CVE-2017-3012

Name of the Vulnerable Software and Affected Versions Adobe Acrobat Reader versions 11.0.19 and earlier Adobe Acrobat Reader versions 15.006.30280 and earlier Adobe Acrobat Reader versions 15.023.20070 and earlier

Description The issue is related to an insecure library loading (DLL hijacking) vulnerability in the OCR plugin of Adobe Acrobat and Reader. This vulnerability is associated with security setting errors in the OCR plugin of Adobe Reader, Adobe Acrobat, Adobe Acrobat Document Cloud, and Adobe Reader Document Cloud. Exploitation of this issue may allow a remote attacker to compromise the confidentiality, integrity, and availability of protected information. A directory search path used to find resources vulnerability in Adobe Acrobat and Reader allows attackers to execute code.

Recommendations For Adobe Acrobat Reader versions 11.0.19 and earlier, update to a version later than 11.0.19 to resolve the issue. For Adobe Acrobat Reader versions 15.006.30280 and earlier, update to a version later than 15.006.30280 to resolve the issue. For Adobe Acrobat Reader versions 15.023.20070 and earlier, update to a version later than 15.023.20070 to resolve the issue. As a temporary workaround, consider disabling the OCR plugin until a patch is available. Restrict access to the vulnerable directory search path to minimize the risk of exploitation.