CVE-2017-3121

Name of the Vulnerable Software and Affected Versions Adobe Acrobat Reader versions 2017.009.20058 and earlier Adobe Acrobat Reader versions 2017.008.30051 and earlier Adobe Acrobat Reader versions 2015.006.30306 and earlier Adobe Acrobat Reader version 11.0.20 and earlier

Description The issue is related to a memory corruption vulnerability in the Enhanced Metafile Format (EMF) parser, which could lead to arbitrary code execution. A heap overflow vulnerability allows attackers to execute code remotely. The vulnerability is also described as an out-of-bounds read information disclosure and a heap-based buffer overflow remote code execution vulnerability in the ImageConversion EMF parsing component.

Recommendations For Adobe Acrobat Reader version 11.0.20 and earlier, update to a version later than 11.0.20. For Adobe Acrobat Reader versions 2015.006.30306 and earlier, update to a version later than 2015.006.30306. For Adobe Acrobat Reader versions 2017.008.30051 and earlier, update to a version later than 2017.008.30051. For Adobe Acrobat Reader versions 2017.009.20058 and earlier, update to a version later than 2017.009.20058. As a temporary workaround, consider disabling the EMF parsing component until a patch is available. Restrict access to the ImageConversion module to minimize the risk of exploitation. Avoid using the EMF format in the affected Adobe Acrobat Reader versions until the issue is resolved.