could result in remote\n code execution.\n\n - For more details, refer the reference links mentioned.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code in the context of the application.\n Failed attacks may cause a denial-of-service condition. Also attackers will be\n able to gain access to potentially sensitive information, get excessive resource\n consumption and get unintentional download of malicious software.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat Reader 2017.011.30066 and earlier\n versions on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat 2017 version\n 2017.011.30068 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-36.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Reader/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\n##2017.011.30068 == 17.011.30068\nif(version_in_range(version:vers, test_version:\"17.0\", test_version2:\"17.011.30067\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"17.011.30068 (2017.011.30068)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:17:54", "description": "This host is installed with Adobe Acrobat DC\n (Classic Track) and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-03-06T00:00:00", "type": "openvas", "title": "Adobe Acrobat DC (Classic Track) Multiple Vulnerabilities (apsb17-36) - Mac OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16367", "CVE-2017-16377", "CVE-2017-11308", "CVE-2017-16361", "CVE-2017-16378", "CVE-2017-16404", "CVE-2017-16409", "CVE-2017-11306", "CVE-2017-16418", "CVE-2017-16370", "CVE-2017-16413", "CVE-2017-16371", "CVE-2017-16376", "CVE-2017-16408", "CVE-2017-16407", "CVE-2017-16395", "CVE-2017-16387", "CVE-2017-16396", "CVE-2017-16398", "CVE-2017-16386", "CVE-2017-16420", "CVE-2017-11293", "CVE-2017-16363", "CVE-2017-16412", "CVE-2017-16364", "CVE-2017-16374", "CVE-2017-16394", "CVE-2017-16390", "CVE-2017-11240", "CVE-2017-16399", "CVE-2017-16381", "CVE-2017-16414", "CVE-2017-16393", "CVE-2017-16379", "CVE-2017-16410", "CVE-2017-16382", "CVE-2017-16400", "CVE-2017-16362", "CVE-2017-11307", "CVE-2017-11253", "CVE-2017-16368", "CVE-2017-16419", "CVE-2017-16365", "CVE-2017-16402", "CVE-2017-16372", "CVE-2017-16373", "CVE-2017-16415", "CVE-2017-16403", "CVE-2017-16397", "CVE-2017-16417", "CVE-2017-16360", "CVE-2017-16416", "CVE-2017-16383", "CVE-2017-16369", "CVE-2017-16385", "CVE-2017-16384", "CVE-2017-16380", "CVE-2017-16401", "CVE-2017-16411", "CVE-2017-11250", "CVE-2017-16391", "CVE-2017-16389", "CVE-2017-16375", "CVE-2017-16388", "CVE-2017-16392", "CVE-2017-16405", "CVE-2017-16406", "CVE-2017-16366"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310812966", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812966", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat DC (Classic Track) Multiple Vulnerabilities-apsb17-36 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_dc_classic\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812966\");\n script_version(\"2019-07-05T08:21:18+0000\");\n script_cve_id(\"CVE-2017-16377\", \"CVE-2017-16378\", \"CVE-2017-16360\", \"CVE-2017-16388\",\n\t\t\"CVE-2017-16389\", \"CVE-2017-16390\", \"CVE-2017-16393\", \"CVE-2017-16398\",\n\t\t\"CVE-2017-16381\", \"CVE-2017-16385\", \"CVE-2017-16392\", \"CVE-2017-16395\",\n\t\t\"CVE-2017-16396\", \"CVE-2017-16363\", \"CVE-2017-16365\", \"CVE-2017-16374\",\n\t\t\"CVE-2017-16384\", \"CVE-2017-16386\", \"CVE-2017-16387\", \"CVE-2017-16368\",\n\t\t\"CVE-2017-16383\", \"CVE-2017-16391\", \"CVE-2017-16410\", \"CVE-2017-16362\",\n\t\t\"CVE-2017-16370\", \"CVE-2017-16376\", \"CVE-2017-16382\", \"CVE-2017-16394\",\n\t\t\"CVE-2017-16397\", \"CVE-2017-16399\", \"CVE-2017-16400\", \"CVE-2017-16401\",\n\t\t\"CVE-2017-16402\", \"CVE-2017-16403\", \"CVE-2017-16404\", \"CVE-2017-16405\",\n\t\t\"CVE-2017-16408\", \"CVE-2017-16409\", \"CVE-2017-16412\", \"CVE-2017-16414\",\n\t\t\"CVE-2017-16417\", \"CVE-2017-16418\", \"CVE-2017-16420\", \"CVE-2017-11293\",\n\t\t\"CVE-2017-16407\", \"CVE-2017-16413\", \"CVE-2017-16415\", \"CVE-2017-16416\",\n\t\t\"CVE-2017-16361\", \"CVE-2017-16366\", \"CVE-2017-16369\", \"CVE-2017-16380\",\n\t\t\"CVE-2017-16419\", \"CVE-2017-16367\", \"CVE-2017-16379\", \"CVE-2017-16406\",\n\t\t\"CVE-2017-16364\", \"CVE-2017-16371\", \"CVE-2017-16372\", \"CVE-2017-16373\",\n\t\t\"CVE-2017-16375\", \"CVE-2017-16411\", \"CVE-2017-11307\", \"CVE-2017-11308\",\n \"CVE-2017-11240\", \"CVE-2017-11250\", \"CVE-2017-11306\", \"CVE-2017-11253\");\n script_bugtraq_id(101821, 101818, 101831, 101824, 101816, 101823, 101819, 101812,\n 101830, 101820, 101814, 101817, 101815, 101813);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:21:18 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-06 12:41:02 +0530 (Tue, 06 Mar 2018)\");\n script_name(\"Adobe Acrobat DC (Classic Track) Multiple Vulnerabilities (apsb17-36) - Mac OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat DC\n (Classic Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Two access of uninitialized point vulnerabilities that could result in\n remote could execution,\n\n - Six use after free vulnerabilities that could result in remote code execution.\n\n - Five buffer access with incorrect length value vulnerabilities that could\n result in remote code execution.\n\n - Six buffer over-read vulnerabilities that could result in remote code\n execution.\n\n - A buffer overflow vulnerability that could result in remote code execution.\n\n - A heap overflow vulnerability that could result in remote code execution.\n\n - Two improper validation of array index vulnerabilities that could result\n in remote code execution.\n\n - Multiple out-of-bounds read vulnerabilities that could result in remote code\n execution.\n\n - Four out-of-bounds write vulnerabilities that could result in remote code\n execution.\n\n - Two security bypass vulnerabilities that could result in drive-by-downloads.\n\n - A security bypass vulnerability that could result in information disclosure.\n\n - A security bypass vulnerability that could result in remote code execution.\n\n - A stack exhaustion vulnerability that could result in excessive resource\n consumption.\n\n - Three type confusion vulnerabilities that could result in remote code\n execution.\n\n - Six untrusted pointer dereference vulnerabilities that could result in remote\n code execution.\n\n - For more details, refer the reference links mentioned.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code in the context of the application.\n Failed attacks may cause a denial-of-service condition. Also attackers will be\n able to gain access to potentially sensitive information, get excessive resource\n consumption and get unintentional download of malicious software.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat DC (Classic Track)\n 2015.006.30355 and earlier versions on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat DC (Classic Track)\n version 2015.006.30392 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-36.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_dc_classic_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/AcrobatDC/Classic/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n##2015.006.30392 == 15.006.30392\nif(version_is_less(version:vers, test_version:\"15.006.30392\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"15.006.30392 (2015.006.30392)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:17:50", "description": "This host is installed with Adobe Acrobat 2017\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-03-06T00:00:00", "type": "openvas", "title": "Adobe Acrobat 2017 Multiple Vulnerabilities-apsb17-36 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16367", "CVE-2017-16377", "CVE-2017-11308", "CVE-2017-16361", "CVE-2017-16378", "CVE-2017-16404", "CVE-2017-16409", "CVE-2017-11306", "CVE-2017-16418", "CVE-2017-16370", "CVE-2017-16413", "CVE-2017-16371", "CVE-2017-16376", "CVE-2017-16408", "CVE-2017-16407", "CVE-2017-16395", "CVE-2017-16387", "CVE-2017-16396", "CVE-2017-16398", "CVE-2017-16386", "CVE-2017-16420", "CVE-2017-11293", "CVE-2017-16363", "CVE-2017-16412", "CVE-2017-16364", "CVE-2017-16374", "CVE-2017-16394", "CVE-2017-16390", "CVE-2017-11240", "CVE-2017-16399", "CVE-2017-16381", "CVE-2017-16414", "CVE-2017-16393", "CVE-2017-16379", "CVE-2017-16410", "CVE-2017-16382", "CVE-2017-16400", "CVE-2017-16362", "CVE-2017-11307", "CVE-2017-11253", "CVE-2017-16368", "CVE-2017-16419", "CVE-2017-16365", "CVE-2017-16402", "CVE-2017-16372", "CVE-2017-16373", "CVE-2017-16415", "CVE-2017-16403", "CVE-2017-16397", "CVE-2017-16417", "CVE-2017-16360", "CVE-2017-16416", "CVE-2017-16383", "CVE-2017-16369", "CVE-2017-16385", "CVE-2017-16384", "CVE-2017-16380", "CVE-2017-16401", "CVE-2017-16411", "CVE-2017-11250", "CVE-2017-16391", "CVE-2017-16389", "CVE-2017-16375", "CVE-2017-16388", "CVE-2017-16392", "CVE-2017-16405", "CVE-2017-16406", "CVE-2017-16366"], "modified": "2019-07-16T00:00:00", "id": "OPENVAS:1361412562310812962", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812962", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat 2017 Multiple Vulnerabilities-apsb17-36 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812962\");\n script_version(\"2019-07-16T10:51:36+0000\");\n script_cve_id(\"CVE-2017-16377\", \"CVE-2017-16378\", \"CVE-2017-16360\", \"CVE-2017-16388\",\n\t\t\"CVE-2017-16389\", \"CVE-2017-16390\", \"CVE-2017-16393\", \"CVE-2017-16398\",\n\t\t\"CVE-2017-16381\", \"CVE-2017-16385\", \"CVE-2017-16392\", \"CVE-2017-16395\",\n\t\t\"CVE-2017-16396\", \"CVE-2017-16363\", \"CVE-2017-16365\", \"CVE-2017-16374\",\n\t\t\"CVE-2017-16384\", \"CVE-2017-16386\", \"CVE-2017-16387\", \"CVE-2017-16368\",\n\t\t\"CVE-2017-16383\", \"CVE-2017-16391\", \"CVE-2017-16410\", \"CVE-2017-16362\",\n\t\t\"CVE-2017-16370\", \"CVE-2017-16376\", \"CVE-2017-16382\", \"CVE-2017-16394\",\n\t\t\"CVE-2017-16397\", \"CVE-2017-16399\", \"CVE-2017-16400\", \"CVE-2017-16401\",\n\t\t\"CVE-2017-16402\", \"CVE-2017-16403\", \"CVE-2017-16404\", \"CVE-2017-16405\",\n\t\t\"CVE-2017-16408\", \"CVE-2017-16409\", \"CVE-2017-16412\", \"CVE-2017-16414\",\n\t\t\"CVE-2017-16417\", \"CVE-2017-16418\", \"CVE-2017-16420\", \"CVE-2017-11293\",\n\t\t\"CVE-2017-16407\", \"CVE-2017-16413\", \"CVE-2017-16415\", \"CVE-2017-16416\",\n\t\t\"CVE-2017-16361\", \"CVE-2017-16366\", \"CVE-2017-16369\", \"CVE-2017-16380\",\n\t\t\"CVE-2017-16419\", \"CVE-2017-16367\", \"CVE-2017-16379\", \"CVE-2017-16406\",\n\t\t\"CVE-2017-16364\", \"CVE-2017-16371\", \"CVE-2017-16372\", \"CVE-2017-16373\",\n\t\t\"CVE-2017-16375\", \"CVE-2017-16411\", \"CVE-2017-11307\", \"CVE-2017-11308\",\n \"CVE-2017-11240\", \"CVE-2017-11250\", \"CVE-2017-11306\", \"CVE-2017-11253\");\n script_bugtraq_id(101821, 101818, 101831, 101824, 101816, 101823, 101819, 101812,\n 101830, 101820, 101814, 101817, 101815, 101813);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-16 10:51:36 +0000 (Tue, 16 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-06 12:03:30 +0530 (Tue, 06 Mar 2018)\");\n script_name(\"Adobe Acrobat 2017 Multiple Vulnerabilities-apsb17-36 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat 2017\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Two access of uninitialized point vulnerabilities that could result in\n remote could execution,\n\n - Six use after free vulnerabilities that could result in remote code execution.\n\n - Five buffer access with incorrect length value vulnerabilities that could\n result in remote code execution.\n\n - Six buffer over-read vulnerabilities that could result in remote code\n execution.\n\n - A buffer overflow vulnerability that could result in remote code execution.\n\n - A heap overflow vulnerability that could result in remote code execution.\n\n - Two improper validation of array index vulnerabilities that could result\n in remote code execution.\n\n - Multiple out-of-bounds read vulnerabilities that could result in remote code\n execution.\n\n - Four out-of-bounds write vulnerabilities that could result in remote code\n execution.\n\n - Two security bypass vulnerabilities that could result in drive-by-downloads.\n\n - A security bypass vulnerability that could result in information disclosure.\n\n - A security bypass vulnerability that could result in remote code execution.\n\n - A stack exhaustion vulnerability that could result in excessive resource\n consumption.\n\n - Three type confusion vulnerabilities that could result in remote code\n execution.\n\n - Six untrusted pointer dereference vulnerabilities that could result in remote\n code execution.\n\n - For more details, refer the reference links mentioned.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code in the context of the application.\n Failed attacks may cause a denial-of-service condition. Also attackers will be\n able to gain access to potentially sensitive information, get excessive resource\n consumption and get unintentional download of malicious software.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat 2017.011.30066 and earlier\n versions on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat 2017 version\n 2017.011.30068 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-36.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\n##2017.011.30068 == 17.011.30068\nif(version_in_range(version:vers, test_version:\"17.0\", test_version2:\"17.011.30067\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"17.011.30068 (2017.011.30068)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:17:42", "description": "This host is installed with Adobe Acrobat DC\n (Classic Track) and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-03-06T00:00:00", "type": "openvas", "title": "Adobe Acrobat DC (Classic Track) Multiple Vulnerabilities (apsb17-36) - Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16367", "CVE-2017-16377", "CVE-2017-11308", "CVE-2017-16361", "CVE-2017-16378", "CVE-2017-16404", "CVE-2017-16409", "CVE-2017-11306", "CVE-2017-16418", "CVE-2017-16370", "CVE-2017-16413", "CVE-2017-16371", "CVE-2017-16376", "CVE-2017-16408", "CVE-2017-16407", "CVE-2017-16395", "CVE-2017-16387", "CVE-2017-16396", "CVE-2017-16398", "CVE-2017-16386", "CVE-2017-16420", "CVE-2017-11293", "CVE-2017-16363", "CVE-2017-16412", "CVE-2017-16364", "CVE-2017-16374", "CVE-2017-16394", "CVE-2017-16390", "CVE-2017-11240", "CVE-2017-16399", "CVE-2017-16381", "CVE-2017-16414", "CVE-2017-16393", "CVE-2017-16379", "CVE-2017-16410", "CVE-2017-16382", "CVE-2017-16400", "CVE-2017-16362", "CVE-2017-11307", "CVE-2017-11253", "CVE-2017-16368", "CVE-2017-16419", "CVE-2017-16365", "CVE-2017-16402", "CVE-2017-16372", "CVE-2017-16373", "CVE-2017-16415", "CVE-2017-16403", "CVE-2017-16397", "CVE-2017-16417", "CVE-2017-16360", "CVE-2017-16416", "CVE-2017-16383", "CVE-2017-16369", "CVE-2017-16385", "CVE-2017-16384", "CVE-2017-16380", "CVE-2017-16401", "CVE-2017-16411", "CVE-2017-11250", "CVE-2017-16391", "CVE-2017-16389", "CVE-2017-16375", "CVE-2017-16388", "CVE-2017-16392", "CVE-2017-16405", "CVE-2017-16406", "CVE-2017-16366"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310812965", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812965", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat DC (Classic Track) Multiple Vulnerabilities-apsb17-36 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_dc_classic\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812965\");\n script_version(\"2019-07-05T08:21:18+0000\");\n script_cve_id(\"CVE-2017-16377\", \"CVE-2017-16378\", \"CVE-2017-16360\", \"CVE-2017-16388\",\n\t\t\"CVE-2017-16389\", \"CVE-2017-16390\", \"CVE-2017-16393\", \"CVE-2017-16398\",\n\t\t\"CVE-2017-16381\", \"CVE-2017-16385\", \"CVE-2017-16392\", \"CVE-2017-16395\",\n\t\t\"CVE-2017-16396\", \"CVE-2017-16363\", \"CVE-2017-16365\", \"CVE-2017-16374\",\n\t\t\"CVE-2017-16384\", \"CVE-2017-16386\", \"CVE-2017-16387\", \"CVE-2017-16368\",\n\t\t\"CVE-2017-16383\", \"CVE-2017-16391\", \"CVE-2017-16410\", \"CVE-2017-16362\",\n\t\t\"CVE-2017-16370\", \"CVE-2017-16376\", \"CVE-2017-16382\", \"CVE-2017-16394\",\n\t\t\"CVE-2017-16397\", \"CVE-2017-16399\", \"CVE-2017-16400\", \"CVE-2017-16401\",\n\t\t\"CVE-2017-16402\", \"CVE-2017-16403\", \"CVE-2017-16404\", \"CVE-2017-16405\",\n\t\t\"CVE-2017-16408\", \"CVE-2017-16409\", \"CVE-2017-16412\", \"CVE-2017-16414\",\n\t\t\"CVE-2017-16417\", \"CVE-2017-16418\", \"CVE-2017-16420\", \"CVE-2017-11293\",\n\t\t\"CVE-2017-16407\", \"CVE-2017-16413\", \"CVE-2017-16415\", \"CVE-2017-16416\",\n\t\t\"CVE-2017-16361\", \"CVE-2017-16366\", \"CVE-2017-16369\", \"CVE-2017-16380\",\n\t\t\"CVE-2017-16419\", \"CVE-2017-16367\", \"CVE-2017-16379\", \"CVE-2017-16406\",\n\t\t\"CVE-2017-16364\", \"CVE-2017-16371\", \"CVE-2017-16372\", \"CVE-2017-16373\",\n\t\t\"CVE-2017-16375\", \"CVE-2017-16411\", \"CVE-2017-11307\", \"CVE-2017-11308\",\n \"CVE-2017-11240\", \"CVE-2017-11250\", \"CVE-2017-11306\", \"CVE-2017-11253\");\n script_bugtraq_id(101821, 101818, 101831, 101824, 101816, 101823, 101819, 101812,\n 101830, 101820, 101814, 101817, 101815, 101813);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:21:18 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-06 12:23:24 +0530 (Tue, 06 Mar 2018)\");\n script_name(\"Adobe Acrobat DC (Classic Track) Multiple Vulnerabilities (apsb17-36) - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat DC\n (Classic Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Two access of uninitialized point vulnerabilities that could result in\n remote could execution,\n\n - Six use after free vulnerabilities that could result in remote code execution.\n\n - Five buffer access with incorrect length value vulnerabilities that could\n result in remote code execution.\n\n - Six buffer over-read vulnerabilities that could result in remote code\n execution.\n\n - A buffer overflow vulnerability that could result in remote code execution.\n\n - A heap overflow vulnerability that could result in remote code execution.\n\n - Two improper validation of array index vulnerabilities that could result\n in remote code execution.\n\n - Multiple out-of-bounds read vulnerabilities that could result in remote code\n execution.\n\n - Four out-of-bounds write vulnerabilities that could result in remote code\n execution.\n\n - Two security bypass vulnerabilities that could result in drive-by-downloads.\n\n - A security bypass vulnerability that could result in information disclosure.\n\n - A security bypass vulnerability that could result in remote code execution.\n\n - A stack exhaustion vulnerability that could result in excessive resource\n consumption.\n\n - Three type confusion vulnerabilities that could result in remote code\n execution.\n\n - Six untrusted pointer dereference vulnerabilities that could result in remote\n code execution.\n\n - For more details, refer the reference links mentioned.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code in the context of the application.\n Failed attacks may cause a denial-of-service condition. Also attackers will be\n able to gain access to potentially sensitive information, get excessive resource\n consumption and get unintentional download of malicious software.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat DC (Classic Track)\n 2015.006.30355 and earlier versions on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat DC (Classic Track)\n version 2015.006.30392 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-36.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_dc_classic_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/AcrobatDC/Classic/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n##2015.006.30392 == 15.006.30392\nif(version_is_less(version:vers, test_version:\"15.006.30392\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"15.006.30392 (2015.006.30392)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "adobe": [{"lastseen": "2021-09-30T17:39:51", "description": "Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address [critical]() vulnerabilities that could potentially allow an attacker to take control of the affected system. