PT-2017-1170 · Adobe · Acrobat Reader

Published

2017-01-05

Updated

2017-01-18

CVE-2017-2949

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier

Description The issue is caused by a heap buffer overflow vulnerability in the XSLT engine of Adobe Acrobat and Reader. This vulnerability could allow a remote attacker to execute arbitrary code. The vulnerability is related to the XSLT processing and can be exploited through a heap-based buffer overflow, which may lead to remote code execution.

Recommendations For Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier, update to a version that is not affected by this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2017-00274

CVE-2017-2949

ZDI-17-005

ZDI-17-006

ZDI-17-007

ZDI-17-008

ZDI-17-009

ZDI-17-011

ZDI-17-012

ZDI-17-013

ZDI-17-015

ZDI-17-016

ZDI-17-017

ZDI-17-018

ZDI-17-019

ZDI-17-020

ZDI-17-028

ZDI-17-029

Affected Products

Acrobat Reader

PT-2017-1170 · Adobe · Acrobat Reader

CVE-2017-2949

Weakness Enumeration

Related Identifiers

Affected Products

References · 39