CVE-2017-11232

high-risk

Published 2017-08-11

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when processing Enhanced Metafile Format (EMF) data related to brush manipulation. Successful exploitation could lead to arbitrary code execution.

Do I need to act?

12.4% chance of exploitation in next 30 days

EPSS score — higher than 88% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (7)

Acrobat

Acrobat Dc

Acrobat Reader

Acrobat Reader Dc

Reader

Affected Vendors

Adobe

References (6)

Third Party Advisory http://www.securityfocus.com/bid/100185

Third Party Advisory http://www.securitytracker.com/id/1039098

Patch https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

Third Party Advisory http://www.securityfocus.com/bid/100185

Third Party Advisory http://www.securitytracker.com/id/1039098

Patch https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

/ 100

high-risk

Severity 24/34 · High

Exploitability 12/34 · Low

Exposure 14/34 · Moderate