Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-3120

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA parsing engine when handling certain types of internal instructions. Successful exploitation could lead to arbitrary code execution.

Published

2017-08-11T19:29:02.790

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.6

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-416
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application adobe acrobat < 11.0.21 Yes
Application adobe acrobat_dc < 15.006.30355 Yes
Application adobe acrobat_dc ≤ 17.011.30066 Yes
Application adobe acrobat_dc < 17.012.20098 Yes
Application adobe acrobat_reader_dc < 15.006.30355 Yes
Application adobe acrobat_reader_dc < 17.011.30066 Yes
Application adobe acrobat_reader_dc < 17.012.20098 Yes
Application adobe reader < 11.0.21 Yes
Operating System apple mac_os_x * No
Operating System microsoft windows * No
References