PT-2017-1170 · Adobe · Acrobat Reader

Publicado

2017-01-05

Atualizado

2017-01-18

CVE-2017-2949

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier

Description The issue is caused by a heap buffer overflow vulnerability in the XSLT engine of Adobe Acrobat and Reader. This vulnerability could allow a remote attacker to execute arbitrary code. The vulnerability is related to the XSLT processing and can be exploited through a heap-based buffer overflow, which may lead to remote code execution.

Recommendations For Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier, update to a version that is not affected by this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

BDU:2017-00274

CVE-2017-2949

ZDI-17-005

ZDI-17-006

ZDI-17-007

ZDI-17-008

ZDI-17-009

ZDI-17-011

ZDI-17-012

ZDI-17-013

ZDI-17-015

ZDI-17-016

ZDI-17-017

ZDI-17-018

ZDI-17-019

ZDI-17-020

ZDI-17-028

ZDI-17-029

Produtos afetados

Acrobat Reader

PT-2017-1170 · Adobe · Acrobat Reader

CVE-2017-2949

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 39