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "adobe", "title": "APSB17-36 Security updates available for Adobe Acrobat and Reader", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11240", "CVE-2017-11250", "CVE-2017-11253", "CVE-2017-11293", "CVE-2017-11306", "CVE-2017-11307", "CVE-2017-11308", "CVE-2017-16360", "CVE-2017-16361", "CVE-2017-16362", "CVE-2017-16363", "CVE-2017-16364", "CVE-2017-16365", "CVE-2017-16366", "CVE-2017-16367", "CVE-2017-16368", "CVE-2017-16369", "CVE-2017-16370", "CVE-2017-16371", "CVE-2017-16372", "CVE-2017-16373", "CVE-2017-16374", "CVE-2017-16375", "CVE-2017-16376", "CVE-2017-16377", "CVE-2017-16378", "CVE-2017-16379", "CVE-2017-16380", "CVE-2017-16381", "CVE-2017-16382", "CVE-2017-16383", "CVE-2017-16384", "CVE-2017-16385", "CVE-2017-16386", "CVE-2017-16387", "CVE-2017-16388", "CVE-2017-16389", "CVE-2017-16390", "CVE-2017-16391", "CVE-2017-16392", "CVE-2017-16393", "CVE-2017-16394", "CVE-2017-16395", "CVE-2017-16396", "CVE-2017-16397", "CVE-2017-16398", "CVE-2017-16399", "CVE-2017-16400", "CVE-2017-16401", "CVE-2017-16402", "CVE-2017-16403", "CVE-2017-16404", "CVE-2017-16405", "CVE-2017-16406", "CVE-2017-16407", "CVE-2017-16408", "CVE-2017-16409", "CVE-2017-16410", "CVE-2017-16411", "CVE-2017-16412", "CVE-2017-16413", "CVE-2017-16414", "CVE-2017-16415", "CVE-2017-16416", "CVE-2017-16417", "CVE-2017-16418", "CVE-2017-16419", "CVE-2017-16420"], "modified": "2017-11-14T00:00:00", "id": "APSB17-36", "href": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2022-03-27T16:09:47", "description": "The version of Adobe Reader installed on the remote Windows host is a version prior to 11.0.23, 2015.006.30392, 2017.011.30068, or 2018.009.20044. It is, therefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-11-16T00:00:00", "type": "nessus", "title": "Adobe Reader < 11.0.23 / 2015.006.30392 / 2017.011.30068 / 2018.009.20044 Multiple Vulnerabilities (APSB17-36)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11240", "CVE-2017-11250", "CVE-2017-11293", "CVE-2017-11306", "CVE-2017-11307", "CVE-2017-11308", "CVE-2017-16360", "CVE-2017-16361", "CVE-2017-16362", "CVE-2017-16363", "CVE-2017-16364", "CVE-2017-16365", "CVE-2017-16366", "CVE-2017-16367", "CVE-2017-16368", "CVE-2017-16369", "CVE-2017-16370", "CVE-2017-16371", "CVE-2017-16372", "CVE-2017-16373", "CVE-2017-16374", "CVE-2017-16375", "CVE-2017-16376", "CVE-2017-16377", "CVE-2017-16378", "CVE-2017-16379", "CVE-2017-16380", "CVE-2017-16381", "CVE-2017-16382", "CVE-2017-16383", "CVE-2017-16384", "CVE-2017-16385", "CVE-2017-16386", "CVE-2017-16387", "CVE-2017-16388", "CVE-2017-16389", "CVE-2017-16390", "CVE-2017-16391", "CVE-2017-16392", "CVE-2017-16393", "CVE-2017-16394", "CVE-2017-16395", "CVE-2017-16396", "CVE-2017-16397", "CVE-2017-16398", "CVE-2017-16399", "CVE-2017-16400", "CVE-2017-16401", "CVE-2017-16402", "CVE-2017-16403", "CVE-2017-16404", "CVE-2017-16405", "CVE-2017-16406", "CVE-2017-16407", "CVE-2017-16408", "CVE-2017-16409", "CVE-2017-16410", "CVE-2017-16411", "CVE-2017-16412", "CVE-2017-16413", "CVE-2017-16414", "CVE-2017-16415", "CVE-2017-16416", "CVE-2017-16417", "CVE-2017-16418", "CVE-2017-16419", "CVE-2017-16420"], "modified": "2021-11-18T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "ADOBE_READER_APSB17-36.NASL", "href": "https://www.tenable.com/plugins/nessus/104627", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104627);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/18\");\n\n script_cve_id(\n \"CVE-2017-11240\",\n \"CVE-2017-11250\",\n \"CVE-2017-11293\",\n \"CVE-2017-11306\",\n \"CVE-2017-11307\",\n \"CVE-2017-11308\",\n \"CVE-2017-16360\",\n \"CVE-2017-16361\",\n \"CVE-2017-16362\",\n \"CVE-2017-16363\",\n \"CVE-2017-16364\",\n \"CVE-2017-16365\",\n \"CVE-2017-16366\",\n \"CVE-2017-16367\",\n \"CVE-2017-16368\",\n \"CVE-2017-16369\",\n \"CVE-2017-16370\",\n \"CVE-2017-16371\",\n \"CVE-2017-16372\",\n \"CVE-2017-16373\",\n \"CVE-2017-16374\",\n \"CVE-2017-16375\",\n \"CVE-2017-16376\",\n \"CVE-2017-16377\",\n \"CVE-2017-16378\",\n \"CVE-2017-16379\",\n \"CVE-2017-16380\",\n \"CVE-2017-16381\",\n \"CVE-2017-16382\",\n \"CVE-2017-16383\",\n \"CVE-2017-16384\",\n \"CVE-2017-16385\",\n \"CVE-2017-16386\",\n \"CVE-2017-16387\",\n \"CVE-2017-16388\",\n \"CVE-2017-16389\",\n \"CVE-2017-16390\",\n \"CVE-2017-16391\",\n \"CVE-2017-16392\",\n \"CVE-2017-16393\",\n \"CVE-2017-16394\",\n \"CVE-2017-16395\",\n \"CVE-2017-16396\",\n \"CVE-2017-16397\",\n \"CVE-2017-16398\",\n \"CVE-2017-16399\",\n \"CVE-2017-16400\",\n \"CVE-2017-16401\",\n \"CVE-2017-16402\",\n \"CVE-2017-16403\",\n \"CVE-2017-16404\",\n \"CVE-2017-16405\",\n \"CVE-2017-16406\",\n \"CVE-2017-16407\",\n \"CVE-2017-16408\",\n \"CVE-2017-16409\",\n \"CVE-2017-16410\",\n \"CVE-2017-16411\",\n \"CVE-2017-16412\",\n \"CVE-2017-16413\",\n \"CVE-2017-16414\",\n \"CVE-2017-16415\",\n \"CVE-2017-16416\",\n \"CVE-2017-16417\",\n \"CVE-2017-16418\",\n \"CVE-2017-16419\",\n \"CVE-2017-16420\"\n );\n script_bugtraq_id(\n 101812,\n 101813,\n 101814,\n 101815,\n 101816,\n 101817,\n 101818,\n 101819,\n 101820,\n 101821,\n 101823,\n 101824,\n 101830,\n 101831\n );\n\n script_name(english:\"Adobe Reader < 11.0.23 / 2015.006.30392 / 2017.011.30068 / 2018.009.20044 Multiple Vulnerabilities (APSB17-36)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote Windows host is a\nversion prior to 11.0.23, 2015.006.30392, 2017.011.30068,\nor 2018.009.20044. It is, therefore, affected by multiple\nvulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-36.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader 11.0.23 / 2015.006.30392 / 2017.011.30068\n/ 2018.009.20044 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11293\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_reader_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::adobe_reader::get_app_info();\nconstraints = [\n { \"min_version\" : \"11.0\", \"fixed_version\" : \"11.0.23\" },\n { \"min_version\" : \"15.6\", \"max_version\" : \"15.6.30355\", \"fixed_version\" : \"15.6.30392\" },\n { \"min_version\" : \"17.8\", \"max_version\" : \"17.11.30066\", \"fixed_version\" : \"17.11.30068\" },\n { \"min_version\" : \"15.7\", \"max_version\" : \"17.12.20098\", \"fixed_version\" : \"18.9.20044\"}\n];\n# using adobe_reader namespace check_version_and_report to properly detect Continuous vs Classic, \n# and limit ver segments to 3 (18.x.y vs 18.x.y.12345) with max_segs:3\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T16:09:21", "description": "The version of Adobe Acrobat installed on the remote macOS or Mac OS X host is a version prior to 11.0.23, 2015.006.30392, 2017.011.30068, or 2018.009.20044. It is, therefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-11-17T00:00:00", "type": "nessus", "title": "Adobe Acrobat < 11.0.23 / 2015.006.30392 / 2017.011.30068 / 2018.009.20044 Multiple Vulnerabilities (APSB17-36) (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11240", "CVE-2017-11250", "CVE-2017-11293", "CVE-2017-11306", "CVE-2017-11307", "CVE-2017-11308", "CVE-2017-16360", "CVE-2017-16361", "CVE-2017-16362", "CVE-2017-16363", "CVE-2017-16364", "CVE-2017-16365", "CVE-2017-16366", "CVE-2017-16367", "CVE-2017-16368", "CVE-2017-16369", "CVE-2017-16370", "CVE-2017-16371", "CVE-2017-16372", "CVE-2017-16373", "CVE-2017-16374", "CVE-2017-16375", "CVE-2017-16376", "CVE-2017-16377", "CVE-2017-16378", "CVE-2017-16379", "CVE-2017-16380", "CVE-2017-16381", "CVE-2017-16382", "CVE-2017-16383", "CVE-2017-16384", "CVE-2017-16385", "CVE-2017-16386", "CVE-2017-16387", "CVE-2017-16388", "CVE-2017-16389", "CVE-2017-16390", "CVE-2017-16391", "CVE-2017-16392", "CVE-2017-16393", "CVE-2017-16394", "CVE-2017-16395", "CVE-2017-16396", "CVE-2017-16397", "CVE-2017-16398", "CVE-2017-16399", "CVE-2017-16400", "CVE-2017-16401", "CVE-2017-16402", "CVE-2017-16403", "CVE-2017-16404", "CVE-2017-16405", "CVE-2017-16406", "CVE-2017-16407", "CVE-2017-16408", "CVE-2017-16409", "CVE-2017-16410", "CVE-2017-16411", "CVE-2017-16412", "CVE-2017-16413", "CVE-2017-16414", "CVE-2017-16415", "CVE-2017-16416", "CVE-2017-16417", "CVE-2017-16418", "CVE-2017-16419", "CVE-2017-16420"], "modified": "2021-11-18T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "MACOSX_ADOBE_ACROBAT_APSB17-36.NASL", "href": "https://www.tenable.com/plugins/nessus/104671", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104671);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/18\");\n\n script_cve_id(\n \"CVE-2017-11240\",\n \"CVE-2017-11250\",\n \"CVE-2017-11293\",\n \"CVE-2017-11306\",\n \"CVE-2017-11307\",\n \"CVE-2017-11308\",\n \"CVE-2017-16360\",\n \"CVE-2017-16361\",\n \"CVE-2017-16362\",\n \"CVE-2017-16363\",\n \"CVE-2017-16364\",\n \"CVE-2017-16365\",\n \"CVE-2017-16366\",\n \"CVE-2017-16367\",\n \"CVE-2017-16368\",\n \"CVE-2017-16369\",\n \"CVE-2017-16370\",\n \"CVE-2017-16371\",\n \"CVE-2017-16372\",\n \"CVE-2017-16373\",\n \"CVE-2017-16374\",\n \"CVE-2017-16375\",\n \"CVE-2017-16376\",\n \"CVE-2017-16377\",\n \"CVE-2017-16378\",\n \"CVE-2017-16379\",\n \"CVE-2017-16380\",\n \"CVE-2017-16381\",\n \"CVE-2017-16382\",\n \"CVE-2017-16383\",\n \"CVE-2017-16384\",\n \"CVE-2017-16385\",\n \"CVE-2017-16386\",\n \"CVE-2017-16387\",\n \"CVE-2017-16388\",\n \"CVE-2017-16389\",\n \"CVE-2017-16390\",\n \"CVE-2017-16391\",\n \"CVE-2017-16392\",\n \"CVE-2017-16393\",\n \"CVE-2017-16394\",\n \"CVE-2017-16395\",\n \"CVE-2017-16396\",\n \"CVE-2017-16397\",\n \"CVE-2017-16398\",\n \"CVE-2017-16399\",\n \"CVE-2017-16400\",\n \"CVE-2017-16401\",\n \"CVE-2017-16402\",\n \"CVE-2017-16403\",\n \"CVE-2017-16404\",\n \"CVE-2017-16405\",\n \"CVE-2017-16406\",\n \"CVE-2017-16407\",\n \"CVE-2017-16408\",\n \"CVE-2017-16409\",\n \"CVE-2017-16410\",\n \"CVE-2017-16411\",\n \"CVE-2017-16412\",\n \"CVE-2017-16413\",\n \"CVE-2017-16414\",\n \"CVE-2017-16415\",\n \"CVE-2017-16416\",\n \"CVE-2017-16417\",\n \"CVE-2017-16418\",\n \"CVE-2017-16419\",\n \"CVE-2017-16420\"\n );\n script_bugtraq_id(\n 101812,\n 101813,\n 101814,\n 101815,\n 101816,\n 101817,\n 101818,\n 101819,\n 101820,\n 101821,\n 101823,\n 101824,\n 101830,\n 101831\n );\n\n script_name(english:\"Adobe Acrobat < 11.0.23 / 2015.006.30392 / 2017.011.30068 / 2018.009.20044 Multiple Vulnerabilities (APSB17-36) (macOS)\");\n script_summary(english:\"Checks the version of Adobe Acrobat.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote host is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote macOS or Mac OS X\nhost is a version prior to 11.0.23, 2015.006.30392, 2017.011.30068,\nor 2018.009.20044. It is, therefore, affected by multiple\nvulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-36.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat 11.0.23 / 2015.006.30392 / 2017.011.30068\n/ 2018.009.20044 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11293\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_acrobat_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_info = vcf::get_app_info(app:\"Adobe Acrobat\");\n\n constraints = [\n { \"min_version\" : \"11\", \"fixed_version\" : \"11.0.23\" },\n { \"min_version\" : \"15.6\", \"fixed_version\" : \"15.6.30392\" },\n { \"min_version\" : \"15.7\", \"fixed_version\" : \"18.9.20044\" },\n { \"min_version\" : \"17.8\", \"fixed_version\" : \"17.11.30068\" }\n ];\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T16:10:59", "description": "The version of Adobe Acrobat installed on the remote Windows host is a version prior to 11.0.23, 2015.006.30392, 2017.011.30068, or 2018.009.20044. It is, therefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-11-16T00:00:00", "type": "nessus", "title": "Adobe Acrobat < 11.0.23 / 2015.006.30392 / 2017.011.30068 / 2018.009.20044 Multiple Vulnerabilities (APSB17-36)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11240", "CVE-2017-11250", "CVE-2017-11293", "CVE-2017-11306", "CVE-2017-11307", "CVE-2017-11308", "CVE-2017-16360", "CVE-2017-16361", "CVE-2017-16362", "CVE-2017-16363", "CVE-2017-16364", "CVE-2017-16365", "CVE-2017-16366", "CVE-2017-16367", "CVE-2017-16368", "CVE-2017-16369", "CVE-2017-16370", "CVE-2017-16371", "CVE-2017-16372", "CVE-2017-16373", "CVE-2017-16374", "CVE-2017-16375", "CVE-2017-16376", "CVE-2017-16377", "CVE-2017-16378", "CVE-2017-16379", "CVE-2017-16380", "CVE-2017-16381", "CVE-2017-16382", "CVE-2017-16383", "CVE-2017-16384", "CVE-2017-16385", "CVE-2017-16386", "CVE-2017-16387", "CVE-2017-16388", "CVE-2017-16389", "CVE-2017-16390", "CVE-2017-16391", "CVE-2017-16392", "CVE-2017-16393", "CVE-2017-16394", "CVE-2017-16395", "CVE-2017-16396", "CVE-2017-16397", "CVE-2017-16398", "CVE-2017-16399", "CVE-2017-16400", "CVE-2017-16401", "CVE-2017-16402", "CVE-2017-16403", "CVE-2017-16404", "CVE-2017-16405", "CVE-2017-16406", "CVE-2017-16407", "CVE-2017-16408", "CVE-2017-16409", "CVE-2017-16410", "CVE-2017-16411", "CVE-2017-16412", "CVE-2017-16413", "CVE-2017-16414", "CVE-2017-16415", "CVE-2017-16416", "CVE-2017-16417", "CVE-2017-16418", "CVE-2017-16419", "CVE-2017-16420"], "modified": "2021-11-18T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "ADOBE_ACROBAT_APSB17-36.NASL", "href": "https://www.tenable.com/plugins/nessus/104626", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104626);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/18\");\n\n script_cve_id(\n \"CVE-2017-11240\",\n \"CVE-2017-11250\",\n \"CVE-2017-11293\",\n \"CVE-2017-11306\",\n \"CVE-2017-11307\",\n \"CVE-2017-11308\",\n \"CVE-2017-16360\",\n \"CVE-2017-16361\",\n \"CVE-2017-16362\",\n \"CVE-2017-16363\",\n \"CVE-2017-16364\",\n \"CVE-2017-16365\",\n \"CVE-2017-16366\",\n \"CVE-2017-16367\",\n \"CVE-2017-16368\",\n \"CVE-2017-16369\",\n \"CVE-2017-16370\",\n \"CVE-2017-16371\",\n \"CVE-2017-16372\",\n \"CVE-2017-16373\",\n \"CVE-2017-16374\",\n \"CVE-2017-16375\",\n \"CVE-2017-16376\",\n \"CVE-2017-16377\",\n \"CVE-2017-16378\",\n \"CVE-2017-16379\",\n \"CVE-2017-16380\",\n \"CVE-2017-16381\",\n \"CVE-2017-16382\",\n \"CVE-2017-16383\",\n \"CVE-2017-16384\",\n \"CVE-2017-16385\",\n \"CVE-2017-16386\",\n \"CVE-2017-16387\",\n \"CVE-2017-16388\",\n \"CVE-2017-16389\",\n \"CVE-2017-16390\",\n \"CVE-2017-16391\",\n \"CVE-2017-16392\",\n \"CVE-2017-16393\",\n \"CVE-2017-16394\",\n \"CVE-2017-16395\",\n \"CVE-2017-16396\",\n \"CVE-2017-16397\",\n \"CVE-2017-16398\",\n \"CVE-2017-16399\",\n \"CVE-2017-16400\",\n \"CVE-2017-16401\",\n \"CVE-2017-16402\",\n \"CVE-2017-16403\",\n \"CVE-2017-16404\",\n \"CVE-2017-16405\",\n \"CVE-2017-16406\",\n \"CVE-2017-16407\",\n \"CVE-2017-16408\",\n \"CVE-2017-16409\",\n \"CVE-2017-16410\",\n \"CVE-2017-16411\",\n \"CVE-2017-16412\",\n \"CVE-2017-16413\",\n \"CVE-2017-16414\",\n \"CVE-2017-16415\",\n \"CVE-2017-16416\",\n \"CVE-2017-16417\",\n \"CVE-2017-16418\",\n \"CVE-2017-16419\",\n \"CVE-2017-16420\"\n );\n script_bugtraq_id(\n 101812,\n 101813,\n 101814,\n 101815,\n 101816,\n 101817,\n 101818,\n 101819,\n 101820,\n 101821,\n 101823,\n 101824,\n 101830,\n 101831\n );\n\n script_name(english:\"Adobe Acrobat < 11.0.23 / 2015.006.30392 / 2017.011.30068 / 2018.009.20044 Multiple Vulnerabilities (APSB17-36)\");\n script_summary(english:\"Checks the version of Adobe Acrobat.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is a\nversion prior to 11.0.23, 2015.006.30392, 2017.011.30068,\nor 2018.009.20044. It is, therefore, affected by multiple\nvulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-36.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader 11.0.23 / 2015.006.30392 / 2017.011.30068\n/ 2018.009.20044 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11293\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_acrobat_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::get_app_info(app:\"Adobe Acrobat\", win_local:TRUE);\nconstraints = [\n { \"min_version\" : \"11.0\", \"fixed_version\" : \"11.0.23\" },\n { \"min_version\" : \"15.6\", \"max_version\" : \"15.6.30355\", \"fixed_version\" : \"15.6.30392\" },\n { \"min_version\" : \"17.8\", \"max_version\" : \"17.11.30066\", \"fixed_version\" : \"17.11.30068\" },\n { \"min_version\" : \"15.7\", \"max_version\" : \"17.12.20098\", \"fixed_version\" : \"18.9.20044\"}\n];\n# using adobe_reader namespace check_version_and_report to properly detect Continuous vs Classic, \n# and limit ver segments to 3 (18.x.y vs 18.x.y.12345) with max_segs:3\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T16:08:36", "description": "The version of Adobe Reader installed on the remote macOS or Mac OS X host is a version prior to 11.0.23, 2015.006.30392, 2017.011.30068, or 2018.009.20044. It is, therefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-11-17T00:00:00", "type": "nessus", "title": "Adobe Reader < 11.0.23 / 2015.006.30392 / 2017.011.30068 / 2018.009.20044 Multiple Vulnerabilities (APSB17-36) (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11240", "CVE-2017-11250", "CVE-2017-11293", "CVE-2017-11306", "CVE-2017-11307", "CVE-2017-11308", "CVE-2017-16360", "CVE-2017-16361", "CVE-2017-16362", "CVE-2017-16363", "CVE-2017-16364", "CVE-2017-16365", "CVE-2017-16366", "CVE-2017-16367", "CVE-2017-16368", "CVE-2017-16369", "CVE-2017-16370", "CVE-2017-16371", "CVE-2017-16372", "CVE-2017-16373", "CVE-2017-16374", "CVE-2017-16375", "CVE-2017-16376", "CVE-2017-16377", "CVE-2017-16378", "CVE-2017-16379", "CVE-2017-16380", "CVE-2017-16381", "CVE-2017-16382", "CVE-2017-16383", "CVE-2017-16384", "CVE-2017-16385", "CVE-2017-16386", "CVE-2017-16387", "CVE-2017-16388", "CVE-2017-16389", "CVE-2017-16390", "CVE-2017-16391", "CVE-2017-16392", "CVE-2017-16393", "CVE-2017-16394", "CVE-2017-16395", "CVE-2017-16396", "CVE-2017-16397", "CVE-2017-16398", "CVE-2017-16399", "CVE-2017-16400", "CVE-2017-16401", "CVE-2017-16402", "CVE-2017-16403", "CVE-2017-16404", "CVE-2017-16405", "CVE-2017-16406", "CVE-2017-16407", "CVE-2017-16408", "CVE-2017-16409", "CVE-2017-16410", "CVE-2017-16411", "CVE-2017-16412", "CVE-2017-16413", "CVE-2017-16414", "CVE-2017-16415", "CVE-2017-16416", "CVE-2017-16417", "CVE-2017-16418", "CVE-2017-16419", "CVE-2017-16420"], "modified": "2021-11-18T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "MACOSX_ADOBE_READER_APSB17-36.NASL", "href": "https://www.tenable.com/plugins/nessus/104672", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104672);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/18\");\n\n script_cve_id(\n \"CVE-2017-11240\",\n \"CVE-2017-11250\",\n \"CVE-2017-11293\",\n \"CVE-2017-11306\",\n \"CVE-2017-11307\",\n \"CVE-2017-11308\",\n \"CVE-2017-16360\",\n \"CVE-2017-16361\",\n \"CVE-2017-16362\",\n \"CVE-2017-16363\",\n \"CVE-2017-16364\",\n \"CVE-2017-16365\",\n \"CVE-2017-16366\",\n \"CVE-2017-16367\",\n \"CVE-2017-16368\",\n \"CVE-2017-16369\",\n \"CVE-2017-16370\",\n \"CVE-2017-16371\",\n \"CVE-2017-16372\",\n \"CVE-2017-16373\",\n \"CVE-2017-16374\",\n \"CVE-2017-16375\",\n \"CVE-2017-16376\",\n \"CVE-2017-16377\",\n \"CVE-2017-16378\",\n \"CVE-2017-16379\",\n \"CVE-2017-16380\",\n \"CVE-2017-16381\",\n \"CVE-2017-16382\",\n \"CVE-2017-16383\",\n \"CVE-2017-16384\",\n \"CVE-2017-16385\",\n \"CVE-2017-16386\",\n \"CVE-2017-16387\",\n \"CVE-2017-16388\",\n \"CVE-2017-16389\",\n \"CVE-2017-16390\",\n \"CVE-2017-16391\",\n \"CVE-2017-16392\",\n \"CVE-2017-16393\",\n \"CVE-2017-16394\",\n \"CVE-2017-16395\",\n \"CVE-2017-16396\",\n \"CVE-2017-16397\",\n \"CVE-2017-16398\",\n \"CVE-2017-16399\",\n \"CVE-2017-16400\",\n \"CVE-2017-16401\",\n \"CVE-2017-16402\",\n \"CVE-2017-16403\",\n \"CVE-2017-16404\",\n \"CVE-2017-16405\",\n \"CVE-2017-16406\",\n \"CVE-2017-16407\",\n \"CVE-2017-16408\",\n \"CVE-2017-16409\",\n \"CVE-2017-16410\",\n \"CVE-2017-16411\",\n \"CVE-2017-16412\",\n \"CVE-2017-16413\",\n \"CVE-2017-16414\",\n \"CVE-2017-16415\",\n \"CVE-2017-16416\",\n \"CVE-2017-16417\",\n \"CVE-2017-16418\",\n \"CVE-2017-16419\",\n \"CVE-2017-16420\"\n );\n script_bugtraq_id(\n 101812,\n 101813,\n 101814,\n 101815,\n 101816,\n 101817,\n 101818,\n 101819,\n 101820,\n 101821,\n 101823,\n 101824,\n 101830,\n 101831\n );\n\n script_name(english:\"Adobe Reader < 11.0.23 / 2015.006.30392 / 2017.011.30068 / 2018.009.20044 Multiple Vulnerabilities (APSB17-36) (macOS)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote host is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote macOS or Mac OS X\nhost is a version prior to 11.0.23, 2015.006.30392, 2017.011.30068,\nor 2018.009.20044. It is, therefore, affected by multiple\nvulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-36.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader 11.0.23 / 2015.006.30392 / 2017.011.30068\n/ 2018.009.20044 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11293\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_reader_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_info = vcf::get_app_info(app:\"Adobe Reader\");\nbase_dir = app_info['path'] - \"/Applications\";\ntrack = get_kb_item(\"MacOSX/Adobe_Reader\"+base_dir+\"/Track\");\n\nif (!isnull(track) && track == '2017')\n{\n constraints = [\n { \"min_version\" : \"17.8\", \"fixed_version\" : \"17.11.30068\" }\n ];\n\n}\nelse\n{\n constraints = [\n { \"min_version\" : \"11\", \"fixed_version\" : \"11.0.23\" },\n { \"min_version\" : \"15.6\", \"fixed_version\" : \"15.6.30392\" },\n { \"min_version\" : \"15.7\", \"fixed_version\" : \"18.9.20044\" }\n ];\n}\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "trendmicroblog": [{"lastseen": "2017-11-26T20:03:00", "description": "\n\nIt\u2019s that time of year again, when many will gather with their families, eat way too much, and catch those crazy Black Friday sales. I\u2019ve been seeing \u201cBlack Friday\u201d sales for almost two weeks now. Cyber Monday, which falls on the Monday after the U.S. Thanksgiving holiday, is probably going to be coupled with news of increased identity theft incidents.