Design/Logic Flaw

2017-12-0906:29:00

PRIOn knowledge base

www.prio-n.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.027 Low

EPSS

Percentile

90.1%

JSON

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of processing Enhanced Metafile Format Plus (EMF+). The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

CPENameOperatorVersion
acrobatle11.0.22
acrobatge17.0
acrobatle17.011.30066
acrobat_dceq>= - AND <= 17.12.20098
acrobat_dcge15.0
acrobat_dcle15.006.30355
acrobat_readerle11.0.22
acrobat_readerge17.0
acrobat_readerle17.011.30066
acrobat_reader_dcge15.0

Name	Operator	Version
acrobat	le	11.0.22
acrobat	ge	17.0
acrobat	le	17.011.30066
acrobat_dc	eq	>= - AND <= 17.12.20098
acrobat_dc	ge	15.0
acrobat_dc	le	15.006.30355
acrobat_reader	le	11.0.22
acrobat_reader	ge	17.0
acrobat_reader	le	17.011.30066
acrobat_reader_dc	ge	15.0