Vulnerability Details : CVE-2017-2949
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution.
Vulnerability category: Overflow
Products affected by CVE-2017-2949
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-2949
80.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-2949
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-2949
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-2949
-
http://www.zerodayinitiative.com/advisories/ZDI-17-006
ZDI-17-006 | Zero Day Initiative
-
http://www.zerodayinitiative.com/advisories/ZDI-17-028
ZDI-17-028 | Zero Day Initiative
-
http://www.zerodayinitiative.com/advisories/ZDI-17-005
ZDI-17-005 | Zero Day Initiative
-
http://www.zerodayinitiative.com/advisories/ZDI-17-011
ZDI-17-011 | Zero Day Initiative
-
http://www.zerodayinitiative.com/advisories/ZDI-17-020
ZDI-17-020 | Zero Day Initiative
-
http://www.zerodayinitiative.com/advisories/ZDI-17-015
ZDI-17-015 | Zero Day Initiative
-
https://helpx.adobe.com/security/products/acrobat/apsb17-01.html
Adobe Security BulletinPatch;Vendor Advisory
-
http://www.zerodayinitiative.com/advisories/ZDI-17-029
ZDI-17-029 | Zero Day Initiative
-
http://www.zerodayinitiative.com/advisories/ZDI-17-008
ZDI-17-008 | Zero Day Initiative
-
http://www.zerodayinitiative.com/advisories/ZDI-17-019
ZDI-17-019 | Zero Day Initiative
-
http://www.zerodayinitiative.com/advisories/ZDI-17-017
ZDI-17-017 | Zero Day Initiative
-
http://www.securityfocus.com/bid/95344
Adobe Acrobat and Reader Multiple Unspecified Heap Buffer Overflow Vulnerabilities
-
http://www.zerodayinitiative.com/advisories/ZDI-17-007
ZDI-17-007 | Zero Day Initiative
-
http://www.zerodayinitiative.com/advisories/ZDI-17-016
ZDI-17-016 | Zero Day Initiative
-
http://www.zerodayinitiative.com/advisories/ZDI-17-018
ZDI-17-018 | Zero Day Initiative
-
http://www.zerodayinitiative.com/advisories/ZDI-17-009
ZDI-17-009 | Zero Day Initiative
-
http://www.zerodayinitiative.com/advisories/ZDI-17-013
ZDI-17-013 | Zero Day Initiative
-
http://www.securitytracker.com/id/1037574
Adobe Acrobat Reader Multiple Flaws Let Remote Users Bypass Security Restrictions and Execute Arbitrary Code - SecurityTracker
-
http://www.zerodayinitiative.com/advisories/ZDI-17-012
ZDI-17-012 | Zero Day Initiative
Jump to