Adobe Acrobat and Reader APSB17-11 Use-After-Free Multiple Remote Code Execution Vulnerabilities

Adobe Acrobat and Reader are prone to multiple remote code-execution vulnerabilities.

Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition.

Information

Bugtraq ID: 97550
Class: Unknown
CVE: CVE-2017-3014
CVE-2017-3026
CVE-2017-3027
CVE-2017-3035
CVE-2017-3047
CVE-2017-3057

Remote: Yes
Local: No
Published: Apr 06 2017 12:00AM
Updated: Apr 13 2017 12:03AM
Credit: Anonymously reported via iDefense Vulnerability Contributor Program, Steven Seeley (mr_me) of Offensive Security, Sebastian Apelt (Siberas) working with Trend Micro's Zero Day Initiative, Keen Team working with Trend Micro's Zero Day Initiative.
Vulnerable: Adobe Reader 11.0.19
Adobe Reader 11.0.18
Adobe Reader 11.0.17
Adobe Reader 11.0.16
Adobe Reader 11.0.12
Adobe Reader 11.0.11
Adobe Reader 11.0.7
Adobe Reader 11.0.6
Adobe Reader 11.0.4
Adobe Reader 11.0.3
Adobe Reader 11.0.1
Adobe Reader 11.0.15
Adobe Reader 11.0.14
Adobe Reader 11.0.13
Adobe Reader 11.0.10
Adobe Reader 11.0.09
Adobe Reader 11.0.08
Adobe Reader 11.0.05
Adobe Reader 11.0
Adobe Acrobat Reader DC 2015.8.20082
Adobe Acrobat Reader DC 2015.6.30060
Adobe Acrobat Reader DC 15.23.20070
Adobe Acrobat Reader DC 15.23.20053
Adobe Acrobat Reader DC 15.20.20042
Adobe Acrobat Reader DC 15.20.20039
Adobe Acrobat Reader DC 15.17.20053
Adobe Acrobat Reader DC 15.17.20050
Adobe Acrobat Reader DC 15.16.20045
Adobe Acrobat Reader DC 15.16.20039
Adobe Acrobat Reader DC 15.10.20060
Adobe Acrobat Reader DC 15.10.20059
Adobe Acrobat Reader DC 15.9.20077
Adobe Acrobat Reader DC 15.6.30280
Adobe Acrobat Reader DC 15.6.30279
Adobe Acrobat Reader DC 15.6.30244
Adobe Acrobat Reader DC 15.6.30243
Adobe Acrobat Reader DC 15.6.30201
Adobe Acrobat Reader DC 15.6.30198
Adobe Acrobat Reader DC 15.6.30174
Adobe Acrobat Reader DC 15.6.30172
Adobe Acrobat Reader DC 15.6.30121
Adobe Acrobat Reader DC 15.6.30097
Adobe Acrobat Reader DC 2015.009.20069
Adobe Acrobat Reader DC 2015.007.20033
Adobe Acrobat Reader DC 2015.006.30094
Adobe Acrobat Reader DC 2015.006.30033
Adobe Acrobat Reader DC 15.010.20056
Adobe Acrobat Reader DC 15.006.30119
Adobe Acrobat DC 15.23.20070
Adobe Acrobat DC 15.23.20053
Adobe Acrobat DC 15.20.20042
Adobe Acrobat DC 15.20.20039
Adobe Acrobat DC 15.17.20053
Adobe Acrobat DC 15.17.20050
Adobe Acrobat DC 15.16.20045
Adobe Acrobat DC 15.16.20039
Adobe Acrobat DC 15.10.20060
Adobe Acrobat DC 15.10.20059
Adobe Acrobat DC 15.9.20077
Adobe Acrobat DC 15.6.30280
Adobe Acrobat DC 15.6.30279
Adobe Acrobat DC 15.6.30244
Adobe Acrobat DC 15.6.30243
Adobe Acrobat DC 15.6.30201
Adobe Acrobat DC 15.6.30198
Adobe Acrobat DC 15.6.30174
Adobe Acrobat DC 15.6.30172
Adobe Acrobat DC 15.6.30121
Adobe Acrobat DC 15.6.30097
Adobe Acrobat DC 2015.009.20069
Adobe Acrobat DC 2015.008.20082
Adobe Acrobat DC 2015.007.20033
Adobe Acrobat DC 2015.006.30094
Adobe Acrobat DC 2015.006.30060
Adobe Acrobat DC 2015.006.30033
Adobe Acrobat DC 15.010.20056
Adobe Acrobat DC 15.006.30119
Adobe Acrobat 11.0.19
Adobe Acrobat 11.0.18
Adobe Acrobat 11.0.17
Adobe Acrobat 11.0.16
Adobe Acrobat 11.0.11
Adobe Acrobat 11.0.7
Adobe Acrobat 11.0.6
Adobe Acrobat 11.0.6
Adobe Acrobat 11.0.4
Adobe Acrobat 11.0.2
Adobe Acrobat 11.0
Adobe Acrobat 11.0.9
Adobe Acrobat 11.0.7
Adobe Acrobat 11.0.3
Adobe Acrobat 11.0.15
Adobe Acrobat 11.0.14
Adobe Acrobat 11.0.13
Adobe Acrobat 11.0.12
Adobe Acrobat 11.0.10
Adobe Acrobat 11.0.1
Adobe Acrobat 11.0.09
Adobe Acrobat 11.0.08
Adobe Acrobat 11.0

Not Vulnerable: Adobe Reader 11.0.20
Adobe Acrobat Reader DC 2017.9.20044
Adobe Acrobat Reader DC 2015.6.30306
Adobe Acrobat DC 2017.9.20044
Adobe Acrobat DC 2015.6.30306
Adobe Acrobat 11.0.20

References:

• Adobe Homepage (Adobe)
  
• APSB17-11: Security Updates Available for Adobe Acrobat and Reader (Adobe)
  

Source: www.securityfocus.com