CVE-2017-11308
First published: Sat May 19 2018(Updated: )
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader | >=11.0.0<=11.0.22 | |
| Adobe Acrobat Reader | >=17.011.30066<17.011.30068 | |
| Adobe Acrobat Reader DC | >=15.006.30355<15.006.30392 | |
| Adobe Acrobat Reader DC | >=17.012.20098<18.009.20044 | |
| Adobe Acrobat Reader Notification Manager | >=11.0.0<=11.0.22 | |
| Adobe Acrobat Reader Notification Manager | >=17.011.30066<17.011.30068 | |
| Adobe Acrobat Reader | >=15.006.30355<15.006.30392 | |
| Adobe Acrobat Reader | >=17.012.20098<18.009.20044 | |
| macOS | ||
| Microsoft Windows Operating System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-11308?
CVE-2017-11308 is considered a critical vulnerability due to the potential for arbitrary code execution.
How do I fix CVE-2017-11308?
To fix CVE-2017-11308, upgrade to Adobe Acrobat and Reader versions that are higher than those listed in the vulnerability report.
Which versions are affected by CVE-2017-11308?
CVE-2017-11308 impacts Adobe Acrobat and Reader versions up to 11.0.22, 2017.011.30066, 2015.006.30355, and earlier.
What types of attacks can result from CVE-2017-11308?
Successful exploitation of CVE-2017-11308 can allow attackers to execute arbitrary code in the context of the current user.
Does CVE-2017-11308 affect both Windows and macOS platforms?
CVE-2017-11308 primarily affects Adobe Acrobat software, and it does not impact Windows and macOS operating systems directly.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/11.0.0
- version/adobe acrobat reader/11.0.22
- version/adobe acrobat reader/17.011.30066
- canonical/adobe acrobat reader dc
- version/adobe acrobat reader dc/15.006.30355
- version/adobe acrobat reader dc/17.012.20098
- canonical/adobe acrobat reader notification manager
- version/adobe acrobat reader notification manager/11.0.0
- version/adobe acrobat reader notification manager/11.0.22
- version/adobe acrobat reader notification manager/17.011.30066
- version/adobe acrobat reader/15.006.30355
- version/adobe acrobat reader/17.012.20098
- vendor/apple
- canonical/macos
- vendor/microsoft
- canonical/microsoft windows operating system