|
|||
Rule General Information |
---|
Release Date: | 2017-09-28 | |
Rule Name: | Acrobat and Reader addAnnot Use After Free Vulnerability (CVE-2017-11254) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the Acrobat/Reader's JavaScript engine. The vulnerability is due to an error while processing addAnnot() method. Successful exploitation could lead to arbitrary code execution. | |
Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
Affected OS: | Windows | |
Reference: | CVE-2017-11254 |
|
Solutions |
---|
Upgrading to version 11.0.21, 2015.006.30352, 2017.011.30059 or 2017.012.20093 eliminates this vulnerability. |