CVE-2017-2949 - OpenCVE

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Adobe	Acrobat Acrobat Dc Acrobat Reader Dc Reader
Apple	Mac Os X
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:adobe:acrobat::::::::
	cpe:2.3:a:adobe:acrobat_dc:::::classic:::*
	cpe:2.3:a:adobe:acrobat_dc:::::continuous:::*
	cpe:2.3:a:adobe:acrobat_reader_dc:::::classic:::*
	cpe:2.3:a:adobe:acrobat_reader_dc:::::continuous:::*
	cpe:2.3:a:adobe:reader::::::::

OR	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:microsoft:windows::::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/95344
http://www.securitytracker.com/id/1037574
http://www.zerodayinitiative.com/advisories/ZDI-17-005
http://www.zerodayinitiative.com/advisories/ZDI-17-006
http://www.zerodayinitiative.com/advisories/ZDI-17-007
http://www.zerodayinitiative.com/advisories/ZDI-17-008
http://www.zerodayinitiative.com/advisories/ZDI-17-009
http://www.zerodayinitiative.com/advisories/ZDI-17-011
http://www.zerodayinitiative.com/advisories/ZDI-17-012
http://www.zerodayinitiative.com/advisories/ZDI-17-013
http://www.zerodayinitiative.com/advisories/ZDI-17-015
http://www.zerodayinitiative.com/advisories/ZDI-17-016
http://www.zerodayinitiative.com/advisories/ZDI-17-017
http://www.zerodayinitiative.com/advisories/ZDI-17-018
http://www.zerodayinitiative.com/advisories/ZDI-17-019
http://www.zerodayinitiative.com/advisories/ZDI-17-020
http://www.zerodayinitiative.com/advisories/ZDI-17-028
http://www.zerodayinitiative.com/advisories/ZDI-17-029
https://helpx.adobe.com/security/products/acrobat/apsb17-01.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2017-01-11T04:40:00

Updated: 2024-08-05T14:09:17.757Z

Reserved: 2016-12-02T00:00:00

Link: CVE-2017-2949

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-01-11T04:59:01.273

Modified: 2017-01-18T02:59:21.767

Link: CVE-2017-2949

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object