\n\nI\u2019ve said it before and I\u2019ll say it again: if you choose to skip Black Friday and wait for Cyber Monday, be on the lookout for great deals you learn about via email or social media (don\u2019t click the links!). Don\u2019t use free public Wi-Fi to make purchases; and make sure sites you visit are secure (HTTPS) and have a valid encryption certificate. If you\u2019re using your mobile phone, make sure you download apps from official app marketplaces or use a retailer\u2019s actual URL. I hope you all have a safe and Happy Thanksgiving!\n\n**Adobe Security Update**\n\nThis week\u2019s Digital Vaccine\u00ae (DV) package includes coverage for Adobe updates released on or before November 14, 2017. The following table maps Digital Vaccine filters to the Adobe updates. Filters marked with an asterisk (*) shipped prior to this DV package, providing preemptive zero-day protection for customers. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [November 2017 Security Update Review](<https://www.zerodayinitiative.com/blog/2017/11/14/the-november-2017-security-update-review>) from the Zero Day Initiative:\n\n**Bulletin #** | **CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|---|--- \nAPSB17-36 | CVE-2017-16360 | 29994 | \nAPSB17-36 | CVE-2017-16361 | 29999 | \nAPSB17-36 | CVE-2017-16362 | 30030 | \nAPSB17-36 | CVE-2017-16363 | 30023 | \nAPSB17-36 | CVE-2017-16364 | 30006 | \nAPSB17-36 | CVE-2017-16365 | 30027 | \nAPSB17-36 | CVE-2017-16366 | 30019 | \nAPSB17-36 | CVE-2017-16367 | 30014 | \nAPSB17-36 | CVE-2017-16368 | 30015 | \nAPSB17-36 | CVE-2017-16369 | *28924 | \nAPSB17-36 | CVE-2017-16370 | 29996 | \nAPSB17-36 | CVE-2017-16371 | 30001 | \nAPSB17-36 | CVE-2017-16372 | 30004 | \nAPSB17-36 | CVE-2017-16373 | 30039 | \nAPSB17-36 | CVE-2017-16374 | 30044 | \nAPSB17-36 | CVE-2017-16375 | 30043 | \nAPSB17-36 | CVE-2017-16376 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nAPSB17-36 | CVE-2017-16377 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nAPSB17-36 | CVE-2017-16378 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nAPSB17-36 | CVE-2017-16379 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nAPSB17-36 | CVE-2017-16380 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nAPSB17-36 | CVE-2017-16381 | *29639 | \nAPSB17-36 | CVE-2017-16382 | *29638 | \nAPSB17-36 | CVE-2017-16383 | *29637 | \nAPSB17-36 | CVE-2017-16384 | *29636 | \nAPSB17-36 | CVE-2017-16385 | *29635 | \nAPSB17-36 | CVE-2017-16386 | *29584 | \nAPSB17-36 | CVE-2017-16387 | *29484 | \nAPSB17-36 | CVE-2017-16388 | 30040 | \nAPSB17-36 | CVE-2017-16389 | 30041 | \nAPSB17-36 | CVE-2017-16390 | 29998 | \nAPSB17-36 | CVE-2017-16391 | 30003 | \nAPSB17-36 | CVE-2017-16392 | 30002 | \nAPSB17-36 | CVE-2017-16393 | 30005 | \nAPSB17-36 | CVE-2017-16394 | 30035 | \nAPSB17-36 | CVE-2017-16395 | 30037 | \nAPSB17-36 | CVE-2017-16396 | 30032 | \nAPSB17-36 | CVE-2017-16397 | 30000 | \nAPSB17-36 | CVE-2017-16398 | 29995 | \nAPSB17-36 | CVE-2017-16399 | 29997 | \nAPSB17-36 | CVE-2017-16400 | *29852 | \nAPSB17-36 | CVE-2017-16401 | *29851 | \nAPSB17-36 | CVE-2017-16402 | *29853 | \nAPSB17-36 | CVE-2017-16403 | *29833 | \nAPSB17-36 | CVE-2017-16404 | *29850 | \nAPSB17-36 | CVE-2017-16405 | 30038 | \nAPSB17-36 | CVE-2017-16406 | 30042 | \nAPSB17-36 | CVE-2017-16407 | 30045 | \nAPSB17-36 | CVE-2017-16408 | 30034 | \nAPSB17-36 | CVE-2017-16409 | 30036 | \nAPSB17-36 | CVE-2017-16410 | 30024 | \nAPSB17-36 | CVE-2017-16411 | 30021 | \nAPSB17-36 | CVE-2017-16412 | 30020 | \nAPSB17-36 | CVE-2017-16413 | 30018 | \nAPSB17-36 | CVE-2017-16414 | 30016 | \nAPSB17-36 | CVE-2017-16415 | 30025 | \nAPSB17-36 | CVE-2017-16416 | 30007 | \nAPSB17-36 | CVE-2017-16417 | 30013 | \nAPSB17-36 | CVE-2017-16418 | 30017 | \nAPSB17-36 | CVE-2017-16419 | 30022 | \nAPSB17-36 | CVE-2017-16420 | 30026 | \nAPSB17-36 | CVE-2017-11293 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nAPSB17-33 | CVE-2017-3112 | 30008 | \nAPSB17-33 | CVE-2017-3114 | 30009 | \nAPSB17-33 | CVE-2017-11213 | 30010 | \nAPSB17-33 | CVE-2017-11215 | 30011 | \nAPSB17-33 | CVE-2017-11225 | 30012 | \n \n \n\n**Zero-Day Filters**\n\nThere are no new zero-day filters in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website. You can also follow the Zero Day Initiative on Twitter [@thezdi](<https://twitter.com/thezdi>) and on their [blog](<https://www.zerodayinitiative.com/blog>).\n\n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-november-13-2017/>).", "cvss3": {}, "published": "2017-11-22T14:10:15", "type": "trendmicroblog", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of November 20, 2017", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2017-11213", "CVE-2017-11215", "CVE-2017-11225", "CVE-2017-11293", "CVE-2017-16360", "CVE-2017-16361", "CVE-2017-16362", "CVE-2017-16363", "CVE-2017-16364", "CVE-2017-16365", "CVE-2017-16366", "CVE-2017-16367", "CVE-2017-16368", "CVE-2017-16369", "CVE-2017-16370", "CVE-2017-16371", "CVE-2017-16372", "CVE-2017-16373", "CVE-2017-16374", "CVE-2017-16375", "CVE-2017-16376", "CVE-2017-16377", "CVE-2017-16378", "CVE-2017-16379", "CVE-2017-16380", "CVE-2017-16381", "CVE-2017-16382", "CVE-2017-16383", "CVE-2017-16384", "CVE-2017-16385", "CVE-2017-16386", "CVE-2017-16387", "CVE-2017-16388", "CVE-2017-16389", "CVE-2017-16390", "CVE-2017-16391", "CVE-2017-16392", "CVE-2017-16393", "CVE-2017-16394", "CVE-2017-16395", "CVE-2017-16396", "CVE-2017-16397", "CVE-2017-16398", "CVE-2017-16399", "CVE-2017-16400", "CVE-2017-16401", "CVE-2017-16402", "CVE-2017-16403", "CVE-2017-16404", "CVE-2017-16405", "CVE-2017-16406", "CVE-2017-16407", "CVE-2017-16408", "CVE-2017-16409", "CVE-2017-16410", "CVE-2017-16411", "CVE-2017-16412", "CVE-2017-16413", "CVE-2017-16414", "CVE-2017-16415", "CVE-2017-16416", "CVE-2017-16417", "CVE-2017-16418", "CVE-2017-16419", "CVE-2017-16420", "CVE-2017-3112", "CVE-2017-3114"], "modified": "2017-11-22T14:10:15", "id": "TRENDMICROBLOG:A301F14EC6B3344991D5A39F51329164", "href": "https://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-november-20-2017/", "cvss": {"score": 0.0, "vector": "NONE"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T11:32:13", "description": "A out-of-bounds write vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an out of range pointer offset that is used to access sub-elements of an internal data structure. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file. Successful exploitation could result in arbitrary code execution or sensitive data corruption.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Out-of-bounds Write (APSB17-36: CVE-2017-16415)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16415"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0963", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:15", "description": "A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Use After Free (APSB17-36: CVE-2017-16390)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16390"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0955", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:30", "description": "A buffer over-read vulnerability exists in Adobe Acrobat and Reader. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file. Successful exploitation would expose sensitive data from the target.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Buffer Over-read (APSB17-36: CVE-2017-16365)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16365"], "modified": "2017-12-14T00:00:00", "id": "CPAI-2017-0990", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:56", "description": "A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Use After Free (APSB17-36: CVE-2017-16360)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16360"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0931", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:16", "description": "A Security Bypass vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted FDF/XFDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Security Bypass (APSB17-36: CVE-2017-16361)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16361"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0940", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-17T11:32:50", "description": "An out-of-bounds read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to computation that reads data that is past the end of the target buffer. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted HTML file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16408)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16408"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0974", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:50", "description": "A memory access vulnerability exists in Adobe Acrobat and Reader. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file. Successful exploitation would expose sensitive data from the target.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Untrusted Pointer Dereference (APSB17-36: CVE-2017-16373)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16373"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0985", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:31:00", "description": "An integer overflow vulnerability exists in ImageConversion component of Adobe Acrobat. The vulnerability is due to improper parsing of EMF+ records in an EMF file, which leads to incorrect buffer allocation. A remote attacker could exploit this vulnerability by enticing a target user into opening a crafted EMF document.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-02-05T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat ImageConversion EMF Integer Overflow (CVE-2017-11308)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11308"], "modified": "2018-02-07T00:00:00", "id": "CPAI-2018-0059", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:56", "description": "A memory access vulnerability exists in Adobe Acrobat and Reader. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file. Successful exploitation would expose sensitive data from the target.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Untrusted Pointer Dereference (APSB17-36: CVE-2017-16372)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16372"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0983", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:47", "description": "A Security Bypass vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to the way Adobe Reader handles certain API functions, that could lead to bypass restrictions. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Security Bypass (APSB17-36: CVE-2017-16380)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16380"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0956", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:31:43", "description": "An Out-of-bounds read vulnerability exists in Adobe Reader. The vulnerability is due to an error in Adobe Reader while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16397)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16397"], "modified": "2018-05-29T00:00:00", "id": "CPAI-2017-0960", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:48", "description": "An out-of-bounds read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to computation that reads data that is past the end of the target buffer. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted PDF document.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Use After Free (APSB17-36: CVE-2017-16398)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16398"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0962", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:51", "description": "A type confusion overflow vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to crafted PDF file which causes the program to access an object using an incompatible type when handling malformed content stream. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Type Confusion (APSB17-36: CVE-2017-16367)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16367"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0984", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:53", "description": "A memory access vulnerability exists in Adobe Acrobat and Reader. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file. Successful exploitation would expose sensitive data from the target.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Untrusted Pointer Dereference (APSB17-36: CVE-2017-16371)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16371"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0947", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:57", "description": "A buffer over-read vulnerability exists in the JPEG 2000 module. The vulnerability is due to an invalid JPEG 2000 input code stream leading to an invalid memory buffer location. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Buffer Over-read (APSB17-36: CVE-2017-16374)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16374"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0933", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:31:42", "description": "A out-of-bounds write vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an out of range pointer offset that is used to access sub-elements of an internal data structure. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted EMF+ file. Successful exploitation could result in arbitrary code execution or sensitive data corruption.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Out-of-bounds Write (APSB17-36: CVE-2017-16416)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16416"], "modified": "2018-05-29T00:00:00", "id": "CPAI-2017-0979", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:31:45", "description": "A Out-of-bounds Read vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to the computation that writes data past the end of the intended buffer. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16404)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16404"], "modified": "2018-05-28T00:00:00", "id": "CPAI-2017-0958", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:22", "description": "An buffer over-read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to lack of bounds checking when handling specially crafted JEPG file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Buffer Over-read (APSB17-36: CVE-2017-16387)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16387"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0965", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:56", "description": "A Security bypass vulnerability exists in Adobe Acrobat and Reader. The vulnerability is in the way Internet Explorer handles embedded pdf files. A remote attacker can exploit this issue by enticing a target user to open a specially crafted file.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Security Bypass (APSB17-36: CVE-2017-16366)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16366"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0992", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-17T11:32:16", "description": "An out-of-bounds read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to computation that reads data that is past the end of the target buffer. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted PDF document.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16414)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16414"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0969", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:33:01", "description": "A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Use After Free (APSB17-36: CVE-2017-16389)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16389"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0959", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:53", "description": "An out-of-bounds read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to computation that reads data that is past the end of the target buffer. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted PDF document.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16400)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16400"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0964", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:19", "description": "A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Use After Free (APSB17-36: CVE-2017-16388)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16388"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0952", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:25", "description": "An Out-of-bounds Read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to how the image conversion engine processes Enhanced Metafile Format (EMF). A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted EMF file with Adobe Acrobat and Reader.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16401)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16401"], "modified": "2017-12-24T00:00:00", "id": "CPAI-2017-0975", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:30", "description": "A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16362)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16362"], "modified": "2017-12-13T00:00:00", "id": "CPAI-2017-0945", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T15:42:49", "description": "A buffer over-read vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to a buffer over-read in the module that handles character codes. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Buffer Over-read (APSB17-36: CVE-2017-16363)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16363"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0942", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:47", "description": "A memory access vulnerability exists in Adobe Acrobat and Reader. A remote attacker can exploit this issue by enticing a target user to open a specially crafted HTML file. Successful exploitation would expose sensitive data from the target.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Untrusted Pointer Dereference (APSB17-36: CVE-2017-16411)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16411"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0972", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T15:42:49", "description": "A buffer over-read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to lack of bounds checking when XPS2PDF conversion engine handling specially crafted JEPG file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted XPS file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Buffer Over-read (APSB17-36: CVE-2017-16386)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16386"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0951", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:53", "description": "An out-of-bounds read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to computation that reads data that is past the end of the target buffer. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted PDF document.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16370)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16370"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0930", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:30", "description": "A out-of-bounds write vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an out of range pointer offset that is used to access internal data structure. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file. Successful exploitation could result in sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16417)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16417"], "modified": "2017-12-14T00:00:00", "id": "CPAI-2017-0978", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:47", "description": "An Out-of-bounds vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to the way of processing fpage files embedded within XPS document. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted XPS document.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16399)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16399"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0977", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:47", "description": "A memory corruption vulnerability exists in Adobe Acrobat And Reader. The vulnerability is due to an error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. A remote attacker may exploit this vulnerability by using the out of bounds access for unintended reads, writes or frees potentially leading to code corruption, control-flow hijack, or information leak attack.