9.3
CVSSv2

CVE-2017-3120

Published: 11/08/2017 Updated: 21/08/2019
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Adobe Acrobat Reader 2017.009.20058 and previous versions, 2017.008.30051 and previous versions, 2015.006.30306 and previous versions, and 11.0.20 and previous versions has an exploitable use after free vulnerability in the XFA parsing engine when handling certain types of internal instructions. Successful exploitation could lead to arbitrary code execution.

Affected Products

Vendor Product Versions
AdobeAcrobat11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, 11.0.5, 11.0.6, 11.0.7, 11.0.8, 11.0.9, 11.0.10, 11.0.11, 11.0.12, 11.0.13, 11.0.14, 11.0.15, 11.0.16, 11.0.17, 11.0.18, 11.0.19, 11.0.20
AdobeAcrobat Dc15.000.0000, 15.006.30033, 15.006.30060, 15.006.30094, 15.006.30096, 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30172, 15.006.30173, 15.006.30174, 15.006.30198, 15.006.30201, 15.006.30243, 15.006.30244, 15.006.30279, 15.006.30280, 15.006.30306, 15.006.30352, 15.006.30354, 17.000.0000, 17.009.20044, 17.009.20058, 17.011.30056, 17.011.30059, 17.011.30065, 17.011.30066, 17.012.20093, 17.012.20095, 17.012.20096
AdobeAcrobat Reader Dc15.000.0000, 15.006.30033, 15.006.30060, 15.006.30094, 15.006.30096, 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30172, 15.006.30173, 15.006.30174, 15.006.30198, 15.006.30201, 15.006.30243, 15.006.30244, 15.006.30279, 15.006.30280, 15.006.30306, 15.006.30352, 15.006.30354, 17.000.0000, 17.009.20044, 17.009.20058, 17.011.30059, 17.011.30065, 17.012.20093, 17.012.20095
AdobeReader11.0.0, 11.0.01, 11.0.02, 11.0.03, 11.0.04, 11.0.05, 11.0.06, 11.0.07, 11.0.08, 11.0.09, 11.0.10, 11.0.11, 11.0.12, 11.0.13, 11.0.14, 11.0.15, 11.0.16, 11.0.17, 11.0.18, 11.0.19, 11.0.20