Vulnerability Details : CVE-2017-11257
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution.
Products affected by CVE-2017-11257
- Adobe » Acrobat ReaderVersions from including (>=) 17.011.00000 and up to, including, (<=) 17.011.30066cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*
- Adobe » Acrobat Dc » Classic EditionVersions from including (>=) 15.006.30060 and up to, including, (<=) 15.006.30306cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*
- Adobe » Acrobat Dc » Continuous EditionVersions from including (>=) 15.007.20033 and up to, including, (<=) 17.009.20058cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
- Adobe » Acrobat Reader Dc » Classic EditionVersions from including (>=) 15.006.30060 and up to, including, (<=) 15.006.30306cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*
- Adobe » Acrobat Reader Dc » Continuous EditionVersions from including (>=) 15.007.20033 and up to, including, (<=) 17.009.20058cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-11257
13.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-11257
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST | |
|
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2017-11257
-
The product does not correctly convert an object, resource, or structure from one type to a different type.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-11257
-
https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Adobe Security BulletinPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/100181
Adobe Acrobat and Reader Type Confusion APSB17-24 Multiple Remote Code Execution VulnerabilitiesThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1039098
Adobe Acrobat/Reader Multiple Bugs Let Remote Users Obtain Potentially Sensitive Information Disclosure, Bypass Security, and Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
Jump to