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16409)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16409"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0973", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:50", "description": "A buffer over-read vulnerability exists in the exif processing module for a PNG file (during XPS conversion). The vulnerability is due to an invalid input leads to an incorrect memory buffer location. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Buffer Over-read (APSB17-36: CVE-2017-16384)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16384"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0937", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T15:42:54", "description": "A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted Gif file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Improper Validation of Array Index (APSB17-36: CVE-2017-16410)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16410"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0938", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:19", "description": "A security bypass vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a specially crafted HTML file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted HTML file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Security Bypass (APSB17-36: CVE-2017-16369)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16369"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0980", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-17T11:31:47", "description": "A memory corruption vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to the way of processing TIFF files embedded within XPS document. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted XPS document.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Buffer Access with Incorrect Length Value (APSB17-36: CVE-2017-16381)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16381"], "modified": "2018-03-04T00:00:00", "id": "CPAI-2017-0934", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T15:42:50", "description": "A buffer access vulnerability exists in Adobe Reader and Acrobat. The vulnerability is is caused by a buffer access with incorrect length value in TIFF parsing during XPS conversion. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted TIFF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Buffer Access with Incorrect Length Value (APSB17-36: CVE-2017-16385)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16385"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0944", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:13", "description": "A type confusion overflow vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to how Adobe Acrobat and Reader processes EMF files. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted EMF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Type Confusion (APSB17-36: CVE-2017-16406)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16406"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0976", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:23", "description": "A memory access vulnerability exists in Adobe Acrobat and Reader. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file. Successful exploitation would expose sensitive data from the target.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Untrusted Pointer Dereference (APSB17-36: CVE-2017-16364)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16364"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0981", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:12", "description": "An out-of-bounds write vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to the computation that writes data past the end of the intended buffer that is part of EMF handling of EMR_BITBLT record. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Out-of-bounds Write (APSB17-36: CVE-2017-16407)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16407"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0991", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:53", "description": "A stack buffer overflow vulnerability exists in Adobe Reader and Acrobat. This vulnerability is due to improper handling of unicode strings. Successful exploitation could lead to arbitrary code execution in the target user.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Buffer Overflow / Underflow (APSB17-36: CVE-2017-16368)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16368"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0988", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:31:44", "description": "A heap buffer overflow vulnerability exists in Adobe Reader. The vulnerability is due to an error in Adobe Reader while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Heap Overflow (APSB17-36: CVE-2017-16383)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16383"], "modified": "2018-05-28T00:00:00", "id": "CPAI-2017-0941", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T15:42:54", "description": "An Out-of-bounds Read vulnerability exists in Adobe Reader and Acrobat. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer. A successful attack can lead to sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16405)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16405"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0966", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:23", "description": "An out-of-bounds read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to improper validation of embedded TIFF images in a XPS file. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted webpage or a maliciously crafted XPS file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16382)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16382"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0935", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:13", "description": "An out-of-bounds read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to computation that reads data that is past the end of the target buffer. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted HTML document.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16394)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16394"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0954", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:19", "description": "An out-of-bounds read vulnerability exists in the XPS component of Adobe Acrobat. The vulnerability is due to improper handling of embedded JPEG images in an XPS document. A remote attacker could exploit this vulnerability by enticing a target user into opening a crafted XPS document.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16412)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16412"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0971", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T15:42:50", "description": "A memory access vulnerability exists in Adobe Acrobat and Reader. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file. Successful exploitation would expose sensitive data from the target.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Untrusted Pointer Dereference (APSB17-36: CVE-2017-16375)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16375"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0982", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:18", "description": "A out-of-bounds read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an out of range pointer offset that is used to access internal data structure. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file. Successful exploitation could result in sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16420)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16420"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0995", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:21", "description": "A stack exhaustion vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to incorrect control of the amount of recursion that can happen. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file. Successful exploitation could result in excessive resource consumption.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader StackExhaustion (APSB17-36: CVE-2017-16419)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16419"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0993", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-17T11:31:47", "description": "A out-of-bounds read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an out of range pointer offset that is used to access internal data structure. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted XML/XPS file. Successful exploitation could result in sensitive data Exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16418)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16418"], "modified": "2018-03-04T00:00:00", "id": "CPAI-2017-0994", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:19", "description": "An out-of-bounds read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to computation that reads data that is past the end of the target buffer. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted EMF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16403)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16403"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0968", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:18", "description": "A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while calculate an array index. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Improper Validation of Array Index (APSB17-36: CVE-2017-16391)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16391"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0989", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:14", "description": "A remote code execution vulnerability exists in Adobe Reader. The vulnerability is due to a use-after-free error in Adobe Reader while handling a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF file with an affected version of Adobe Reader.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Use After Free (APSB17-36: CVE-2017-16393)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16393"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0948", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:31:55", "description": "A buffer access with incorrect length value vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to a buffer access with incorrect length value in the JPEG processing module. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted JPEG file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Buffer Access with Incorrect Length Value (APSB17-36: CVE-2017-16392)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16392"], "modified": "2018-01-11T00:00:00", "id": "CPAI-2017-0967", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:16", "description": "An out-of-bounds read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to computation that reads data that is past the end of the target buffer. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted PDF document.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16402)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16402"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0961", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:31:59", "description": "A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to out-of-bounds error while accessing unintended memory in a specially crafted TIFF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted TIFF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Out-of-bounds Write (APSB17-36: CVE-2017-16413)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16413"], "modified": "2018-01-03T00:00:00", "id": "CPAI-2017-0970", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:37", "description": "An buffer overflow vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to a buffer access with incorrect length value in the TIFF processing module. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted TIFF document.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Buffer Access with Incorrect Length Value (APSB17-36: CVE-2017-16396)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16396"], "modified": "2017-12-12T00:00:00", "id": "CPAI-2017-0932", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:16", "description": "A buffer overflow vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to a buffer access with incorrect length value in the image conversion module. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted EMF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Buffer Access with Incorrect Length Value (APSB17-36: CVE-2017-16395)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16395"], "modified": "2017-11-14T00:00:00", "id": "CPAI-2017-0957", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T14:40:21", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine API. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16390", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16390"], "modified": "2017-12-15T15:12:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16390", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16390", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:39:56", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion overflow vulnerability in the graphics rendering engine.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16379", "cwe": ["CWE-704"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16379"], "modified": "2017-12-15T13:56:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16379", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16379", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:41:32", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is a part of the functionality that handles font encodings. The vulnerability is a result of out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16415", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16415"], "modified": "2017-12-15T18:05:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16415", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16415", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:39:26", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the True Type2 Font parsing module. A corrupted cmap table input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16365", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16365"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16365", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16365", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:39:17", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability when handling XFDF files.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16361", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16361"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16361", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16361", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:39:17", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the MakeAccessible plugin, when creating an internal data structure. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16360", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16360"], "modified": "2017-12-15T13:36:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16360", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16360", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:39:45", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference. In this scenario, the input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16373", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16373"], "modified": "2017-12-15T15:16:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16373", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16373", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:41:08", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the WebCapture module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16408", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16408"], "modified": "2017-12-15T15:34:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16408", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16408", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:33:07", "description": "Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-05-19T17:29:00", "type": "cve", "title": "CVE-2017-11308", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11308"], "modified": "2021-09-08T17:21:00", "cpe": ["cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat_reader:11.0.22"], "id": "CVE-2017-11308", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11308", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:39:59", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability for a certain file-type extension. Acrobat maintains both a blacklist and whitelist (the user can specify an allowed attachment). However, any file extensions that are neither on the blacklist nor the whitelist can still be opened after displaying a warning prompt.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16380", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16380"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16380", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16380", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:39:41", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to untrusted pointer dereference in the JavaScript API engine. In this scenario, the JavaScript input is crafted in way that the computation results with pointer to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result with sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16372", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16372"], "modified": "2017-12-15T14:52:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16372", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16372", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:32:51", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-11293", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11293"], "modified": "2017-12-22T19:56:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-11293", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11293", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:39:30", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion overflow vulnerability. The vulnerability leads to an out of bounds memory access. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads or writes -- potentially leading to code corruption, control-flow hijack, or an information leak attack.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16367", "cwe": ["CWE-704"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16367"], "modified": "2017-12-14T18:52:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16367", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16367", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:40:38", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16398", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16398"], "modified": "2017-12-15T15:25:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16398", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16398", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:40:35", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of Enhanced Metafile Format (EMF) processing within the image conversion module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16397", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16397"], "modified": "2017-12-15T15:25:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16397", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16397", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:39:45", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the JPEG 2000 module. An invalid JPEG 2000 input code stream leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16374", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16374"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16374", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16374", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:39:41", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the JavaScript engine. In this scenario, the input is crafted in a way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16371", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16371"], "modified": "2017-12-15T14:52:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16371", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16371", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:39:28", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability in the AcroPDF plugin.