First published: Fri Aug 11 2017(Updated: )
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 parsing module. Successful exploitation could lead to arbitrary code execution.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe Acrobat Reader | >=11.0.0<=11.0.20 | |
Adobe Acrobat Reader | >=17.011.00000<=17.011.30066 | |
Adobe Acrobat Reader | >=15.006.30060<=15.006.30306 | |
Adobe Acrobat Reader | >=15.007.20033<=17.009.20058 | |
Adobe Acrobat Reader Notification Manager | >=17.011.00000<=17.011.30066 | |
Adobe Acrobat Reader Notification Manager | >=15.006.30060<=15.006.30306 | |
Adobe Acrobat Reader Notification Manager | >=15.007.20033<=17.009.20058 | |
Adobe Acrobat Reader | >=11.0.0<=11.0.20 | |
Apple iOS and macOS | ||
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-11251 is classified as a critical vulnerability due to the potential for arbitrary code execution.
To mitigate CVE-2017-11251, users should update Adobe Acrobat Reader and Acrobat DC to the latest version provided by Adobe.
CVE-2017-11251 affects Adobe Acrobat Reader versions up to 11.0.20, Acrobat DC up to versions 15.006.30306 and 17.009.20058, along with other specified versions.
Successful exploitation of CVE-2017-11251 can lead to arbitrary code execution, potentially allowing attackers to take control of affected systems.
There are no known workarounds for CVE-2017-11251 other than applying the available security updates from Adobe.