cnvd - cnvd-2017-25783

CNVD-2017-25783

Vulnerability from cnvd - Published: 2017-09-08

Title

Adobe Acrobat/Reader内存破坏漏洞（CNVD-2017-25783）

Description

Adobe Reader/Acrobat是一款流行的处理PDF文件的应用程序。 Adobe Reader/Acrobat存在内存破坏漏洞。允许攻击者构建恶意PDF文件，诱使用户解析，可使应用程序崩溃或执行任意的代码。

Severity

高

Patch Name

Adobe Acrobat/Reader内存破坏漏洞（CNVD-2017-25783）的补丁

Patch Description

Adobe Reader/Acrobat是一款流行的处理PDF文件的应用程序。 Adobe Reader/Acrobat存在内存破坏漏洞。允许攻击者构建恶意PDF文件，诱使用户解析，可使应用程序崩溃或执行任意的代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

Reference

http://securitytracker.com/id/1039098 http://www.securityfocus.com/bid/100179

Impacted products

Name
['Adobe Acrobat reader <=2017.009.20058', 'Adobe Acrobat reader <=2017.008.30051', 'Adobe Acrobat reader <=2015.006.30306', 'Adobe Acrobat reader <=11.0.20']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "100179"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-11234",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11234"
    }
  },
  "description": "Adobe Reader/Acrobat\u662f\u4e00\u6b3e\u6d41\u884c\u7684\u5904\u7406PDF\u6587\u4ef6\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nAdobe Reader/Acrobat\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u6784\u5efa\u6076\u610fPDF\u6587\u4ef6\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u7684\u4ee3\u7801\u3002",
  "discovererName": "riusksk of Tencent Security Platform Department, Toan Pham, Jihui Lu of Tencent KeenLab, Ke Liu of Tencent\u0027s Xuanwu LAB working with Trend Micro\u0027s Zero Day Initiative and Steven Seeley (mr_me) of Offensive Security, Heige (a.k.a. SuperHei), kdot working wi",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://helpx.adobe.com/security/products/acrobat/apsb17-24.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-25783",
  "openTime": "2017-09-08",
  "patchDescription": "Adobe Reader/Acrobat\u662f\u4e00\u6b3e\u6d41\u884c\u7684\u5904\u7406PDF\u6587\u4ef6\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nAdobe Reader/Acrobat\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u6784\u5efa\u6076\u610fPDF\u6587\u4ef6\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u7684\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Acrobat/Reader\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2017-25783\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Adobe Acrobat reader \u003c=2017.009.20058",
      "Adobe Acrobat reader  \u003c=2017.008.30051",
      "Adobe Acrobat reader  \u003c=2015.006.30306",
      "Adobe Acrobat reader  \u003c=11.0.20"
    ]
  },
  "referenceLink": "http://securitytracker.com/id/1039098\r\nhttp://www.securityfocus.com/bid/100179",
  "serverity": "\u9ad8",
  "submitTime": "2017-08-09",
  "title": "Adobe Acrobat/Reader\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2017-25783\uff09"
}

CVE-2017-11234 (GCVE-0-2017-11234)

Vulnerability from cvelistv5 – Published: 2017-08-11 19:00 – Updated: 2024-09-16 19:11

Summary

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF data related to the way how the components of each pixel are stored. Successful exploitation could lead to arbitrary code execution.

Severity ?

No CVSS data available.

CWE

Memory Corruption

Assigner

adobe

References

URL

Tags

	https://helpx.adobe.com/security/products/acrobat…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1039098	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/100179	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	Adobe Systems Incorporated	Acrobat Reader	Affected: 2017.009.20058 and earlier Affected: 2017.008.30051 and earlier Affected: 2015.006.30306 and earlier Affected: 11.0.20 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:05:29.908Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html"
          },
          {
            "name": "1039098",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039098"
          },
          {
            "name": "100179",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100179"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Acrobat Reader",
          "vendor": "Adobe Systems Incorporated",
          "versions": [
            {
              "status": "affected",
              "version": "2017.009.20058 and earlier"
            },
            {
              "status": "affected",
              "version": "2017.008.30051 and earlier"
            },
            {
              "status": "affected",
              "version": "2015.006.30306 and earlier"
            },
            {
              "status": "affected",
              "version": "11.0.20 and earlier"
            }
          ]
        }
      ],
      "datePublic": "2017-08-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF data related to the way how the components of each pixel are stored. Successful exploitation could lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory Corruption",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-12T09:57:01",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html"
        },
        {
          "name": "1039098",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039098"
        },
        {
          "name": "100179",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100179"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "DATE_PUBLIC": "2017-08-08T00:00:00",
          "ID": "CVE-2017-11234",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Acrobat Reader",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2017.009.20058 and earlier"
                          },
                          {
                            "version_value": "2017.008.30051 and earlier"
                          },
                          {
                            "version_value": "2015.006.30306 and earlier"
                          },
                          {
                            "version_value": "11.0.20 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe Systems Incorporated"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF data related to the way how the components of each pixel are stored. Successful exploitation could lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Memory Corruption"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html"
            },
            {
              "name": "1039098",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039098"
            },
            {
              "name": "100179",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100179"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2017-11234",
    "datePublished": "2017-08-11T19:00:00Z",
    "dateReserved": "2017-07-13T00:00:00",
    "dateUpdated": "2024-09-16T19:11:01.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-25783

CVE-2017-11234 (GCVE-0-2017-11234)

Tags

Sightings

Nomenclature