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16366", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16366"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16366", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16366", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:40:15", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access. Successful exploitation could lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16389", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16389"], "modified": "2017-12-15T14:09:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16389", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16389", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:40:15", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16388", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16388"], "modified": "2017-12-15T14:09:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16388", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16388", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:40:12", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the JPEG2000 codec. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16387", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16387"], "modified": "2017-12-15T14:50:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16387", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16387", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:39:53", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not been initialized in the main DLL. In this case, a computation defines a read from an unexpected memory location. Therefore, an attacker might be able to read sensitive portions of memory.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16377", "cwe": ["CWE-824"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16377"], "modified": "2017-12-15T14:53:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16377", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16377", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:41:26", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16416", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16416"], "modified": "2017-12-15T18:05:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16416", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16416", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:41:22", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the JavaScript API module responsible for form field computation. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16414", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16414"], "modified": "2017-12-15T18:06:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16414", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16414", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:40:57", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of processing Enhanced Metafile Format Plus (EMF+). The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16404", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16404"], "modified": "2017-12-15T15:40:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16404", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16404", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:40:44", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the JPEG 2000 parser. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16400", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16400"], "modified": "2017-12-15T15:31:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16400", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16400", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:39:20", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the module that handles character codes for certain textual representations. Invalid input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16363", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16363"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16363", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16363", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:39:19", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of an out of bounds read vulnerability in the MakeAccesible plugin, when handling font data. It causes an out of bounds memory access, which sometimes triggers an access violation exception. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16362", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16362"], "modified": "2017-12-14T18:56:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16362", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16362", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:40:10", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the XPS2PDF conversion engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16386", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16386"], "modified": "2017-12-15T14:49:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16386", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16386", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:41:14", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the WebCapture module, related to an internal hash table implementation. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16411", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16411"], "modified": "2017-12-15T16:12:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16411", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16411", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:40:47", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of an image conversion, specifically in Enhanced Metafile Format Plus (EMF +) processing modules. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16401", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16401"], "modified": "2017-12-15T15:31:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16401", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16401", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:31:48", "description": "Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-05-19T17:29:00", "type": "cve", "title": "CVE-2017-11240", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11240"], "modified": "2021-09-08T17:21:00", "cpe": ["cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat_reader:11.0.22"], "id": "CVE-2017-11240", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11240", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:33:05", "description": "Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-05-19T17:29:00", "type": "cve", "title": "CVE-2017-11306", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11306"], "modified": "2021-09-08T17:21:00", "cpe": ["cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat_reader:11.0.22"], "id": "CVE-2017-11306", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11306", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:39:37", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs because of a computation that reads data that is past the end of the target buffer; the computation is a part of the JavaScript engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16370", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16370"], "modified": "2017-12-15T14:51:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16370", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16370", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:39:35", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a Same Origin Policy security bypass vulnerability, affecting files on the local system, etc.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16369", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16369"], "modified": "2017-12-15T14:51:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16369", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16369", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:40:05", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the exif processing module for a PNG file (during XPS conversion). Invalid input leads to a computation where pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16384", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16384"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16384", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16384", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:41:29", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the font parsing module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16417", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16417"], "modified": "2017-12-15T16:17:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16417", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16417", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:41:11", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a result of untrusted input that is used to calculate an array index; the calculation occurs in the image conversion module, when processing GIF files. The vulnerability leads to an operation that can write to a memory location that is outside of the memory addresses allocated for the data structure. The specific scenario leads to a write access to a memory location that does not belong to the relevant process address space.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16410", "cwe": ["CWE-129"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16410"], "modified": "2017-12-15T18:06:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16410", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16410", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:41:11", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the Adobe graphics module responsible for displaying textual data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16409", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16409"], "modified": "2017-12-15T15:34:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16409", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16409", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:40:41", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the XPS parsing module. In this scenario, the input is crafted in a way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16399", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16399"], "modified": "2017-12-15T15:30:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16399", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16399", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:40:07", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in TIFF parsing during XPS conversion. Crafted TIFF image input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16385", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16385"], "modified": "2017-12-15T14:09:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16385", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16385", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:40:01", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value when processing TIFF files embedded within an XPS document. Crafted TIFF image input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16381", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16381"], "modified": "2017-12-15T13:57:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16381", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16381", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:41:05", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion vulnerability in the EMF processing module. The issue causes the program to access an object using an incompatible type, leading to an out of bounds memory access. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees -- potentially leading to code corruption, control-flow hijack, or information leak attack.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16406", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16406"], "modified": "2017-12-15T18:06:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16406", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16406", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:39:26", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference when handling number format dictionary entries. In this scenario, the input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16364", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16364"], "modified": "2017-12-14T18:57:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16364", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16364", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:41:05", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of handling an EMF EMR_BITBLT record. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16407", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16407"], "modified": "2017-12-15T15:33:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16407", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16407", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:39:33", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability leads to a stack-based buffer overflow condition in the internal Unicode string manipulation module. It is triggered by an invalid PDF file, where a crafted Unicode string causes an out of bounds memory access of a stack allocated buffer, due to improper checks when manipulating an offset of a pointer to the buffer. Attackers can exploit the vulnerability and achieve arbitrary code execution if they can effectively control the accessible memory.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16368", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16368"], "modified": "2017-12-15T13:55:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16368", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16368", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:40:04", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability when processing a JPEG file embedded within an XPS document.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16383", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16383"], "modified": "2017-12-15T14:08:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16383", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16383", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:39:50", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the MakeAccessible plugin. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16376", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16376"], "modified": "2017-12-15T14:52:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16376", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16376", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:41:01", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of Acrobat's page display functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16405", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16405"], "modified": "2017-12-15T15:40:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16405", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16405", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:40:01", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16382", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16382"], "modified": "2017-12-15T14:46:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16382", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16382", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:39:54", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not been initialized; the computation occurs during internal AST thread manipulation. In this case, a computation defines a read from an unexpected memory location. Therefore, an attacker might be able to read sensitive portions of memory.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16378", "cwe": ["CWE-824"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16378"], "modified": "2017-12-15T14:54:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16378", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16378", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:40:28", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the WebCapture module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16394", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16394"], "modified": "2017-12-15T15:23:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16394", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16394", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:41:17", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs because of a computation that reads data that is past the end of the target buffer; the computation is part of the XPS conversion module, when handling a JPEG resource. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16412", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16412"], "modified": "2017-12-15T16:15:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16412", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16412", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:39:49", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the JavaSscript API engine. In this scenario, the JavaScript input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16375", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16375"], "modified": "2017-12-15T15:12:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16375", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16375", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:41:38", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is in the part of the JavaScript engine that handles annotation abstraction. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16420", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16420"], "modified": "2017-12-14T18:44:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16420", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16420", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:41:36", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The issue is a stack exhaustion problem within the JavaScript API, where the computation does not correctly control the amount of recursion that can happen with respect to system resources.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16419", "cwe": ["CWE-674"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16419"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16419", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16419", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:41:34", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the image conversion module that handles XPS files. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16418", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16418"], "modified": "2017-12-15T16:17:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16418", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16418", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:32:00", "description": "Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-05-19T17:29:00", "type": "cve", "title": "CVE-2017-11250", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11250"], "modified": "2021-09-08T17:21:00", "cpe": ["cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat_reader:11.0.22"], "id": "CVE-2017-11250", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11250", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:40:58", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16403", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16403"], "modified": "2017-12-15T16:10:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16403", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16403", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:33:07", "description": "Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-05-19T17:29:00", "type": "cve", "title": "CVE-2017-11307", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11307"], "modified": "2021-09-08T17:21:00", "cpe": ["cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat_reader:11.0.22"], "id": "CVE-2017-11307", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11307", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:40:26", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16393", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16393"], "modified": "2017-12-15T15:21:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16393", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16393", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:40:20", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a result of untrusted input that is used to calculate an array index; the calculation occurs in the printing functionality. The vulnerability leads to an operation that can write to a memory location that is outside of the memory addresses allocated for the data structure. The specific scenario leads to a write access to a memory location that does not belong to the relevant process address space.