CVE-2017-3124

high-risk

Published 2017-08-11

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the picture exchange (PCX) file format parsing module. Successful exploitation could lead to arbitrary code execution.

Do I need to act?

11.5% chance of exploitation in next 30 days

EPSS score — higher than 88% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (6)

Acrobat

Acrobat Dc

Acrobat Reader Dc

Reader

Affected Vendors

Adobe

References (6)

Third Party Advisory http://www.securityfocus.com/bid/100179

Third Party Advisory http://www.securitytracker.com/id/1039098

Patch https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

Third Party Advisory http://www.securityfocus.com/bid/100179

Third Party Advisory http://www.securitytracker.com/id/1039098

Patch https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 11/34 · Low

Exposure 13/34 · Low