CVSS: 9.3EPSS: 10%CPEs: 8EXPL: 0CVE-2017-16397 – Adobe Acrobat Pro DC ImageConversion EMF EMR_STRETCHDIBITS cySrc Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-16397
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of Enhanced Metafile Format (EMF) processing within the image conversion module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. Se ha descubierto un problema en Adobe Acrobat y Reader: 2017.012.20098 y versiones anteriores, 2017.011.30066 y versiones anteriores, 2015.006.30355 y versiones anteriores y 11.0.22 y versiones anteriores. • http://www.securityfocus.com/bid/102140 http://www.securitytracker.com/id/1039791 https://helpx.adobe.com/security/products/acrobat/apsb17-36.html • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 2%CPEs: 8EXPL: 0CVE-2017-16368 – Adobe Acrobat Pro DC PDF Forms Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-16368
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability leads to a stack-based buffer overflow condition in the internal Unicode string manipulation module. It is triggered by an invalid PDF file, where a crafted Unicode string causes an out of bounds memory access of a stack allocated buffer, due to improper checks when manipulating an offset of a pointer to the buffer. Attackers can exploit the vulnerability and achieve arbitrary code execution if they can effectively control the accessible memory. Se ha descubierto un problema en Adobe Acrobat y Reader: 2017.012.20098 y versiones anteriores, 2017.011.30066 y versiones anteriores, 2015.006.30355 y versiones anteriores y 11.0.22 y versiones anteriores. • http://www.securityfocus.com/bid/101816 http://www.securitytracker.com/id/1039791 https://helpx.adobe.com/security/products/acrobat/apsb17-36.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2017-16370
https://notcve.org/view.php?id=CVE-2017-16370
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs because of a computation that reads data that is past the end of the target buffer; the computation is a part of the JavaScript engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. Se ha descubierto un problema en Adobe Acrobat y Reader: 2017.012.20098 y versiones anteriores, 2017.011.30066 y versiones anteriores, 2015.006.30355 y versiones anteriores y 11.0.22 y versiones anteriores. • http://www.securityfocus.com/bid/102140 http://www.securitytracker.com/id/1039791 https://helpx.adobe.com/security/products/acrobat/apsb17-36.html • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 1%CPEs: 8EXPL: 0CVE-2017-16389
https://notcve.org/view.php?id=CVE-2017-16389
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access. Successful exploitation could lead to arbitrary code execution. Se ha descubierto un problema en Adobe Acrobat y Reader: 2017.012.20098 y versiones anteriores, 2017.011.30066 y versiones anteriores, 2015.006.30355 y versiones anteriores y 11.0.22 y versiones anteriores. • http://www.securityfocus.com/bid/101818 http://www.securitytracker.com/id/1039791 https://helpx.adobe.com/security/products/acrobat/apsb17-36.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 1%CPEs: 8EXPL: 0CVE-2017-16360
https://notcve.org/view.php?id=CVE-2017-16360
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the MakeAccessible plugin, when creating an internal data structure. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. Se ha descubierto un problema en Adobe Acrobat y Reader: 2017.012.20098 y versiones anteriores, 2017.011.30066 y versiones anteriores, 2015.006.30355 y versiones anteriores y 11.0.22 y versiones anteriores. • http://www.securityfocus.com/bid/101818 http://www.securitytracker.com/id/1039791 https://helpx.adobe.com/security/products/acrobat/apsb17-36.html • CWE-416: Use After Free •