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16391", "cwe": ["CWE-129"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16391"], "modified": "2017-12-15T15:20:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16391", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16391", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:32:03", "description": "Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-05-19T17:29:00", "type": "cve", "title": "CVE-2017-11253", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11253"], "modified": "2021-09-08T17:21:00", "cpe": ["cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat_reader:11.0.22"], "id": "CVE-2017-11253", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11253", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:40:25", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the JPEG processing module. Crafted input with an unexpected JPEG file segment size causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16392", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16392"], "modified": "2017-12-15T15:21:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16392", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16392", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:40:52", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the JPEG 2000 module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16402", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16402"], "modified": "2017-12-15T15:32:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16402", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16402", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:41:20", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of the XPS to PDF conversion module, when processing TIFF files. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16413", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16413"], "modified": "2017-12-15T16:15:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16413", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16413", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:40:38", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the TIFF processing module. Crafted input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16396", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16396"], "modified": "2017-12-15T15:23:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16396", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16396", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:40:32", "description": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the image conversion module when processing Enhanced Metafile Format (EMF). Crafted EMF input (EMR_STRETCHDIBITS) causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-09T06:29:00", "type": "cve", "title": "CVE-2017-16395", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16395"], "modified": "2017-12-15T15:23:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30355", "cpe:/a:adobe:acrobat_dc:15.006.30355", "cpe:/a:adobe:acrobat:11.0.22", "cpe:/a:adobe:acrobat:17.011.30066", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098", "cpe:/a:adobe:acrobat_reader:17.011.30066", "cpe:/a:adobe:acrobat_reader:11.0.22", "cpe:/a:adobe:acrobat_dc:17.012.20098"], "id": "CVE-2017-16395", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16395", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.011.30066:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30355:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.012.20098:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30066:*:*:*:*:*:*:*"]}], "zdi": [{"lastseen": "2022-01-31T21:26:18", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images embedded inside EMF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-03-07T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC ImageConversion EMF BMP Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11308"], "modified": "2018-03-07T00:00:00", "id": "ZDI-17-1013", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-1013/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:54:29", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMR_STRETCHDIBITS structures within EMF files. When parsing the cySrc, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-23T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC ImageConversion EMF EMR_STRETCHDIBITS cySrc Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16397"], "modified": "2018-02-23T00:00:00", "id": "ZDI-18-177", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-177/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:27:49", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images embedded inside PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "zdi", "title": "Adobe Reader DC JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16387"], "modified": "2017-11-14T00:00:00", "id": "ZDI-17-899", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-899/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:27:42", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EmfPlusObject objects in EMF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC ImageConversion EMF EmfPlusObject Heap-based Buffer Overflow Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16404"], "modified": "2017-11-14T00:00:00", "id": "ZDI-17-907", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-907/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:27:40", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ihdr structures in JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "zdi", "title": "Adobe Reader DC JPEG2000 ihdr Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16400"], "modified": "2017-11-14T00:00:00", "id": "ZDI-17-909", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-909/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:27:47", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the APP13 marker in JPEG images embedded inside XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC XPS JPEG APP13 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16386"], "modified": "2017-11-14T00:00:00", "id": "ZDI-17-902", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-902/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:26:16", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG images embedded inside EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-03-06T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC ImageConversion EMF JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11240"], "modified": "2018-03-06T00:00:00", "id": "ZDI-17-1012", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-1012/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:27:41", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMR_COMMENT records in EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC ImageConversion EMF EMR_COMMENT Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16401"], "modified": "2017-11-14T00:00:00", "id": "ZDI-17-908", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-908/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:54:15", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG images embedded inside EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-02-27T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC ImageConversion EMF JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11306"], "modified": "2018-02-27T00:00:00", "id": "ZDI-18-201", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-201/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:54:18", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMR_EXTTEXTOUTA structures within EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-27T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC ImageConversion EMF EMR_EXTTEXTOUTA Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16409"], "modified": "2018-02-27T00:00:00", "id": "ZDI-18-197", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-197/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:27:46", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the tEXT chunk in PNG images embedded inside XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC XPS PNG tEXT Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16384"], "modified": "2017-11-14T00:00:00", "id": "ZDI-17-901", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-901/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:27:24", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML to PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in bypassing the same origin policy. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-11-21T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC iframe Same Origin Policy Bypass Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16369"], "modified": "2017-11-21T00:00:00", "id": "ZDI-17-927", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-927/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-01-31T21:27:44", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PhotometricInterpretation in TIFF images embedded inside XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC XPS TIFF PhotometricInterpretation Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16385"], "modified": "2017-11-14T00:00:00", "id": "ZDI-17-904", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-904/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:27:46", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of dir chunks in TIFF images embedded inside XPS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC XPS TIFF dir Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16381"], "modified": "2017-11-14T00:00:00", "id": "ZDI-17-903", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-903/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:54:15", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMR_COMMENT structures within EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-27T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC ImageConversion EMF EMR_COMMENT Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16406"], "modified": "2018-02-27T00:00:00", "id": "ZDI-18-200", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-200/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:54:18", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images embedded inside EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-27T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC ImageConversion EMF BMP Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16407"], "modified": "2018-02-27T00:00:00", "id": "ZDI-18-198", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-198/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:54:14", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF images embedded inside EMF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-27T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC ImageConversion EMF GIF Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16407"], "modified": "2018-02-27T00:00:00", "id": "ZDI-18-202", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-202/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:54:15", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF Forms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-27T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC PDF Forms Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16368"], "modified": "2018-02-27T00:00:00", "id": "ZDI-18-203", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-203/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:27:49", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the APP2 marker in JPEG images embedded inside XPS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC XPS JPEG APP2 Parsing Heap-based Buffer Overflow Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16383"], "modified": "2017-11-14T00:00:00", "id": "ZDI-17-900", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-900/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:54:39", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG images embedded inside XPS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-12T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC ImageConversion XPS JPEG Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16383"], "modified": "2018-02-12T00:00:00", "id": "ZDI-18-157", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-157/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:27:44", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the rational data in TIFF images embedded inside XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC XPS TIFF Rational Data Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16382"], "modified": "2017-11-14T00:00:00", "id": "ZDI-17-905", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-905/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:27:15", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMR_ALPHABLEND records in EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-01-10T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC ImageConversion EMF EMR_ALPHABLEND Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11250"], "modified": "2018-01-10T00:00:00", "id": "ZDI-17-941", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-941/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:27:43", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EmfPlusDrawBeziers objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC ImageConversion EMF EmfPlusDrawBeziers Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16403"], "modified": "2017-11-14T00:00:00", "id": "ZDI-17-906", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-906/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:26:16", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF images embedded inside EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-03-06T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC ImageConversion EMF GIF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11307"], "modified": "2018-03-06T00:00:00", "id": "ZDI-17-1011", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-1011/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:54:12", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-02-27T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC ImageConversion BMP Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11253"], "modified": "2018-02-27T00:00:00", "id": "ZDI-18-217", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-217/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:54:17", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-27T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC JPEG Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16392"], "modified": "2018-02-27T00:00:00", "id": "ZDI-18-205", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-205/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:54:15", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-27T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC ImageConversion JPEG Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16392"], "modified": "2018-02-27T00:00:00", "id": "ZDI-18-204", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-204/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:27:39", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of QCC components in JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "zdi", "title": "Adobe Reader DC JPEG2000 QCC Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16402"], "modified": "2017-11-14T00:00:00", "id": "ZDI-17-910", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-910/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "talos": [{"lastseen": "2022-01-26T11:51:56", "description": "### Summary\n\nAn exploitable type confusion vulnerability exists in code responsible for parsing PDF documents with marked structure elements of Adobe Acrobat Reader DC 2017.009.20044. A specially crafted PDF file can trigger an out of bounds access on the heap potentially leading to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file or access a malicious web page.\n\n### Tested Versions\n\nAdobe Acrobat Reader DC 2017.009.20044\n\n### Product URLs\n\n<https://get.adobe.com/reader/>\n\n### CVSSv3 Score\n\n8.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n\n### CWE\n\nCWE-843: Access of Resource Using Incompatible Type (\u2018Type Confusion\u2019)\n\n### Details\n\nAdobe Acrobat Reader is the most popular and most feature-rich PDF reader. It has a big user base, is usually a default PDF reader on systems and integrates into web browsers as a plugin for rendering PDFs. As such, tricking a user into visiting a malicious web page or sending a specially crafted email attachment can be enough to trigger this vulnerability.\n\nStructured content elements are used in marked PDF documents to represent document structure which can be used when processing the document for future use. Some of these elements can influence the presentation of the content stream being rendered to the screen for accessibility, linguistic or other practical purposes.\n\nThere exists a vulnerability in a way Acrobat Reader handles malformed content streams that have marked structure content elements attached to them. Specifically, when processing a content stream which refers to a non existing font, structure element with ActualText attribute specifying a Unicode encoded soft hyphen can cause a buffer for a structure to be allocated which is then used in part of the code that expects a pointer to a different, bigger, structure leading first to out of bounds access and then further heap corruption.\n\nPart of our proof of concept PDF file for this vulnerability is as follows: 6 0 obj \u00ab /Length 6975 \u00bb stream q BT 1 0 1 1 0 1 Tm /NonexistantFont 400 Tf /P \u00ab/MCID 0 \u00bbBDC (E)Tj EMC /TT1 400 Tf /P \u00ab/MCID 1 \u00bbBDC (A)Tj EMC ET endstream endobj\n \n \n 7 0 obj\n <<\n /Subtype /TrueType\n /BaseFont /Helvetica\n /Type /Font\n >>\n endobj\n \n \n 8 0 obj\n [10 0 R \n 11 0 R ]\n endobj\n \n \n \n \n 10 0 obj\n <<\n /ActualText <FEFF00AD>\n /S /Document\n >>\n endobj\n \n \n 11 0 obj\n <<\n /K 1\n /S /Document\n /Pg 4 0 R\n >>\n endobj\n \n\nAbove, in content stream in object 6, we see a `Tf` operator, which sends font and font size, referencing a non-existent font object. Then, we see two references to `MCID` numbered elements. These stand for Marked Content ID and refer to objects 10 and 11. When processing structured content, these structure elements are applied to the part of content stream they are part of. It should be pointed out that structure content element object 10 specifies `ActualText` key with unicode value of 0xfeff00ad (code for soft hyphen) which is to be used instead of the text rendered to the screen.\n\nIf we take a look with a debugger, we can see a memory area of size 0x18 being allocated:\n \n \n Breakpoint 0 hit\n eax=1f2b4fe8 ebx=1f26af18 ecx=00000018 edx=00000000 esi=0012e218 edi=0012e2ac\n eip=6023d75d esp=0012e1c0 ebp=0012e1d8 iopl=0 nv up ei pl nz na pe nc\n cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206\n AcroRd32_60000000!CTJPEGDecoderReadNextTile+0x39d3d:\n 6023d75d 59 pop ecx\n 1:009> u eip-5\n AcroRd32_60000000!CTJPEGDecoderReadNextTile+0x39d38:\n 6023d758 e8b7e7e0ff call AcroRd32_60000000!AcroWinMainSandbox+0x39b0 (6004bf14)\n 6023d75d 59 pop ecx\n 6023d75e 59 pop ecx\n 6023d75f 894718 mov dword ptr [edi+18h],eax\n 6023d762 ff7524 push dword ptr [ebp+24h]\n 6023d765 ff06 inc dword ptr [esi]\n 6023d767 ff7520 push dword ptr [ebp+20h]\n 6023d76a ff751c push dword ptr [ebp+1Ch]\n 1:009> d eax\n 1f2b4fe8 00000000 00000000 00000000 00000000\n 1f2b4ff8 00000000 00000000 ???????? ????????\n 1f2b5008 ???????? ???????? ???????? ????????\n 1f2b5018 ???????? ???????? ???????? ????????\n 1f2b5028 ???????? ???????? ???????? ????????\n 1f2b5038 ???????? ???????? ???????? ????????\n 1f2b5048 ???????? ???????? ???????? ????????\n 1f2b5058 ???????? ???????? ???????? ????????