First published: Fri Aug 11 2017(Updated: )
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the picture exchange (PCX) file format parsing module. Successful exploitation could lead to arbitrary code execution.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe Acrobat Reader | >=11.0.0<11.0.21 | |
Adobe Acrobat Reader | >=15.000.0000<15.006.30355 | |
Adobe Acrobat Reader | >=17.000.0000<=17.011.30066 | |
Adobe Acrobat Reader | >=17.000.0000<17.012.20098 | |
Adobe Acrobat Reader Notification Manager | >=15.000.0000<15.006.30355 | |
Adobe Acrobat Reader Notification Manager | >=17.000.0000<17.011.30066 | |
Adobe Acrobat Reader Notification Manager | >=17.000.0000<17.012.20098 | |
Adobe Acrobat Reader | >=11.0.0<11.0.21 | |
Apple iOS and macOS | ||
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-3124 is classified as a critical vulnerability due to its potential to allow arbitrary code execution.
To fix CVE-2017-3124, users should update their Adobe Acrobat Reader or Adobe Acrobat DC to the latest version available.
CVE-2017-3124 affects Adobe Acrobat Reader versions before 11.0.21 and Adobe Acrobat DC versions prior to 17.012.20098.
Successful exploitation of CVE-2017-3124 can lead to arbitrary code execution, allowing attackers to execute malicious code on the affected system.
There are no known effective workarounds for CVE-2017-3124, and the best course of action is to apply the required updates.