First published: Wed Apr 12 2017(Updated: )
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XML Forms Architecture (XFA) engine. Successful exploitation could lead to arbitrary code execution.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe Acrobat Reader | <=11.0.19 | |
Adobe Acrobat Reader | <=15.006.30280 | |
Adobe Acrobat Reader | <=15.023.20070 | |
Adobe Acrobat Reader Notification Manager | <=15.006.30280 | |
Adobe Acrobat Reader Notification Manager | <=15.023.20070 | |
Adobe Acrobat Reader | <=11.0.19 | |
Apple iOS and macOS | ||
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-3035 is classified as a critical vulnerability due to its potential for arbitrary code execution.
To mitigate CVE-2017-3035, users should update Adobe Acrobat Reader and Acrobat DC to the latest versions.
CVE-2017-3035 affects Adobe Acrobat Reader versions 11.0.19 and earlier, and Acrobat DC versions 15.006.30280 and earlier, among others.
Successful exploitation of CVE-2017-3035 could potentially lead to data loss or compromise of sensitive information.
Yes, CVE-2017-3035 specifically affects Adobe Acrobat Reader and Acrobat DC.