\n 1:009> !heap -p -a eax \n address 1f2b4fe8 found in\n _DPH_HEAP_ROOT @ 181000\n in busy allocation ( DPH_HEAP_BLOCK: UserAddr UserSize - VirtAddr VirtSize)\n 1f1722d8: 1f2b4fe8 18 - 1f2b4000 2000\n 11248e89 verifier!AVrfDebugPageHeapAllocate+0x00000229\n 77f8628e ntdll!RtlDebugAllocateHeap+0x00000030\n 77f4a6cb ntdll!RtlpAllocateHeap+0x000000c4\n 77f15d20 ntdll!RtlAllocateHeap+0x0000023a\n 03951c63 MSVCR120!_calloc_impl+0x00000045 [f:\\dd\\vctools\\crt\\crtw32\\heap\\calloc_impl.c @ 44]\n 0395d5fb MSVCR120!calloc+0x00000018 [f:\\dd\\vctools\\crt\\crtw32\\heap\\calloc.c @ 48]\n 6004bf26 AcroRd32_60000000!AcroWinMainSandbox+0x000039c2\n 6023d75d AcroRd32_60000000!CTJPEGDecoderReadNextTile+0x00039d3d\n 6023a7d7 AcroRd32_60000000!CTJPEGDecoderReadNextTile+0x00036db7\n 6023a20a AcroRd32_60000000!CTJPEGDecoderReadNextTile+0x000367ea\n 6023dbbf AcroRd32_60000000!CTJPEGDecoderReadNextTile+0x0003a19f\n 6022faca AcroRd32_60000000!CTJPEGDecoderReadNextTile+0x0002c0aa\n 6022f4c7 AcroRd32_60000000!CTJPEGDecoderReadNextTile+0x0002baa7\n 6022f2e6 AcroRd32_60000000!CTJPEGDecoderReadNextTile+0x0002b8c6\n 6022b935 AcroRd32_60000000!CTJPEGDecoderReadNextTile+0x00027f15\n 600aa498 AcroRd32_60000000!DllCanUnloadNow+0x0001b2fa\n 600a9dd2 AcroRd32_60000000!DllCanUnloadNow+0x0001ac34\n 600a9bb6 AcroRd32_60000000!DllCanUnloadNow+0x0001aa18\n 6004f94f AcroRd32_60000000!AcroWinMainSandbox+0x000073eb\n 77d2c4e7 USER32!InternalCallWinProc+0x00000023\n 77d2c5e7 USER32!UserCallWinProcCheckWow+0x0000014b\n 77d2cc19 USER32!DispatchMessageWorker+0x0000035e\n 77d2cc70 USER32!DispatchMessageW+0x0000000f\n 600a941f AcroRd32_60000000!DllCanUnloadNow+0x0001a281\n 600a922b AcroRd32_60000000!DllCanUnloadNow+0x0001a08d\n 60048e48 AcroRd32_60000000!AcroWinMainSandbox+0x000008e4\n 6004872e AcroRd32_60000000!AcroWinMainSandbox+0x000001ca\n 00407086 AcroRd32+0x00007086\n 004ecca1 AcroRd32!AcroRd32IsBrokerProcess+0x0008b5a1\n 77e2ee6c kernel32!BaseThreadInitThunk+0x0000000e\n 77f23a03 ntdll!__RtlUserThreadStart+0x00000070\n 77f239d6 ntdll!_RtlUserThreadStart+0x0000001b\n \n\nIn the above debugging output, we break after a call to `AcroRd32_60000000!AcroWinMainSandbox+0x39b0` which is basically a wrapper around `calloc`. After this allocation, the returned chunk is examined with `!heap -p -a eax` where we can see its user size is 0x18 bytes. If we continue the execution we can observe the following crash:\n \n \n (1274.1038): Access violation - code c0000005 (first chance)\n First chance exceptions are reported before any exception handling.\n This exception may be expected and handled.\n eax=1f2b4fe8 ebx=17476f90 ecx=0012e2ac edx=00000000 esi=0012e2ac edi=1f26af18\n eip=6059fc4f esp=0012e1b0 ebp=0012e1b0 iopl=0 nv up ei pl nz na pe nc\n cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206\n AcroRd32_60000000!AX_PDXlateToHostEx+0x2032e2:\n 6059fc4f 8b4820 mov ecx,dword ptr [eax+20h] ds:0023:1f2b5008=????????\n \n\nRegister `eax` holds a pointer to the previously allocated object, but the current instruction is trying to allocate a dword at offset 0x20 which is 8 bytes after the end of our buffer. This is clearly a read access violation that has crashed the process because of PageHeap, but if the out of bounds memory was readable, or another object was already there, the process could continue leading to further object misuse and further heap corruption which could be controlled to lead to arbitrary code execution.\n\nIf a correct font, instead of a non-existent one, was referenced in the content stream, execution takes a different route and a memory chunk of correct size (0x28 bytes) is allocated.\n\n### Crash Information\n \n \n (2628.1574): Access violation - code c0000005 (first chance)\n First chance exceptions are reported before any exception handling.\n This exception may be expected and handled.\n *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\\Program Files\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.dll - \n eax=1f944fe8 ebx=1e696f90 ecx=0012e2ac edx=00000000 esi=0012e2ac edi=1f8faf18\n eip=6059fc4f esp=0012e1b0 ebp=0012e1b0 iopl=0 nv up ei pl nz na pe nc\n cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206\n AcroRd32_60000000!AX_PDXlateToHostEx+0x2032e2:\n 6059fc4f 8b4820 mov ecx,dword ptr [eax+20h] ds:0023:1f945008=????????\n 1:009>1:009> !heap -p -a eax \n address 1f944fe8 found in\n _DPH_HEAP_ROOT @ 19a1000\n in busy allocation ( DPH_HEAP_BLOCK: UserAddr UserSize - VirtAddr VirtSize)\n 1f8125b0: 1f944fe8 18 - 1f944000 2000\n 11248e89 verifier!AVrfDebugPageHeapAllocate+0x00000229\n 77f8628e ntdll!RtlDebugAllocateHeap+0x00000030\n 77f4a6cb ntdll!RtlpAllocateHeap+0x000000c4\n 77f15d20 ntdll!RtlAllocateHeap+0x0000023a\n 04131c63 MSVCR120!_calloc_impl+0x00000045 [f:\\dd\\vctools\\crt\\crtw32\\heap\\calloc_impl.c @ 44]\n 0413d5fb MSVCR120!calloc+0x00000018 [f:\\dd\\vctools\\crt\\crtw32\\heap\\calloc.c @ 48]\n 6004bf26 AcroRd32_60000000!AcroWinMainSandbox+0x000039c2\n 6023d75d AcroRd32_60000000!CTJPEGDecoderReadNextTile+0x00039d3d\n 6023a7d7 AcroRd32_60000000!CTJPEGDecoderReadNextTile+0x00036db7\n 6023a20a AcroRd32_60000000!CTJPEGDecoderReadNextTile+0x000367ea\n 6023dbbf AcroRd32_60000000!CTJPEGDecoderReadNextTile+0x0003a19f\n 6022faca AcroRd32_60000000!CTJPEGDecoderReadNextTile+0x0002c0aa\n 6022f4c7 AcroRd32_60000000!CTJPEGDecoderReadNextTile+0x0002baa7\n 6022f2e6 AcroRd32_60000000!CTJPEGDecoderReadNextTile+0x0002b8c6\n 6022b935 AcroRd32_60000000!CTJPEGDecoderReadNextTile+0x00027f15\n 600aa498 AcroRd32_60000000!DllCanUnloadNow+0x0001b2fa\n 600a9dd2 AcroRd32_60000000!DllCanUnloadNow+0x0001ac34\n 600a9bb6 AcroRd32_60000000!DllCanUnloadNow+0x0001aa18\n 6004f94f AcroRd32_60000000!AcroWinMainSandbox+0x000073eb\n 77d2c4e7 USER32!InternalCallWinProc+0x00000023\n 77d2c5e7 USER32!UserCallWinProcCheckWow+0x0000014b\n 77d2cc19 USER32!DispatchMessageWorker+0x0000035e\n 77d2cc70 USER32!DispatchMessageW+0x0000000f\n 600a941f AcroRd32_60000000!DllCanUnloadNow+0x0001a281\n 600a922b AcroRd32_60000000!DllCanUnloadNow+0x0001a08d\n 60048e48 AcroRd32_60000000!AcroWinMainSandbox+0x000008e4\n 6004872e AcroRd32_60000000!AcroWinMainSandbox+0x000001ca\n 00407086 AcroRd32+0x00007086\n 004ecca1 AcroRd32!AcroRd32IsBrokerProcess+0x0008b5a1\n 77e2ee6c kernel32!BaseThreadInitThunk+0x0000000e\n 77f23a03 ntdll!__RtlUserThreadStart+0x00000070\n 77f239d6 ntdll!_RtlUserThreadStart+0x0000001b\n \n\n### Timeline\n\n2017-06-05 - Vendor Disclosure \n2017-11-14 - Public Release\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "talos", "title": "Adobe Acrobat Reader DC PDF Structured Hierarchy ActualText Structure Element Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16367"], "modified": "2017-11-14T00:00:00", "id": "TALOS-2017-0356", "href": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0356", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "symantec": [{"lastseen": "2021-06-08T18:45:47", "description": "### Description\n\nAdobe Acrobat and Reader are prone to an unspecified security-bypass vulnerability. Remote attackers can exploit this issue to gain access to sensitive information that may aid in further attacks.\n\n### Technologies Affected\n\n * Adobe Acrobat 11.0 \n * Adobe Acrobat 11.0.0 \n * Adobe Acrobat 11.0.06 \n * Adobe Acrobat 11.0.07 \n * Adobe Acrobat 11.0.08 \n * Adobe Acrobat 11.0.09 \n * Adobe Acrobat 11.0.1 \n * Adobe Acrobat 11.0.10 \n * Adobe Acrobat 11.0.11 \n * Adobe Acrobat 11.0.12 \n * Adobe Acrobat 11.0.13 \n * Adobe Acrobat 11.0.14 \n * Adobe Acrobat 11.0.15 \n * Adobe Acrobat 11.0.16 \n * Adobe Acrobat 11.0.17 \n * Adobe Acrobat 11.0.18 \n * Adobe Acrobat 11.0.19 \n * Adobe Acrobat 11.0.2 \n * Adobe Acrobat 11.0.20 \n * Adobe Acrobat 11.0.21 \n * Adobe Acrobat 11.0.22 \n * Adobe Acrobat 11.0.3 \n * Adobe Acrobat 11.0.4 \n * Adobe Acrobat 11.0.6 \n * Adobe Acrobat 11.0.7 \n * Adobe Acrobat 11.0.9 \n * Adobe Acrobat 2017.008.30051 \n * Adobe Acrobat 2017.011.30059 \n * Adobe Acrobat 2017.011.30066 \n * Adobe Acrobat DC 15.006.30097 \n * Adobe Acrobat DC 15.006.30119 \n * Adobe Acrobat DC 15.006.30121 \n * Adobe Acrobat DC 15.006.30172 \n * Adobe Acrobat DC 15.006.30174 \n * Adobe Acrobat DC 15.006.30198 \n * Adobe Acrobat DC 15.006.30201 \n * Adobe Acrobat DC 15.006.30243 \n * Adobe Acrobat DC 15.006.30244 \n * Adobe Acrobat DC 15.006.30279 \n * Adobe Acrobat DC 15.006.30280 \n * Adobe Acrobat DC 15.009.20077 \n * Adobe Acrobat DC 15.010.20056 \n * Adobe Acrobat DC 15.010.20059 \n * Adobe Acrobat DC 15.010.20060 \n * Adobe Acrobat DC 15.016.20039 \n * Adobe Acrobat DC 15.016.20045 \n * Adobe Acrobat DC 15.017.20050 \n * Adobe Acrobat DC 15.017.20053 \n * Adobe Acrobat DC 15.020.20039 \n * Adobe Acrobat DC 15.020.20042 \n * Adobe Acrobat DC 15.023.20053 \n * Adobe Acrobat DC 15.023.20070 \n * Adobe Acrobat DC 2015.006.30033 \n * Adobe Acrobat DC 2015.006.30060 \n * Adobe Acrobat DC 2015.006.30094 \n * Adobe Acrobat DC 2015.006.30306 \n * Adobe Acrobat DC 2015.006.30352 \n * Adobe Acrobat DC 2015.006.30355 \n * Adobe Acrobat DC 2015.007.20033 \n * Adobe Acrobat DC 2015.008.20082 \n * Adobe Acrobat DC 2015.009.20069 \n * Adobe Acrobat DC 2017.009.20044 \n * Adobe Acrobat DC 2017.009.20058 \n * Adobe Acrobat DC 2017.012.20093 \n * Adobe Acrobat DC 2017.012.20098 \n * Adobe Acrobat Reader 2017.008.30051 \n * Adobe Acrobat Reader 2017.011.30059 \n * Adobe Acrobat Reader 2017.011.30066 \n * Adobe Acrobat Reader DC 15.006.30097 \n * Adobe Acrobat Reader DC 15.006.30119 \n * Adobe Acrobat Reader DC 15.006.30121 \n * Adobe Acrobat Reader DC 15.006.30172 \n * Adobe Acrobat Reader DC 15.006.30174 \n * Adobe Acrobat Reader DC 15.006.30198 \n * Adobe Acrobat Reader DC 15.006.30201 \n * Adobe Acrobat Reader DC 15.006.30243 \n * Adobe Acrobat Reader DC 15.006.30244 \n * Adobe Acrobat Reader DC 15.006.30279 \n * Adobe Acrobat Reader DC 15.006.30280 \n * Adobe Acrobat Reader DC 15.009.20077 \n * Adobe Acrobat Reader DC 15.010.20056 \n * Adobe Acrobat Reader DC 15.010.20059 \n * Adobe Acrobat Reader DC 15.010.20060 \n * Adobe Acrobat Reader DC 15.016.20039 \n * Adobe Acrobat Reader DC 15.016.20045 \n * Adobe Acrobat Reader DC 15.017.20050 \n * Adobe Acrobat Reader DC 15.017.20053 \n * Adobe Acrobat Reader DC 15.020.20039 \n * Adobe Acrobat Reader DC 15.020.20042 \n * Adobe Acrobat Reader DC 15.023.20053 \n * Adobe Acrobat Reader DC 15.023.20070 \n * Adobe Acrobat Reader DC 2015.006.30033 \n * Adobe Acrobat Reader DC 2015.006.30060 \n * Adobe Acrobat Reader DC 2015.006.30094 \n * Adobe Acrobat Reader DC 2015.006.30306 \n * Adobe Acrobat Reader DC 2015.006.30352 \n * Adobe Acrobat Reader DC 2015.006.30355 \n * Adobe Acrobat Reader DC 2015.007.20033 \n * Adobe Acrobat Reader DC 2015.008.20082 \n * Adobe Acrobat Reader DC 2015.009.20069 \n * Adobe Acrobat Reader DC 2017.009.20044 \n * Adobe Acrobat Reader DC 2017.009.20058 \n * Adobe Acrobat Reader DC 2017.012.20093 \n * Adobe Acrobat Reader DC 2017.012.20098 \n * Adobe Reader 11.0 \n * Adobe Reader 11.0.03 \n * Adobe Reader 11.0.04 \n * Adobe Reader 11.0.05 \n * Adobe Reader 11.0.06 \n * Adobe Reader 11.0.07 \n * Adobe Reader 11.0.08 \n * Adobe Reader 11.0.09 \n * Adobe Reader 11.0.1 \n * Adobe Reader 11.0.10 \n * Adobe Reader 11.0.11 \n * Adobe Reader 11.0.12 \n * Adobe Reader 11.0.13 \n * Adobe Reader 11.0.14 \n * Adobe Reader 11.0.15 \n * Adobe Reader 11.0.16 \n * Adobe Reader 11.0.17 \n * Adobe Reader 11.0.18 \n * Adobe Reader 11.0.19 \n * Adobe Reader 11.0.20 \n * Adobe Reader 11.0.21 \n * Adobe Reader 11.0.22 \n\n### Recommendations\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from a successful exploit. \n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo limit exposure to these and other latent vulnerabilities, never handle files that originate from unfamiliar or untrusted sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nTo reduce the likelihood of attacks, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, run applications with the minimal amount of privileges required for functionality. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "cvss3": {}, "published": "2017-11-14T00:00:00", "type": "symantec", "title": "Adobe Acrobat and Reader CVE-2017-16369 Security Bypass Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-16369"], "modified": "2017-11-14T00:00:00", "id": "SMNTC-101820", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/101820", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "talosblog": [{"lastseen": "2017-12-25T19:52:52", "description": "Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 53 new vulnerabilities with 19 of them rated critical, 31 of them rated important and 3 of them rated moderate. These vulnerabilities impact Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, and more.<br /><br />In addition, an update for Adobe Reader was released which addresses CVE-2017-16367 / TALOS-2017-0356 - Adobe Acrobat Reader DC PDF Structured Hierarchy ActualText Structure Element Code Execution Vulnerability which was discovered by Aleksandar Nikolic of Cisco Talos. This vulnerability manifests as a type confusion vulnerability in the PDF parsing functionality for documents containing marked structure elements. A specifically crafted PDF document designed to trigger the vulnerability could cause an out-of-bounds access on the heap, potentially leading to arbitrary code execution. More details regarding this vulnerability are available <a href=\"https://talosintelligence.com/vulnerability_reports/TALOS-2017-0356\">here</a>.<br /><br /><a name='more'></a><h2 id=\"h.zgfs4ty8epb8\">Vulnerabilities Rated Critical</h2><br />The following vulnerabilities are rated \"Critical\" by Microsoft:<br /><br /><ul><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11836\">CVE-2017-11836 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11837\">CVE-2017-11837 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11838\">CVE-2017-11838 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11839\">CVE-2017-11839 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11840\">CVE-2017-11840 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11841\">CVE-2017-11841 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11843\">CVE-2017-11843 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11845\">CVE-2017-11845 - Microsoft Edge Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11846\">CVE-2017-11846 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855\">CVE-2017-11855 - Internet Explorer Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11856\">CVE-2017-11856 - Internet Explorer Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11858\">CVE-2017-11858 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11861\">CVE-2017-11861 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11862\">CVE-2017-11862 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11866\">CVE-2017-11866 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11869\">CVE-2017-11869 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11870\">CVE-2017-11870 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11871\">CVE-2017-11871 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11873\">CVE-2017-11873 - Scripting Engine Memory Corruption Vulnerability</a></li></ul><br /><h3 id=\"h.pmrxkbmph7q8\">Multiple CVEs - Scripting Engine Memory Corruption Vulnerability</h3><br />Multiple vulnerabilities have been identified in the scripting engine of Microsoft Edge that could allow an attacker to execute arbitrary code. These vulnerabilities manifest due to Microsoft Edge improperly handling objects in memory. Scenarios where these vulnerabilities would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit these vulnerabilities. Successful exploitation of these vulnerabilities could allow an attacker to execute code within the context of the current user.<br /><br />The following is a list of CVEs related to these vulnerabilities:<br /><ul><li>CVE-2017-11836</li><li>CVE-2017-11839</li><li>CVE-2017-11840</li><li>CVE-2017-11841</li><li>CVE-2017-11861</li><li>CVE-2017-11862</li><li>CVE-2017-11866</li><li>CVE-2017-11870</li><li>CVE-2017-11871</li><li>CVE-2017-11873</li></ul><h3 id=\"h.9bhb21vu9pw3\">Multiple CVEs - Scripting Engine Memory Corruption Vulnerability</h3><br />Multiple remote code execution vulnerabilities have been identified affecting the scripting engine in Microsoft browsers. These vulnerabilities manifest due to the scripting engine improperly handling objects in memory. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code within the context of the current user. Scenarios where these vulnerabilities would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit these vulnerabilities or, in some cases, opens a Microsoft Office document containing an embedded ActiveX control marked \"safe for initialization.\"<br /><br />The following is a list of CVEs related to these vulnerabilities.<br /><ul><li>CVE-2017-11837 </li><li>CVE-2017-11838</li><li>CVE-2017-11843</li><li>CVE-2017-11846</li><li>CVE-2017-11858 </li></ul><h3 id=\"h.l4j3cblo56e5\">CVE-2017-11845 - Microsoft Edge Memory Corruption Vulnerability</h3><br />A remote code vulnerability has been identified that affects Microsoft Edge. The vulnerability is related to the way Microsoft Edge accesses objects in memory. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with the same access rights as the current user. Scenarios where this vulnerability would likely be exploited include web-based attacks where a user navigates to a malicious webpage designed to exploit this vulnerability, or via the use of a malicious email attachment that the user is convinced to open. <br /><br /><h3 id=\"h.kwuhvlxn2rdl\">Multiple CVEs - Internet Explorer Memory Corruption Vulnerability</h3><br />Two remote code vulnerabilities have been discovered that affect Internet Explorer. These vulnerabilities are related to the way Internet Explorer accesses objects in memory. Successful exploitation of these vulnerabilities could result in the execution of arbitrary code with the same access rights as the current user. Scenarios where these vulnerabilities would likely be exploited include web-based attacks where a user navigates to a malicious webpage designed to exploit this vulnerability, or via the use of a malicious email attachment that the user is convinced to open.<br /><br />The following is a list of CVEs related to these vulnerabilities:<br /><ul><li>CVE-2017-11855</li><li>CVE-2017-11856 </li></ul><h3 id=\"h.25ulimn27xx4\">CVE-2017-11869 - Scripting Engine Memory Corruption Vulnerability</h3><br />A vulnerability has been identified in the scripting engine of Internet Explorer that could allow an attacker to execute arbitrary code. These vulnerability manifest due to Internet Explorer improperly accessing objects in memory. Scenarios where these vulnerabilities would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit these vulnerabilities. Successful exploitation of these vulnerabilities could allow an attacker to execute code within the context of the current user.<br /><br /><h2 id=\"h.ftn8wufn5bzc\">Vulnerabilities Rated Important</h2><br />The following vulnerabilities are rated \"Important\" by Microsoft:<br /><ul><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11768\">CVE-2017-11768 - Windows Media Player Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770\">CVE-2017-11770 - ASP.NET Core Denial Of Service Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11788\">CVE-2017-11788 - Windows Search Denial of Service Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11791\">CVE-2017-11791 - Scripting Engine Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11803\">CVE-2017-11803 - Microsoft Edge Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11827\">CVE-2017-11827 - Microsoft Browser Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11830\">CVE-2017-11830 - Device Guard Security Feature Bypass Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11831\">CVE-2017-11831 - Windows Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11832\">CVE-2017-11832 - Windows EOT Font Engine Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11833\">CVE-2017-11833 - Microsoft Edge Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11834\">CVE-2017-11834 - Scripting Engine Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11835\">CVE-2017-11835 - Windows EOT Font Engine Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11842\">CVE-2017-11842 - Windows Kernel Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11844\">CVE-2017-11844 - Microsoft Edge Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11847\">CVE-2017-11847 - Windows Kernel Elevation of Privilege Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11849\">CVE-2017-11849 - Windows Kernel Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11850\">CVE-2017-11850 - Microsoft Graphics Component Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11851\">CVE-2017-11851 - Windows Kernel Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11852\">CVE-2017-11852 - Windows GDI Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11853\">CVE-2017-11853 - Windows Kernel Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11854\">CVE-2017-11854 - Microsoft Word Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11863\">CVE-2017-11863 - Microsoft Edge Security Feature Bypass Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11872\">CVE-2017-11872 - Microsoft Edge Security Feature Bypass Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11874\">CVE-2017-11874 - Microsoft Edge Security Feature Bypass Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877\">CVE-2017-11877 - Microsoft Excel Security Feature Bypass Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11878\">CVE-2017-11878 - Microsoft Excel Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11879\">CVE-2017-11879 - ASP.NET Core Elevation Of Privilege Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11880\">CVE-2017-11880 - Windows Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882\">CVE-2017-11882 - Microsoft Office Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11884\">CVE-2017-11884 - Microsoft Office Memory Corruption Vulnerability</a></li></ul><h3 id=\"h.bdoa4s47wkbw\">CVE-2017-11768 - Windows Media Player Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified that affects Windows Media Player. This vulnerability manifests due to Windows Media Player improperly disclosing file information. In order to exploit this vulnerability an attacker would need to authenticate to an affected system and execute a program designed to exploit this vulnerability. Successful exploitation of this vulnerability would allow an attacker to enumerate the existence of files stored on an affected system.