CVE-2017-2950

HIGH

Adobe Acrobat and Reader < 11.0.18, < 15.006.30244, < 15.020.20042 - Use-After-Free in XFA Engine Layout

Title source: llm
STIX 2.1

Description

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution.

References (4)

Core 4
Core References
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-17-021
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037574
Patch, Vendor Advisory x_refsource_confirm
https://helpx.adobe.com/security/products/acrobat/apsb17-01.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/95343

Scores

CVSS v3 7.8
EPSS 0.0422
EPSS Percentile 89.8%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (7)
adobe/acrobat < 11.0.18
adobe/acrobat_dc < 15.006.30244
adobe/acrobat_dc < 15.020.20042
adobe/acrobat_reader_dc < 15.006.30244
adobe/acrobat_reader_dc < 15.020.20042
adobe/reader < 11.0.18
n/a/Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier. Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.
Published Jan 11, 2017
Tracked Since Feb 18, 2026