Beschreibung
Multiple serious vulnerabilities have been found in Adobe Acrobat and Adobe Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code or bypass security restrictions.
Below is a complete list of vulnerabilities:
- A type confusion vulnerability in the XSLT engine related to localization functionality can be exploited remotely to execute arbitrary code;
- Use-after-free vulnerabilities in XFA engine, which are related to layout functionality, sub-form functionality and validation functionality can be exploited remotely to execute arbitrary code;
- Use-after-free vulnerabilities in JavaScript engine can be exploited remotely to execute arbitrary code;
- Heap buffer overflow vulnerabilities while processing and parsing TIFF image data can be exploited remotely to execute arbitrary code;
- Heap buffer overflow vulnerability while parsing the segment for storing non-graphic information can be exploited remotely to execute arbitrary code;
- Heap buffer overflow vulnerability in the XSLT engine can be exploited remotely to execute arbitrary code;
- Heap buffer overflow vulnerabilities in the image conversion engine, which are related to parsing of color profile metadata and parsing malformed TIFF segments can be exploited remotely to execute arbitrary code;
- Buffer overflow/underflow vulnerabilities in XFA engine and the image conversion module related to parsing tags in TIFF files can be exploited remotely to execute arbitrary code;
- Memory corruption vulnerabilities in processing a malformed cross-reference table, JPEG 2000 files, Compact Format data, tags in TIFF images can be exploited remotely to execute arbitrary code;
- Memory corruption vulnerabilities in parsing of crafted TIFF image, image conversion module when processing TIFF image files or handling malformed ones can be exploited remotely to execute arbitrary code;
- Memory corruption vulnerabilities in image conversion engine related to parsing of EXIF (JPEG EXIF) metadata, TIFF file parsing and handling of the color profile in a TIFF file can be exploited remotely to execute arbitrary code;
- Memory corruption vulnerability in the XFA engine related to structure and organization of a form can be exploited remotely to execute arbitrary code;
- Vulnerability occuring while manipulating Form Data Format (FDF) can be exploited remotely to bypass security restrictions;
- Heap buffer overflow vulnerabilities in the JPEG decoder routine and in the XSLT engine related to template manipulation can be exploited remotely to execute arbitrary code;
- Memory corruption vulnerability in the image conversion module related to JPEG parsing can be exploited remotely to execute arbitrary code.
NB: Not every vulnerability already have CVSS rating so cumulative CVSS rating can be not representative.
NB: At this moment Adobe has just reserved CVE numbers for some of these vulnerabilities. Information can be changed soon.
Ursprüngliche Informationshinweise
CVE Liste
- CVE-2017-2939 critical
- CVE-2017-2940 critical
- CVE-2017-2941 critical
- CVE-2017-2942 critical
- CVE-2017-2943 critical
- CVE-2017-2944 critical
- CVE-2017-2945 critical
- CVE-2017-2946 critical
- CVE-2017-2947 critical
- CVE-2017-2948 critical
- CVE-2017-2972 critical
- CVE-2017-2971 critical
- CVE-2017-2970 critical
- CVE-2017-2967 critical
- CVE-2017-2966 critical
- CVE-2017-2965 critical
- CVE-2017-2964 critical
- CVE-2017-2963 critical
- CVE-2017-2962 critical
- CVE-2017-2961 critical
- CVE-2017-2960 critical
- CVE-2017-2959 critical
- CVE-2017-2958 critical
- CVE-2017-2957 critical
- CVE-2017-2956 critical
- CVE-2017-2955 critical
- CVE-2017-2954 critical
- CVE-2017-2953 critical
- CVE-2017-2952 critical
- CVE-2017-2951 critical
- CVE-2017-2950 critical
- CVE-2017-2949 critical
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com
Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!