CVE-2017-3120

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA parsing engine when handling certain types of internal instructions. Successful exploitation could lead to arbitrary code execution.

Published: Aug 11, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-3120
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
adobe / acrobat	11.0.0	11.0.21
adobe / acrobat_dc	15.000.0000	15.006.30355
adobe / acrobat_dc	17.000.0000	17.011.30066.x
adobe / acrobat_dc	17.000.0000	17.012.20098
adobe / acrobat_reader_dc	15.000.0000	15.006.30355
adobe / acrobat_reader_dc	17.000.0000	17.011.30066
adobe / acrobat_reader_dc	17.000.0000	17.012.20098
adobe / reader	11.0.0	11.0.21

http://www.securityfocus.com/bid/100182
http://www.securitytracker.com/id/1039098
https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

Vulnerability Database

289,784

CVE-2017-3120