Vulnerability CVE-2017-16368 - Russian Vulnerability Scanner Database

Scores

EPSS

0.000none0.0%

0%20%40%60%80%100%

Percentile: 0.0%

CVSS

8.8high3.x

0246810

CVSS Score: 8.8/10

All CVSS Scores

CVSS 3.x

8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0

9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Description

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability leads to a stack-based buffer overflow condition in the internal Unicode string manipulation module. It is triggered by an invalid PDF file, where a crafted Unicode string causes an out of bounds memory access of a stack allocated buffer, due to improper checks when manipulating an offset of a pointer to the buffer. Attackers can exploit the vulnerability and achieve arbitrary code execution if they can effectively control the accessible memory.

Sources

nvd

CWEs

CWE-119

Vulnerable Software (4)

Type: Configuration

Vendor: adobe

Product: acrobat

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",      "versionEndIncluding": "11.0.22",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:a...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",      "versionEndIncluding": "11.0.22",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",      "versionEndIncluding": "17.011.30066",      "versionStartIncluding": "17.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",      "versionEndIncluding": "17.012.20098",      "versionStartIncluding": "-",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*",      "versionEndIncluding": "15.006.30355",      "versionStartIncluding": "15.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",      "versionEndIncluding": "11.0.22",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",      "versionEndIncluding": "17.011.30066",      "versionStartIncluding": "17.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",      "versionEndIncluding": "17.012.20098",      "versionStartIncluding": "-",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*",      "versionEndIncluding": "15.006.30355",      "versionStartIncluding": "15.0",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: adobe

Product: acrobat_dc

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",      "versionEndIncluding": "11.0.22",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:a...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",      "versionEndIncluding": "11.0.22",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",      "versionEndIncluding": "17.011.30066",      "versionStartIncluding": "17.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",      "versionEndIncluding": "17.012.20098",      "versionStartIncluding": "-",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*",      "versionEndIncluding": "15.006.30355",      "versionStartIncluding": "15.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",      "versionEndIncluding": "11.0.22",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",      "versionEndIncluding": "17.011.30066",      "versionStartIncluding": "17.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",      "versionEndIncluding": "17.012.20098",      "versionStartIncluding": "-",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*",      "versionEndIncluding": "15.006.30355",      "versionStartIncluding": "15.0",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: adobe

Product: acrobat_reader

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",      "versionEndIncluding": "11.0.22",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:a...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",      "versionEndIncluding": "11.0.22",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",      "versionEndIncluding": "17.011.30066",      "versionStartIncluding": "17.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",      "versionEndIncluding": "17.012.20098",      "versionStartIncluding": "-",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*",      "versionEndIncluding": "15.006.30355",      "versionStartIncluding": "15.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",      "versionEndIncluding": "11.0.22",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",      "versionEndIncluding": "17.011.30066",      "versionStartIncluding": "17.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",      "versionEndIncluding": "17.012.20098",      "versionStartIncluding": "-",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*",      "versionEndIncluding": "15.006.30355",      "versionStartIncluding": "15.0",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: adobe

Product: acrobat_reader_dc

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",      "versionEndIncluding": "11.0.22",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:a...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",      "versionEndIncluding": "11.0.22",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",      "versionEndIncluding": "17.011.30066",      "versionStartIncluding": "17.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",      "versionEndIncluding": "17.012.20098",      "versionStartIncluding": "-",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*",      "versionEndIncluding": "15.006.30355",      "versionStartIncluding": "15.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",      "versionEndIncluding": "11.0.22",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",      "versionEndIncluding": "17.011.30066",      "versionStartIncluding": "17.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",      "versionEndIncluding": "17.012.20098",      "versionStartIncluding": "-",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*",      "versionEndIncluding": "15.006.30355",      "versionStartIncluding": "15.0",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Russian Vulnerability Scanner Database

CVE-2017-16368

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

CWEs

Vulnerable Software (4)