Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-11219

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA rendering engine. Successful exploitation could lead to arbitrary code execution.

Published

2017-08-11T19:29:00.477

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.6

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-416
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application adobe acrobat ≤ 11.0.20 Yes
Application adobe acrobat ≤ 17.011.30066 Yes
Application adobe acrobat_dc ≤ 15.006.30306 Yes
Application adobe acrobat_dc ≤ 17.009.20058 Yes
Application adobe acrobat_reader ≤ 17.011.30066 Yes
Application adobe acrobat_reader_dc ≤ 15.006.30306 Yes
Application adobe acrobat_reader_dc ≤ 17.009.20058 Yes
Application adobe reader ≤ 11.0.20 Yes
Operating System apple mac_os_x * No
Operating System microsoft windows * No
References