Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-11249

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when parsing an invalid Enhanced Metafile Format (EMF) record. Successful exploitation could lead to arbitrary code execution.

Published

2017-08-11T19:29:01.303

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-119
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application adobe acrobat ≤ 11.0.20 Yes
Application adobe acrobat ≤ 17.011.30066 Yes
Application adobe acrobat_dc ≤ 15.006.30306 Yes
Application adobe acrobat_dc ≤ 17.009.20058 Yes
Application adobe acrobat_reader ≤ 17.011.30066 Yes
Application adobe acrobat_reader_dc ≤ 15.006.30306 Yes
Application adobe acrobat_reader_dc ≤ 17.009.20058 Yes
Application adobe reader ≤ 11.0.20 Yes
Operating System apple mac_os_x * No
Operating System microsoft windows * No
References