CVE-2017-3116

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the MakeAccessible plugin when parsing TrueType font data. Successful exploitation could lead to arbitrary code execution.

Published: Aug 11, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-3116
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
adobe / acrobat	11.0.0	11.0.21
adobe / acrobat_dc	15.000.0000	15.006.30355
adobe / acrobat_dc	17.000.0000	17.011.30066.x
adobe / acrobat_dc	17.000.0000	17.012.20098
adobe / acrobat_reader_dc	15.000.0000	15.006.30355
adobe / acrobat_reader_dc	17.000.0000	17.011.30066
adobe / acrobat_reader_dc	17.000.0000	17.012.20098
adobe / reader	11.0.0	11.0.21

http://www.securityfocus.com/bid/100179
http://www.securitytracker.com/id/1039098
https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

Vulnerability Database

289,697

CVE-2017-3116