9.3

CVE-2017-2949

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeAcrobat Version <= 11.0.18
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Dc SwEditionclassic Version <= 15.006.30244
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Dc SwEditioncontinuous Version <= 15.020.20042
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Dc SwEditionclassic Version <= 15.006.30244
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Dc SwEditioncontinuous Version <= 15.020.20042
   ApplemacOS X
   MicrosoftWindows
AdobeReader Version <= 11.0.18
   ApplemacOS X
   MicrosoftWindows
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 20.42% 0.972
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securitytracker.com/id/1037574
https://helpx.adobe.com/security/products/acrobat/apsb17-01.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/95344
http://www.zerodayinitiative.com/advisories/ZDI-17-005
http://www.zerodayinitiative.com/advisories/ZDI-17-006
http://www.zerodayinitiative.com/advisories/ZDI-17-007
http://www.zerodayinitiative.com/advisories/ZDI-17-008
http://www.zerodayinitiative.com/advisories/ZDI-17-009
http://www.zerodayinitiative.com/advisories/ZDI-17-011
http://www.zerodayinitiative.com/advisories/ZDI-17-012
http://www.zerodayinitiative.com/advisories/ZDI-17-013
http://www.zerodayinitiative.com/advisories/ZDI-17-015
http://www.zerodayinitiative.com/advisories/ZDI-17-016
http://www.zerodayinitiative.com/advisories/ZDI-17-017
http://www.zerodayinitiative.com/advisories/ZDI-17-018
http://www.zerodayinitiative.com/advisories/ZDI-17-019
http://www.zerodayinitiative.com/advisories/ZDI-17-020
http://www.zerodayinitiative.com/advisories/ZDI-17-028
http://www.zerodayinitiative.com/advisories/ZDI-17-029