HomePentest-Tools.com Logo

Adobe Acrobat Security Updates(apsb17-36)-Windows CVE-2017-16377CVE-2017-16378CVE-2017-16360CVE-2017-16388CVE-2017-16389CVE-2017-16390CVE-2017-16393CVE-2017-16398CVE-2017-16381CVE-2017-16385CVE-2017-16392CVE-2017-16395CVE-2017-16396CVE-2017-16363CVE-2017-16365CVE-2017-16374CVE-2017-16384CVE-2017-16386CVE-2017-16387CVE-2017-16368CVE-2017-16383CVE-2017-16391CVE-2017-16410CVE-2017-16362CVE-2017-16370CVE-2017-16376CVE-2017-16382CVE-2017-16394CVE-2017-16397CVE-2017-16399CVE-2017-16400CVE-2017-16401CVE-2017-16402CVE-2017-16403CVE-2017-16404CVE-2017-16405CVE-2017-16408CVE-2017-16409CVE-2017-16412CVE-2017-16414CVE-2017-16417CVE-2017-16418CVE-2017-16420CVE-2017-11293CVE-2017-16407CVE-2017-16413CVE-2017-16415CVE-2017-16416CVE-2017-16361CVE-2017-16366CVE-2017-16369CVE-2017-16380CVE-2017-16419CVE-2017-16367CVE-2017-16379CVE-2017-16406CVE-2017-16364CVE-2017-16371CVE-2017-16372CVE-2017-16373CVE-2017-16375CVE-2017-16411CVE-2017-11307CVE-2017-11308CVE-2017-11240CVE-2017-11250CVE-2017-11306CVE-2017-11253

Severity
CVSSv3 Score
8.8
Vulnerability description

Adobe Acrobat is prone to multiple vulnerabilities.

Risk description

Multiple flaws exist due to: - Two access of uninitialized point vulnerabilities that could result in remote could execution, - Six use after free vulnerabilities that could result in remote code execution. - Five buffer access with incorrect length value vulnerabilities that could result in remote code execution. - Six buffer over-read vulnerabilities that could result in remote code execution. - A buffer overflow vulnerability that could result in remote code execution. - A heap overflow vulnerability that could result in remote code execution. - Two improper validation of array index vulnerabilities that could result in remote code execution. - Multiple out-of-bounds read vulnerabilities that could result in remote code execution. - Four out-of-bounds write vulnerabilities that could result in remote code execution. - Two security bypass vulnerabilities that could result in drive-by-downloads. - A security bypass vulnerability that could result in information disclosure. - A security bypass vulnerability that could result in remote code execution. - A stack exhaustion vulnerability that could result in excessive resource consumption. - Three type confusion vulnerabilities that could result in remote code execution. - Six untrusted pointer dereference vulnerabilities that could result in remote code execution. Please see the references for more information on the vulnerabilities. Successful exploitation will allow remote attackers to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. Also attackers will be able to gain access to potentially sensitive information, get excessive resource consumption and get unintentional downloads of malicious software.

Recommendation

Upgrade to Adobe Acrobat version 11.0.23 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
May 19, 2018
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available