9.3

CVE-2017-11257

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution.

Data is provided by the National Vulnerability Database (NVD)
AdobeAcrobat Version >= 11.0.0 <= 11.0.20
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version >= 17.011.00000 <= 17.011.30066
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Dc SwEditionclassic Version >= 15.006.30060 <= 15.006.30306
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Dc SwEditioncontinuous Version >= 15.007.20033 <= 17.009.20058
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Version >= 17.011.00000 <= 17.011.30066
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Dc SwEditionclassic Version >= 15.006.30060 <= 15.006.30306
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Dc SwEditioncontinuous Version >= 15.007.20033 <= 17.009.20058
   ApplemacOS X
   MicrosoftWindows
AdobeReader Version >= 11.0.0 <= 11.0.20
   ApplemacOS X
   MicrosoftWindows
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 13.24% 0.935
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-704 Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

http://www.securitytracker.com/id/1039098
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/100181
Third Party Advisory
VDB Entry