Lucene search

AdobeCVE-2017-3023

HistoryApr 12, 2017 - 2:59 p.m.

CVE-2017-3023

2017-04-1214:59:01

CWE-119

adobe

web.nvd.nist.gov

adobe

acrobat reader

vulnerability

memory corruption

jpeg 2000

arbitrary code execution

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.004

Percentile

74.5%

JSON

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JPEG 2000 code-stream tile functionality. Successful exploitation could lead to arbitrary code execution.

Affected configurations

Nvd

Vulners

Node

applemac_os_x

microsoftwindows

AND

adobeacrobatRange≤11.0.19

adobeacrobat_dcRange≤15.006.30280classic

adobeacrobat_dcRange≤15.023.20070continuous

adobeacrobat_reader_dcRange≤15.006.30280classic

adobeacrobat_reader_dcRange≤15.023.20070continuous

adobereaderRange≤11.0.19

VendorProductVersionCPE
applemac_os_x*cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
microsoftwindows*cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
adobeacrobat*cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
adobeacrobat_dc*cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*
adobeacrobat_dc*cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
adobeacrobat_reader_dc*cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*
adobeacrobat_reader_dc*cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
adobereader*cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	mac_os_x	*	cpe:2.3:o:apple:mac_os_x::::::::
microsoft	windows	*	cpe:2.3:o:microsoft:windows::::::::
adobe	acrobat	*	cpe:2.3:a:adobe:acrobat::::::::
adobe	acrobat_dc	*	cpe:2.3:a:adobe:acrobat_dc:::::classic:::*
adobe	acrobat_dc	*	cpe:2.3:a:adobe:acrobat_dc:::::continuous:::*
adobe	acrobat_reader_dc	*	cpe:2.3:a:adobe:acrobat_reader_dc:::::classic:::*
adobe	acrobat_reader_dc	*	cpe:2.3:a:adobe:acrobat_reader_dc:::::continuous:::*
adobe	reader	*	cpe:2.3:a:adobe:reader::::::::

CNA Affected

[
  {
    "product": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier."
      }
    ]
  }
]