CVE-2017-16404

Published Dec 9, 2017

Last updated 7 years ago

CVSS high 8.8

Overview

Description: An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of processing Enhanced Metafile Format Plus (EMF+). The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.
Source: psirt@adobe.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-125

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43C26AAA-3620-4229-AEFC-78AB3B2AAACF",
            "versionEndIncluding": "11.0.22"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2AD1E919-28D9-4C88-B8F9-95E062E9F9D0",
            "versionEndIncluding": "17.011.30066",
            "versionStartIncluding": "17.0"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43E90FF1-8078-4B18-A492-507E6129D10D",
            "versionEndIncluding": "17.012.20098",
            "versionStartIncluding": "-"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E45BE50E-04BE-49BE-8AFD-DFFAE6D11538",
            "versionEndIncluding": "15.006.30355",
            "versionStartIncluding": "15.0"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA8E1E9D-FE27-4916-9BB3-D3E92BBB5641",
            "versionEndIncluding": "11.0.22"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9346604B-ADB0-471B-9F81-8560E3F516AA",
            "versionEndIncluding": "17.011.30066",
            "versionStartIncluding": "17.0"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A50612A-DC1B-4F64-BF9F-748A15EC6610",
            "versionEndIncluding": "17.012.20098",
            "versionStartIncluding": "-"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "394E8F26-2B1C-47ED-85F9-32BC5E04EC3A",
            "versionEndIncluding": "15.006.30355",
            "versionStartIncluding": "15.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References