CVE-2017-3012

EPSS 1.95%
Veröffentlicht 12.04.2017 14:59:01
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle psirt@adobe.com
CVE-Watchlists
Login
Unerledigt
Login

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in the OCR plugin.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Adobe ≫ Acrobat Version <= 11.0.19

Apple ≫ macOS X
Microsoft ≫ Windows

Adobe ≫ Acrobat Dc SwEditionclassic Version <= 15.006.30280

Apple ≫ macOS X
Microsoft ≫ Windows

Adobe ≫ Acrobat Dc SwEditioncontinuous Version <= 15.023.20070

Apple ≫ macOS X
Microsoft ≫ Windows

Adobe ≫ Acrobat Reader Dc SwEditionclassic Version <= 15.006.30280

Apple ≫ macOS X
Microsoft ≫ Windows

Adobe ≫ Acrobat Reader Dc SwEditioncontinuous Version <= 15.023.20070

Apple ≫ macOS X
Microsoft ≫ Windows

Adobe ≫ Reader Version <= 11.0.19

Apple ≫ macOS X
Microsoft ≫ Windows

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.95%	0.829

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

http://www.securitytracker.com/id/1038228

https://helpx.adobe.com/security/products/acrobat/apsb17-11.html

Vendor Advisory

http://www.securityfocus.com/bid/97547

Third Party Advisory

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-3012

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-3012

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-3012

EUVD