CVE-2017-11219

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA rendering engine. Successful exploitation could lead to arbitrary code execution.

Published: Aug 11, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-11219
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
adobe / acrobat	11.0.0	11.0.20.x
adobe / acrobat	17.011.00000	17.011.30066.x
adobe / acrobat_dc	15.006.30060	15.006.30306.x
adobe / acrobat_dc	15.007.20033	17.009.20058.x
adobe / acrobat_reader	17.011.00000	17.011.30066.x
adobe / acrobat_reader_dc	15.006.30060	15.006.30306.x
adobe / acrobat_reader_dc	15.007.20033	17.009.20058.x
adobe / reader	11.0.0	11.0.20.x

http://www.securityfocus.com/bid/100182
http://www.securitytracker.com/id/1039098
http://www.zerodayinitiative.com/advisories/ZDI-17-585/
https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

Vulnerability Database

289,697

CVE-2017-11219