CVE-2017-2947 : Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have a security by

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have a security bypass vulnerability when manipulating Form Data Format (FDF).

Published 2017-01-11 04:59:01

Updated 2017-01-18 02:59:22

Source Adobe Systems Incorporated

View at NVD, CVE.org

Vulnerability category: Input validation

Exploit prediction scoring system (EPSS) score for CVE-2017-2947

Probability of exploitation activity in the next 30 days: 0.21%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 58 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-2947

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: High Availability: None

CWE ids for CVE-2017-2947

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-2947

https://helpx.adobe.com/security/products/acrobat/apsb17-01.html

Adobe Security Bulletin
Patch;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/95348

Adobe Acrobat and Reader CVE-2017-2947 Security Bypass Vulnerability
http://www.securitytracker.com/id/1037574

Adobe Acrobat Reader Multiple Flaws Let Remote Users Bypass Security Restrictions and Execute Arbitrary Code - SecurityTracker

CVEs referencing this url

Products affected by CVE-2017-2947

Adobe » Acrobat
Versions up to, including, (<=) 11.0.18
cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Reader
Versions up to, including, (<=) 11.0.18
cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Acrobat Dc » Continuous Edition
Versions up to, including, (<=) 15.020.20042
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Acrobat Dc » Classic Edition
Versions up to, including, (<=) 15.006.30244
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Acrobat Reader Dc » Classic Edition
Versions up to, including, (<=) 15.006.30244
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Acrobat Reader Dc » Continuous Edition
Versions up to, including, (<=) 15.020.20042
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows

Vulnerability Details : CVE-2017-2947

Exploit prediction scoring system (EPSS) score for CVE-2017-2947

CVSS scores for CVE-2017-2947

CWE ids for CVE-2017-2947

References for CVE-2017-2947

Products affected by CVE-2017-2947