CVE-2017-11270: Buffer Overflow
First published: Fri Aug 11 2017(Updated: )
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data representing icons. Successful exploitation could lead to arbitrary code execution.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader | >=11.0.0<=11.0.20 | |
| Adobe Acrobat Reader | >=17.011.00000<=17.011.30066 | |
| Adobe Acrobat Reader DC | >=15.006.30060<=15.006.30306 | |
| Adobe Acrobat Reader DC | >=15.007.20033<=17.009.20058 | |
| Adobe Acrobat Reader Notification Manager | >=17.011.00000<=17.011.30066 | |
| Adobe Acrobat Reader | >=15.006.30060<=15.006.30306 | |
| Adobe Acrobat Reader | >=15.007.20033<=17.009.20058 | |
| Adobe Acrobat Reader | >=11.0.0<=11.0.20 | |
| Apple iOS and macOS | ||
| Microsoft Windows Operating System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-11270?
CVE-2017-11270 is classified as a critical severity vulnerability due to its potential for memory corruption.
How do I fix CVE-2017-11270?
To fix CVE-2017-11270, you should update Adobe Acrobat Reader or Adobe Acrobat DC to the latest version provided by Adobe.
Which versions of Adobe Acrobat are affected by CVE-2017-11270?
CVE-2017-11270 affects Adobe Acrobat Reader versions up to 2017.009.20058 and earlier, as well as Acrobat DC versions up to 15.006.30306 and earlier.
What kind of vulnerability is CVE-2017-11270?
CVE-2017-11270 is a memory corruption vulnerability that occurs in the image conversion engine when processing Enhanced Metafile Format (EMF) private data.
Can CVE-2017-11270 be exploited remotely?
Yes, CVE-2017-11270 can be exploited remotely, making it a serious risk for users of affected Adobe Acrobat products.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/references
- agent/remedy
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/11.0.0
- version/adobe acrobat reader/11.0.20
- version/adobe acrobat reader/17.011.00000
- version/adobe acrobat reader/17.011.30066
- canonical/adobe acrobat reader dc
- version/adobe acrobat reader dc/15.006.30060
- version/adobe acrobat reader dc/15.006.30306
- version/adobe acrobat reader dc/15.007.20033
- version/adobe acrobat reader dc/17.009.20058
- canonical/adobe acrobat reader notification manager
- version/adobe acrobat reader notification manager/17.011.00000
- version/adobe acrobat reader notification manager/17.011.30066
- version/adobe acrobat reader/15.006.30060
- version/adobe acrobat reader/15.006.30306
- version/adobe acrobat reader/15.007.20033
- version/adobe acrobat reader/17.009.20058
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows operating system