ID CVE-2017-11257
Summary Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution.
References
Vulnerable Configurations
  • Adobe Acrobat 11.0.20
    cpe:2.3:a:adobe:acrobat:11.0.20
  • cpe:2.3:a:adobe:acrobat:2017.008.30051
    cpe:2.3:a:adobe:acrobat:2017.008.30051
  • cpe:2.3:a:adobe:acrobat_dc:2015.006.30306:-:-:-:classic
    cpe:2.3:a:adobe:acrobat_dc:2015.006.30306:-:-:-:classic
  • cpe:2.3:a:adobe:acrobat_dc:2017.009.20058:-:-:-:continuous
    cpe:2.3:a:adobe:acrobat_dc:2017.009.20058:-:-:-:continuous
  • cpe:2.3:a:adobe:acrobat_reader:2017.008.30051
    cpe:2.3:a:adobe:acrobat_reader:2017.008.30051
  • cpe:2.3:a:adobe:acrobat_reader_dc:2015.006.30306:-:-:-:classic
    cpe:2.3:a:adobe:acrobat_reader_dc:2015.006.30306:-:-:-:classic
  • cpe:2.3:a:adobe:acrobat_reader_dc:2017.009.20058:-:-:-:continuous
    cpe:2.3:a:adobe:acrobat_reader_dc:2017.009.20058:-:-:-:continuous
  • cpe:2.3:a:adobe:reader:11.0.20
    cpe:2.3:a:adobe:reader:11.0.20
  • Apple Mac OS X
    cpe:2.3:o:apple:mac_os_x
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
CVSS
Base: 9.3
Impact:
Exploitability:
CWE CWE-704
CAPEC
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_ADOBE_READER_APSB17-24.NASL
    description The version of Adobe Reader installed on the remote macOS or Mac OS X host is a version prior to 11.0.21, 2015.006.30355, 2017.011.30066, or 2017.012.20098. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2018-05-18
    modified 2018-05-17
    plugin id 102430
    published 2017-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102430
    title Adobe Reader < 11.0.21 / 2015.006.30355 / 2017.011.30066 / 2017.012.20098 Multiple Vulnerabilities (APSB17-24) (macOS)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_ADOBE_ACROBAT_APSB17-24.NASL
    description The version of Adobe Acrobat installed on the remote macOS or Mac OS X host is a version prior to 11.0.21, 2015.006.30355, 2017.011.30066, or 2017.012.20098. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2018-05-18
    modified 2018-05-17
    plugin id 102429
    published 2017-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102429
    title Adobe Acrobat < 11.0.21 / 2015.006.30355 / 2017.011.30066 / 2017.012.20098 Multiple Vulnerabilities (APSB17-24) (macOS)
  • NASL family Windows
    NASL id ADOBE_READER_APSB17-24.NASL
    description The version of Adobe Reader installed on the remote Windows host is a version prior to 11.0.21, 2015.006.30355, 2017.011.30066, or 2017.012.20098. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2018-07-01
    modified 2018-06-29
    plugin id 102428
    published 2017-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102428
    title Adobe Reader < 11.0.21 / 2015.006.30355 / 2017.011.30066 / 2017.012.20098 Multiple Vulnerabilities (APSB17-24)
  • NASL family Windows
    NASL id ADOBE_ACROBAT_APSB17-24.NASL
    description The version of Adobe Acrobat installed on the remote Windows host is a version prior to 11.0.21, 2015.006.30355, 2017.011.30066, or 2017.012.20098. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2018-07-01
    modified 2018-06-29
    plugin id 102427
    published 2017-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102427
    title Adobe Acrobat < 11.0.21 / 2015.006.30355 / 2017.011.30066 / 2017.012.20098 Multiple Vulnerabilities (APSB17-24)
refmap via4
bid 100181
confirm https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
sectrack 1039098
Last major update 11-08-2017 - 15:29
Published 11-08-2017 - 15:29
Last modified 17-08-2017 - 15:21
Back to Top