CVE-2017-16406
HIGHAdobe Acrobat and Reader <2017.012.20098 - Memory Corruption
Title source: llmDescription
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion vulnerability in the EMF processing module. The issue causes the program to access an object using an incompatible type, leading to an out of bounds memory access. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees -- potentially leading to code corruption, control-flow hijack, or information leak attack.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039791
Vendor Advisory x_refsource_confirm
https://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101815
Scores
CVSS v3
8.8
EPSS
0.0867
EPSS Percentile
92.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-125
Status
published
Products (7)
adobe/acrobat
< 11.0.22
adobe/acrobat_dc
- - 17.012.20098
adobe/acrobat_dc
15.0 - 15.006.30355
adobe/acrobat_reader
< 11.0.22
adobe/acrobat_reader_dc
- - 17.012.20098
adobe/acrobat_reader_dc
15.0 - 15.006.30355
n/a/Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions
Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.
Published
Dec 09, 2017
Tracked Since
Feb 18, 2026