CVE-2017-11210

moderate-risk

Published 2017-08-11

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing, where the font is embedded in the XML Paper Specification (XPS) file. Successful exploitation could lead to arbitrary code execution.

Do I need to act?

11.5% chance of exploitation in next 30 days

EPSS score — higher than 88% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (7)

Acrobat

Acrobat Dc

Acrobat Reader

Acrobat Reader Dc

Reader

Affected Vendors

Adobe

References (7)

Third Party Advisory http://www.securityfocus.com/bid/100184

Third Party Advisory http://www.securitytracker.com/id/1039098

Patch https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

Third Party Advisory http://www.zerodayinitiative.com/advisories/ZDI-17-578/

Third Party Advisory http://www.securityfocus.com/bid/100184

Third Party Advisory http://www.securitytracker.com/id/1039098

Patch https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 11/34 · Low

Exposure 14/34 · Moderate