CVE-2017-2957

CVE-2017-2957

Name

CVE-2017-2957

Description

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine, related to collaboration functionality. Successful exploitation could lead to arbitrary code execution.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
psirt@adobe.com	http://www.securityfocus.com/bid/95343
psirt@adobe.com	http://www.securitytracker.com/id/1037574
Patch	https://helpx.adobe.com/security/products/acrobat/apsb17-01.html

Type

URI

psirt@adobe.com

http://www.securityfocus.com/bid/95343

psirt@adobe.com

http://www.securitytracker.com/id/1037574

Patch

https://helpx.adobe.com/security/products/acrobat/apsb17-01.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:adobe:acrobat::::::::`	acrobat	>= None	<= 11.0.18
`cpe:2.3:a:adobe:acrobat_dc:::::classic:::*`	acrobat_dc	>= None	<= 15.006.30244
`cpe:2.3:a:adobe:acrobat_dc:::::continuous:::*`	acrobat_dc	>= None	<= 15.020.20042
`cpe:2.3:a:adobe:acrobat_reader_dc:::::classic:::*`	acrobat_reader_dc	>= None	<= 15.006.30244
`cpe:2.3:a:adobe:acrobat_reader_dc:::::continuous:::*`	acrobat_reader_dc	>= None	<= 15.020.20042
`cpe:2.3:a:adobe:reader::::::::`	reader	>= None	<= 11.0.18

CPE URI

Source package

Min version

Max version

cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*

acrobat

>= None

<= 11.0.18

cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*

acrobat_dc

>= None

<= 15.006.30244

cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*

acrobat_dc

>= None

<= 15.020.20042

cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*

acrobat_reader_dc

>= None

<= 15.006.30244

cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*

acrobat_reader_dc

>= None

<= 15.020.20042

cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*

reader

>= None

<= 11.0.18

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
reader	edge-community	0.5.0-r5	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.5.0-r4	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.5.0-r3	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.5.0-r2	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.5.0-r1	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.5.0-r0	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.4.7-r3	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.4.7-r2	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.4.7-r1	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.4.7-r0	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.4.5-r2	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.4.5-r1	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.4.5-r0	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	3.22-community	0.5.0-r4	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	3.22-community	0.5.0-r3	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	3.22-community	0.5.0-r2	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	3.22-community	0.5.0-r1	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	3.22-community	0.4.5-r5	Adam Thiede <me@adamthiede.com>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages