Main Vulnerability Database SB2017080823

SB2017080823 - Multiple vulnerabilities in Adobe Reader and Acrobat

Published: August 8, 2017 Updated: August 14, 2017

Security Bulletin ID SB2017080823

Severity

High

Patch available

YES

Number of vulnerabilities 67

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 67 secuirty vulnerabilities.

1) Memory corruption (CVE-ID: CVE-2017-3016)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious content. A remote attacker can send a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

2) Memory corruption (CVE-ID: CVE-2017-3038)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling malicious content. A remote unauthenticated attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of this vulnerability may result in remote code execution.

The vulnerability was patched in https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

3) Use-after-free error (CVE-ID: CVE-2017-3113)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling malicious content. A remote attacker can send a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

4) Information disclosure (CVE-ID: CVE-2017-3115)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted .pdf file, trick the victim into opening it and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

5) Memory corruption (CVE-ID: CVE-2017-3116)

6) Heap-based buffer overflow (CVE-ID: CVE-2017-3117)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when handling malicious content. A remote attacker can send a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

7) Security restrictions bypass (CVE-ID: CVE-2017-3118)

The vulnerability allows a remote attacker to bypass security restrictions.

The weakness exists due to improper access controls. A remote attacker can send a specially crafted file, trick the victim into opening it, execute malicious attachments and gain access to arbitrary data.

Successful exploitation of the vulnerability results in information disclosure.

8) Memory corruption (CVE-ID: CVE-2017-3119)

9) Use-after-free error (CVE-ID: CVE-2017-3120)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in the XFA parsing engine when handling certain types of internal instructions. A remote attacker can send a specially crafted content, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

10) Heap-based buffer overflow (CVE-ID: CVE-2017-3121)

11) Memory corruption (CVE-ID: CVE-2017-3122)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to Bezier curves. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

12) Memory corruption (CVE-ID: CVE-2017-3123)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data drawing position definitio. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

13) Memory corruption (CVE-ID: CVE-2017-3124)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the picture exchange (PCX) file format parsing module. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

14) Memory corruption (CVE-ID: CVE-2017-11209)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error when reading a JPEG file embedded within XML Paper Specification (XPS) file. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

15) Memory corruption (CVE-ID: CVE-2017-11210)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the font parsing, where the font is embedded in the XML Paper Specification (XPS) file. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

16) Heap-based buffer overflow (CVE-ID: CVE-2017-11211)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow in the JPEG parser. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

17) Memory corruption (CVE-ID: CVE-2017-11212)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text output. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

18) Memory corruption (CVE-ID: CVE-2017-11214)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to rendering a path. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

19) Memory corruption (CVE-ID: CVE-2017-11216)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to bitmap transformations. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

20) Memory corruption (CVE-ID: CVE-2017-11217)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error when processing Enhanced Metafile Format (EMF) data related to drawing of Unicode text strings. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

21) Use-after-free error (CVE-ID: CVE-2017-11218)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in XFA event management. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

22) Use-after-free error (CVE-ID: CVE-2017-11219)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in the XFA rendering engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

23) Heap-based buffer overflow (CVE-ID: CVE-2017-11220)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow in an internal data structure. A remote attacker can send a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

24) Type confusion error (CVE-ID: CVE-2017-11221)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion error in the annotation functionality. A remote attacker can send a specially crafted file, trick the victim into opening it and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

25) Memory corruption (CVE-ID: CVE-2017-11222)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the Product Representation Compact (PRC) engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

26) Use-after-free error (CVE-ID: CVE-2017-11223)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in the core of the XFA engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

27) Use-after-free error (CVE-ID: CVE-2017-11224)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in the XFA layout engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

28) Memory corruption (CVE-ID: CVE-2017-11226)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image processing engine when processing JPEG 2000 (JP2) code stream data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

29) Memory corruption (CVE-ID: CVE-2017-11227)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

30) Memory corruption (CVE-ID: CVE-2017-11228)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing JPEG 2000 (JP2) code stream data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

31) Security restrictions bypass (CVE-ID: CVE-2017-11229)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to improper access controls when manipulating Forms Data Format (FDF). A remote attacker can send a specially crafted file, trick the victim into opening it, bypass security restrictions and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

32) Memory corruption (CVE-ID: CVE-2017-11230)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the JPEG 2000 engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

33) Use-after-free error (CVE-ID: CVE-2017-11231)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in Acrobat/Reader rendering engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

34) Use-after-free error (CVE-ID: CVE-2017-11232)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to use-after-free error when processing Enhanced Metafile Format (EMF) data related to brush manipulation. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

35) Memory corruption (CVE-ID: CVE-2017-11233)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to block transfer of pixels. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

36) Memory corruption (CVE-ID: CVE-2017-11234)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing TIFF data related to the way how the components of each pixel are stored. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

37) Use-after-free error (CVE-ID: CVE-2017-11235)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in the image conversion engine when decompressing JPEG data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

38) Memory corruption (CVE-ID: CVE-2017-11236)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the internal handling of UTF-16 literal strings. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

39) Memory corruption (CVE-ID: CVE-2017-11237)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the font parsing module. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

40) Memory corruption (CVE-ID: CVE-2017-11238)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to curve drawing. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

41) Memory corruption (CVE-ID: CVE-2017-11239)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text strings. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

42) Heap-based buffer overflow (CVE-ID: CVE-2017-11241)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to polygons. A remote attacker can send a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

43) Memory corruption (CVE-ID: CVE-2017-11242)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to line segments. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

44) Memory corruption (CVE-ID: CVE-2017-11243)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the XSLT engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

45) Memory corruption (CVE-ID: CVE-2017-11244)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transformation of blocks of pixels. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

46) Memory corruption (CVE-ID: CVE-2017-11245)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

47) Memory corruption (CVE-ID: CVE-2017-11246)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the image conversion engine when parsing JPEG data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

48) Memory corruption (CVE-ID: CVE-2017-11248)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to pixel block transfer. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

49) Memory corruption (CVE-ID: CVE-2017-11249)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the image conversion engine when parsing an invalid Enhanced Metafile Format (EMF) record. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

50) Memory corruption (CVE-ID: CVE-2017-11251)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the JPEG 2000 parsing module. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

51) Memory corruption (CVE-ID: CVE-2017-11252)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the Adobe Graphics Manager (AGM) module. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

52) Use-after-free error (CVE-ID: CVE-2017-11254)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in the Acrobat/Reader's JavaScript engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

53) Memory corruption (CVE-ID: CVE-2017-11255)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the image conversion engine when processing TIFF color map data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

54) Use-after-free error (CVE-ID: CVE-2017-11256)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when generating content using XFA layout engine. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

55) Type confusion error (CVE-ID: CVE-2017-11257)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion error in the XFA layout engine. A remote attacker can send a specially crafted file, trick the victim into opening it and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

56) Memory corruption (CVE-ID: CVE-2017-11258)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded GIF image. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

57) Memory corruption (CVE-ID: CVE-2017-11259)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

58) Memory corruption (CVE-ID: CVE-2017-11260)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as a GIF image. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

59) Memory corruption (CVE-ID: CVE-2017-11261)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded TIF image. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

60) Memory corruption (CVE-ID: CVE-2017-11262)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing ASCII text string. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

61) Memory corruption (CVE-ID: CVE-2017-11263)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the internal data structure manipulation related to document encoding. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

62) Memory corruption (CVE-ID: CVE-2017-11265)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as JPEG data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

63) Memory corruption (CVE-ID: CVE-2017-11267)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as JPEG data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

64) Memory corruption (CVE-ID: CVE-2017-11268)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private JPEG data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

65) Memory corruption (CVE-ID: CVE-2017-11269)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) image stream data. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

66) Memory corruption (CVE-ID: CVE-2017-11270)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) private data representing icons. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

67) Memory corruption (CVE-ID: CVE-2017-11271)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transfer of pixel blocks. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

SB2017080823 - Multiple vulnerabilities in Adobe Reader and Acrobat

Breakdown by Severity

Description

Remediation

References

Please verify you're human