Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)

VN-2017-55


Adobe Acrobat/Reader Multiple Bugs Let Remote Users Obtain Potentially Sensitive Information Disclosure and Execute Arbitrary Code
Severity Rating: Medium
Systems Affected:
  • Acrobat DC 15.023.20070 and earlier versions for Windows and Macintosh
  • Acrobat Reader DC 15.023.20070 and earlier versions for Windows and Macintosh
  • Acrobat DC 15.006.30280 and earlier versions for Windows and Macintosh
  • Acrobat Reader DC 15.006.30280 and earlier versions for Windows and Macintosh
  • Acrobat XI 11.0.19 and earlier versions for Windows and Macintosh
  • Reader XI 11.0.19 and earlier versions for Windows and Macintosh
Description
Multiple vulnerabilities have been reported in Adobe Acrobat/Reader and they can be exploited by remote attackers to cause arbitrary code to be executed on the target user’s system and obtain potentially sensitive information on the target system. The vulnerabilities reported are as follows:
 
·         A use-after-free memory errors may occur
·         A heap buffer overflows may occur
·         A memory corruption errors may occur
·         An integer overflows may occur
·         A directory search path errors may occur
·         A vulnerability occurs that can allow a remote user to send a specially crafted request to trigger a memory corruption error and view potentially sensitive memory address information on the target system
 
Successful exploitation of these vulnerabilities can allow a remote attacker to create specially crafted content that when loaded by the target user will execute arbitrary code on the target user's system.
 
Solution
Users are advised to apply updates.
More information about the update is available on:
 
Vendor Information
Adobe
 
CVE Information
 
List of other CVE Information is available on:
 
References
Security Tracker
 
Adobe Security Bulletin
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis