CVE-2017-2949
HIGHAdobe Acrobat and Reader < 11.0.18, < 15.006.30244, < 15.020.20042 - Heap Overflow in XSLT Engine
Title source: llmDescription
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution.
References (19)
Core 19
Core References
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-17-005
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-17-006
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-17-007
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-17-008
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95344
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037574
Patch, Vendor Advisory x_refsource_confirm
https://helpx.adobe.com/security/products/acrobat/apsb17-01.html
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-17-020
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-17-009
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-17-029
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-17-017
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-17-028
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-17-016
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-17-011
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-17-019
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-17-015
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-17-012
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-17-018
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-17-013
Scores
CVSS v3
7.8
EPSS
0.2042
EPSS Percentile
97.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (7)
adobe/acrobat
< 11.0.18
adobe/acrobat_dc
< 15.006.30244
adobe/acrobat_dc
< 15.020.20042
adobe/acrobat_reader_dc
< 15.006.30244
adobe/acrobat_reader_dc
< 15.020.20042
adobe/reader
< 11.0.18
n/a/Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.
Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.
Published
Jan 11, 2017
Tracked Since
Feb 18, 2026