CVE-2017-16362 Information

Description

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions 2017.011.30066 and earlier versions 2015.006.30355 and earlier versions and 11.0.22 and earlier versions. This vulnerability is an instance of an out of bounds read vulnerability in the MakeAccesible plugin when handling font data. It causes an out of bounds memory access which sometimes triggers an access violation exception. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads writes or frees potentially leading to code corruption control-flow hijack or an information leak attack.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/102140 http://www.securitytracker.com/id/1039791 https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8