CVE-2017-11220

high-risk

Published 2017-08-11

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in an internal data structure. Successful exploitation could lead to arbitrary code execution.

Do I need to act?

13.2% chance of exploitation in next 30 days

EPSS score — higher than 87% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (7)

Acrobat

Acrobat Dc

Acrobat Reader

Acrobat Reader Dc

Reader

Affected Vendors

Adobe

References (6)

Third Party Advisory http://www.securityfocus.com/bid/100180

Third Party Advisory http://www.securitytracker.com/id/1039098

Patch https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

Third Party Advisory http://www.securityfocus.com/bid/100180

Third Party Advisory http://www.securitytracker.com/id/1039098

Patch https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 12/34 · Low

Exposure 14/34 · Moderate