CVE-2017-16362

Published Dec 9, 2017

Last updated 7 years ago

CVSS high 8.8

Overview

Description: An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of an out of bounds read vulnerability in the MakeAccesible plugin, when handling font data. It causes an out of bounds memory access, which sometimes triggers an access violation exception. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack.
Source: psirt@adobe.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-125

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43C26AAA-3620-4229-AEFC-78AB3B2AAACF",
            "versionEndIncluding": "11.0.22"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2AD1E919-28D9-4C88-B8F9-95E062E9F9D0",
            "versionEndIncluding": "17.011.30066",
            "versionStartIncluding": "17.0"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43E90FF1-8078-4B18-A492-507E6129D10D",
            "versionEndIncluding": "17.012.20098",
            "versionStartIncluding": "-"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E45BE50E-04BE-49BE-8AFD-DFFAE6D11538",
            "versionEndIncluding": "15.006.30355",
            "versionStartIncluding": "15.0"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA8E1E9D-FE27-4916-9BB3-D3E92BBB5641",
            "versionEndIncluding": "11.0.22"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9346604B-ADB0-471B-9F81-8560E3F516AA",
            "versionEndIncluding": "17.011.30066",
            "versionStartIncluding": "17.0"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A50612A-DC1B-4F64-BF9F-748A15EC6610",
            "versionEndIncluding": "17.012.20098",
            "versionStartIncluding": "-"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "394E8F26-2B1C-47ED-85F9-32BC5E04EC3A",
            "versionEndIncluding": "15.006.30355",
            "versionStartIncluding": "15.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References