<br /><br /><h3 id=\"h.q5rd6srfdkn8\">Multiple CVEs - ASP.NET Core Denial Of Service Vulnerability</h3><br />Multiple denial of service vulnerabilities have been identified that affect ASP.NET Core. These vulnerabilities manifest due to .NET Core improperly handling web requests. These vulnerabilities could be exploited remotely by an unauthenticated attacker. Successful exploitation could result in a denial of service condition. <br /><br />The following CVEs are related to these vulnerabilities:<br /><ul><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770\">CVE-2017-11770 - ASP.NET Core Denial Of Service Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883\">CVE-2017-11883 - ASP.NET Core Denial Of Service Vulnerability</a></li></ul><h3 id=\"h.38zj0t9asa7l\">CVE-2017-11788 - Windows Search Denial of Service Vulnerability</h3><br />A denial of service vulnerability has been identified that affects Windows Search. This vulnerability manifests due to Windows Search improperly handling objects in memory. This vulnerability could be exploited by sending specially crafted messages to the Windows Search service. Additionally this vulnerability could be exploited by an unauthenticated remote attacker via Server Message Block (SMB). Successful exploitation of this vulnerability could result in a denial of service condition on affected systems.<br /><br /><h3 id=\"h.n7xhfhgh78f0\">CVE-2017-11791 - Scripting Engine Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified that affects Microsoft browsers. This vulnerability manifests due to Microsoft browsers improperly handling objects in memory. This vulnerability could be leveraged by an attacker to obtain information that could be used for subsequent attacks against an affected system. Scenarios where this vulnerability would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of this vulnerability.<br /><br /><h3 id=\"h.su1nmhb9yrz2\">Multiple CVEs - Microsoft Edge Information Disclosure Vulnerability</h3><br />Two information disclosure vulnerabilities have been identified that affect Microsoft Edge. These vulnerabilities manifest due to Microsoft Edge improperly handling objects in memory. These vulnerabilities could be leveraged by an attacker to obtain information that could be used for subsequent attacks against an affected system. Scenarios where these vulnerabilities would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of this vulnerability.<br /><br />The following is a list of CVEs related to these vulnerabilities:<br /><ul><li>CVE-2017-11803</li><li>CVE-2017-11844</li></ul><h3 id=\"h.eak31u2c41u2\">CVE-2017-11827 - Microsoft Browser Memory Corruption Vulnerability</h3><br />A remote code execution vulnerability has been identified that affects Microsoft browsers. This vulnerability manifests due to the way in which Microsoft browsers access objects in memory. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with the same privileges as the current user. Scenarios where this vulnerability would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of this vulnerability or convincing a user to open a malicious email attachment.<br /><br /><h3 id=\"h.fn76sfmfrnf3\">CVE-2017-11830 - Device Guard Security Feature Bypass Vulnerability</h3><br />A security feature bypass vulnerability has been identified that affects Device Guard. This vulnerability manifests due to the way in which Device Guard incorrectly validates untrusted files. Successful exploitation of this vulnerability could allow an attacker to make an unsigned file appear as if it is signed, allowing an attacker to execute malicious files on affected systems.<br /><br /><h3 id=\"h.y3wb9e2yktsf\">Multiple CVEs - Windows Information Disclosure Vulnerability</h3><br />Multiple information disclosure vulnerabilities have been identified that affect the Windows kernel. These vulnerabilities manifest due to the Windows kernel failing to properly initialize memory addresses. These vulnerabilities could be leveraged by an attacker to obtain information that could be used for subsequent attacks against an affected system. Exploiting these vulnerabilities would require an attacker to authenticate to an affected device and execute an application designed to exploit this vulnerability.<br /><br />The following is a list of CVEs related to these vulnerabilities:<br /><ul><li>CVE-2017-11831</li><li>CVE-2017-11880</li></ul><h3 id=\"h.btsw9vna5f30\">Multiple CVEs - Windows EOT Font Engine Information Disclosure Vulnerability</h3><br />Two information disclosure vulnerabilities have been identified that affect Microsoft Windows Embedded OpenType (EOT). These vulnerabilities manifest due to the way in which the font engine parses embedded fonts. Successful exploitation of these vulnerabilities could allow an attacker to obtain information that could be used for subsequent attacks against an affected system. <br /><br />The following is a list of CVEs related to these vulnerabilities:<br /><ul><li>CVE-2017-11832</li><li>CVE-2017-11835</li></ul><h3 id=\"h.hzfeoreuofyd\">CVE-2017-11833 - Microsoft Edge Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified that affects Microsoft Edge. This vulnerability manifests due to the way in which Microsoft Edge handles cross-origin requests. This vulnerability could be leveraged by an attacker to determine the origin of webpages within an affected browser. Scenarios where this vulnerability would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of this vulnerability. <br /><br /><h3 id=\"h.3e1zkv9m7hzg\">CVE-2017-11834 - Scripting Engine Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability was identified that affects Internet Explorer. This vulnerability manifests due to the scripting engine in Internet Explorer not properly handling objects in memory. This vulnerability could be leveraged by an attacker to obtain information that could be used in additional attacks. Scenarios where this vulnerability would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of this vulnerability. <br /><br /><h3 id=\"h.yv8u67oyrby6\">Multiple CVEs - Windows Kernel Information Disclosure Vulnerability</h3><br />Multiple information disclosure vulnerabilities were identified that affect the Windows Kernel-Mode Drivers. These vulnerabilities manifest due to the Windows Kernel failing to properly initialize memory addresses. These vulnerabilities could be leveraged by an attacker to obtain information that could be used in subsequent attacks to further compromise an affected system. Exploitation of these vulnerabilities would require an attacker to log in and execute a program specifically designed to exploit them.<br /><br />The following is a list of CVEs related to these vulnerabilities:<br /><ul><li>CVE-2017-11842</li><li>CVE-2017-11849</li><li>CVE-2017-11853</li></ul><h3 id=\"h.ispynop4ff07\">CVE-2017-11847 - Windows Kernel Elevation of Privilege Vulnerability</h3><br />A privilege escalation vulnerability has been identified that affects the Windows Kernel. This vulnerability manifests due to the Windows Kernel failing to properly handle objects in memory. Successful exploitation of this vulnerability would require an attacker to log on to a system and execute a program specifically designed to exploit this vulnerability and could allow an attacker to run arbitrary code in kernel memory.<br /><br /><h3 id=\"h.596vig5drvj1\">CVE-2017-11850 - Microsoft Graphics Component Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified that affects the Microsoft Graphics Component. This vulnerability manifests due to the Windows GDI component disclosing kernel memory addresses. An attacker could leverage this vulnerability to obtain information that could be used for additional attacks against an affected system. Successful exploitation of this vulnerability would require an attacker to log on to a system and execute a program specifically designed to exploit this vulnerability.<br /><br /><h3 id=\"h.t8ap458u96px\">CVE-2017-11851 - Windows Kernel Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified that affects the Microsoft Graphics Component. This vulnerability manifests due to the Windows GDI component disclosing kernel memory addresses. An attacker could leverage this vulnerability to obtain information that could be used for additional attacks against an affected system. Successful exploitation of this vulnerability would require an attacker to log on to a system and execute a program specifically designed to exploit this vulnerability.<br /><br /><h3 id=\"h.kti9vg98v2si\">CVE-2017-11852 - Windows GDI Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified that affects the Microsoft Graphics Component. This vulnerability manifests due to the Windows GDI component disclosing kernel memory addresses. An attacker could leverage this vulnerability to obtain information that could be used for additional attacks against an affected system. Successful exploitation of this vulnerability would require an attacker to log on to a system and execute a program specifically designed to exploit this vulnerability.<br /><br /><h3 id=\"h.btbv13lo447t\">CVE-2017-11854 - Microsoft Word Memory Corruption Vulnerability</h3><br />A remote code execution vulnerability has been identified that affects Microsoft Office. This vulnerability manifests due to Microsoft Office improperly handling objects in memory. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code within the context of the current user. In order to exploit this vulnerability, an attacker would need to create a specially crafted file and convince a user to open it within an affected version of Microsoft Office.<br /><br /><h3 id=\"h.vfhxvo8e1vuz\">CVE-2017-11863 - Microsoft Edge Security Feature Bypass Vulnerability</h3><br />A security feature bypass has been identified in Microsoft Edge that could allow an attacker to load a page containing malicious content without the user's knowledge or consent. This vulnerability manifests in the Edge Content Security Policy where certain specially crafted documents are improperly validated. An attacker could exploit this vulnerability by convincing a user to navigate to a malicious page or by injecting malicious content into page, such as an advertisement, thereby bypassing the Content Security Policy.<br /><br /><h3 id=\"h.9suck7nnkgfu\">CVE-2017-11872 - Microsoft Edge Security Feature Bypass Vulnerability</h3><br />A security feature bypass vulnerability has been identified in Microsoft Edge that could allow an attacker to bypass Cross-Origin Resource Sharing restrictions. This vulnerability manifests as a result of Edge improperly handling redirect requests and following redirect requests that should otherwise be ignored. An attacker could exploit this vulnerability by creating a specially crafted web page designed to exploit this vulnerability and convincing a user to visit the web page. Attackers could also leverage vulnerable or compromised web pages exploit this vulnerability.<br /><br /><h3 id=\"h.9qx8ma9p7xwo\">CVE-2017-11874 - Microsoft Edge Security Feature Bypass Vulnerability</h3><br />A security feature bypass vulnerability has been identified in Microsoft Edge that could allow an attacker to bypass the Control Flow Guard. This vulnerability manifests as a result of the Edge Just-In-Time compiler incorrectly handling memory operations in compiled code. An attacker could exploit this vulnerability by creating a specially crafted web page designed to exploit this vulnerability and convincing a user to visit the web page.<br /><br /><h3 id=\"h.p53pt1akjudq\">CVE-2017-11877 - Microsoft Excel Security Feature Bypass Vulnerability</h3><br />A security feature bypass vulnerability has been identified that affects Microsoft Office. The vulnerability is related to Microsoft Office failing to enforce macro settings on Excel documents. Exploitation of this vulnerability does not result in code execution and requires an attacker to create a specially crafted file that is opened in an affected version of Microsoft Excel.<br /><br /><h3 id=\"h.recfefvinm40\">CVE-2017-11878 - Microsoft Excel Memory Corruption Vulnerability</h3><br />A remote code execution vulnerability has been identified that affects Microsoft Office. The vulnerability is related to Microsoft Office not properly handling objects in memory. Successful exploitation of this vulnerability could result in an attacker gaining the ability to execute arbitrary code within the context of the current user. Exploitation of this vulnerability requires an attacker to create a specially crafted file that is opened in an affected version of Microsoft Office. <br /><br /><h3 id=\"h.hyk2905styk6\">CVE-2017-11879 - ASP.NET Core Elevation Of Privilege Vulnerability</h3><br />An open redirect vulnerability has been identified at affects ASP.NET Core. Exploitation of this vulnerability could result in privilege escalation. In order to exploit this vulnerability an attacker would need to create a specially crafted URL which could be used to redirect the victim's browser session to a malicious site and obtain login session information.<br /><br /><h3 id=\"h.6020jwogk4nx\">Multiple CVEs - Microsoft Office Memory Corruption Vulnerability</h3><br />Multiple remote code execution vulnerabilities have been identified that affect Microsoft Office. These vulnerabilities are related to Microsoft Office not properly handling objects in memory. Successful exploitation of these vulnerabilities could result in an attacker gaining the ability to execute arbitrary code within the context of the current user. Exploitation of this vulnerability requires an attacker to create a specially crafted file that is opened in an affected version of Microsoft Office. <br /><br />The following is a list of CVEs related to these vulnerabilities:<br /><ul><li>CVE-2017-11882</li><li>CVE-2017-11884</li></ul><br /><h2 id=\"h.9bugt6nqiqht\">Vulnerabilities Rated Moderate</h2><br />The following vulnerabilities are rated \"Moderate\" by Microsoft:<br /><ul><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11848\">CVE-2017-11848 - Internet Explorer Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11876\">CVE-2017-11876 - Microsoft Project Server Elevation of Privilege Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700\">CVE-2017-8700 - ASP.NET Core Information Disclosure Vulnerability</a></li></ul><h3 id=\"h.wfk7ipeakm4m\">CVE-2017-11848 - Internet Explorer Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified that affects Internet Explorer. This vulnerability manifests due to the way in which Internet Explorer handles page contents. Scenarios where this vulnerability would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of this vulnerability. Successful exploitation of this vulnerability could allow an attacker to detect navigation of a user leaving a malicious web page. <br /><br /><h3 id=\"h.1fxj2jwk3xet\">CVE-2017-11876 - Microsoft Project Server Elevation of Privilege Vulnerability</h3><br />A privilege escalation vulnerability has been discovered affecting Microsoft Project. It is related to the way in which Microsoft Project Server improperly manages user sessions. The victim must be logged in to the target site in order for this vulnerability to be exploited. Scenarios where this vulnerability would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of this vulnerability. Successful exploitation of this vulnerability could allow an attacker to access content that the attacker is not authorized to access or impersonate the user within the web application. It could also enable the attacker to inject malicious contents into the victim's browser.<br /><br /><h3 id=\"h.wd4h9qqis9cx\">CVE-2017-8700 - ASP.NET Core Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified that affects ASP.net Core. This vulnerability could enable an attacker to bypass Cross-Origin Resource Sharing (CORS) configurations. Successful exploitation of this vulnerability could allow an attacker to access content that they are not authorized to access from within a web application.<br /><br /><h2 id=\"h.bipt9xzi68fa\">Coverage</h2><br />In response to these vulnerability disclosures, Talos is releasing the following Snort rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.<br /><br />Snort Rules:<br /><ul><li>43120-43121</li><li>44809-44834</li><li>44838-44839</li><li>44843-44846</li></ul>For other vulnerabilities Talos has disclosed, please refer to our Vulnerability Report Portal:<a href=\"http://www.talosintelligence.com/vulnerability-reports/\"> </a><a href=\"http://www.talosintelligence.com/vulnerability-reports/\">http://www.talosintelligence.com/vulnerability-reports/</a><br /><br /><a href=\"http://www.talosintelligence.com/vulnerability-reports/\"></a><br /><br />To review our Vulnerability Disclosure Policy, please visit this site:<br /><br /><a href=\"http://www.cisco.com/c/en/us/about/security-center/vendor-vulnerability-policy.html\">http://www.cisco.com/c/en/us/about/security-center/vendor-vulnerability-policy.html</a><br /><br /><a href=\"http://www.cisco.com/c/en/us/about/security-center/vendor-vulnerability-policy.html\"></a><br /><br /><div class=\"feedflare\">\n<a href=\"http://feeds.feedburner.com/~ff/feedburner/Talos?a=gKTSu-yN4pM:3HD9OhLzN18:yIl2AUoC8zA\"><img src=\"http://feeds.feedburner.com/~ff/feedburner/Talos?d=yIl2AUoC8zA\" border=\"0\"></img></a>\n</div><img src=\"http://feeds.feedburner.com/~r/feedburner/Talos/~4/gKTSu-yN4pM\" height=\"1\" width=\"1\" alt=\"\"/>", "cvss3": {}, "published": "2017-11-14T11:54:00", "type": "talosblog", "title": "Microsoft Patch Tuesday - November 2017", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2017-11768", "CVE-2017-11770", "CVE-2017-11788", "CVE-2017-11791", "CVE-2017-11803", "CVE-2017-11827", "CVE-2017-11830", "CVE-2017-11831", "CVE-2017-11832", "CVE-2017-11833", "CVE-2017-11834", "CVE-2017-11835", "CVE-2017-11836", "CVE-2017-11837", "CVE-2017-11838", "CVE-2017-11839", "CVE-2017-11840", "CVE-2017-11841", "CVE-2017-11842", "CVE-2017-11843", "CVE-2017-11844", "CVE-2017-11845", "CVE-2017-11846", "CVE-2017-11847", "CVE-2017-11848", "CVE-2017-11849", "CVE-2017-11850", "CVE-2017-11851", "CVE-2017-11852", "CVE-2017-11853", "CVE-2017-11854", "CVE-2017-11855", "CVE-2017-11856", "CVE-2017-11858", "CVE-2017-11861", "CVE-2017-11862", "CVE-2017-11863", "CVE-2017-11866", "CVE-2017-11869", "CVE-2017-11870", "CVE-2017-11871", "CVE-2017-11872", "CVE-2017-11873", "CVE-2017-11874", "CVE-2017-11876", "CVE-2017-11877", "CVE-2017-11878", "CVE-2017-11879", "CVE-2017-11880", "CVE-2017-11882", "CVE-2017-11883", "CVE-2017-11884", "CVE-2017-16367", "CVE-2017-8700"], "modified": "2017-11-14T19:54:05", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/gKTSu-yN4pM/ms-tuesday.html", "id": "TALOSBLOG:A69C35FFFCE6FA744216C7784C7D2148", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
