CVE-2017-11210

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing, where the font is embedded in the XML Paper Specification (XPS) file. Successful exploitation could lead to arbitrary code execution.
References
Link Resource
http://www.securityfocus.com/bid/100184 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039098 Third Party Advisory VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-17-578/ Third Party Advisory VDB Entry
https://helpx.adobe.com/security/products/acrobat/apsb17-24.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-08-11 19:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-11210

Mitre link : CVE-2017-11210

CVE.ORG link : CVE-2017-11210


JSON object : View

Products Affected

microsoft

  • windows

adobe

  • acrobat_reader
  • acrobat_reader_dc
  • acrobat
  • reader
  • acrobat_dc

apple

  • mac_os_x
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer