Vulnerability Details : CVE-2017-3036
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in image conversion related to processing of the PCX (picture exchange) file format. Successful exploitation could lead to arbitrary code execution.
Vulnerability category: Memory Corruption
Exploit prediction scoring system (EPSS) score for CVE-2017-3036
Probability of exploitation activity in the next 30 days: 16.01%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-3036
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-3036
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-3036
-
https://helpx.adobe.com/security/products/acrobat/apsb17-11.html
Adobe Security BulletinVendor Advisory
-
http://www.securityfocus.com/bid/97556
Adobe Acrobat and Reader APSB17-11 Multiple Unspecified Memory Corruption VulnerabilitiesThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1038228
Adobe Acrobat/Reader Multiple Bugs Let Remote Users Obtain Potentially Sensitive Information Disclosure and Execute Arbitrary Code - SecurityTracker
-
http://www.zerodayinitiative.com/advisories/ZDI-17-262/
ZDI-17-262 | Zero Day InitiativeThird Party Advisory;VDB Entry
Products affected by CVE-2017-3036
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*