|
|
|||
| Rule General Information |
|---|
| Release Date: | 2017-09-28 | |
| Rule Name: | Acrobat and Reader addAnnot Use After Free Vulnerability (CVE-2017-11254) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the Acrobat/Reader's JavaScript engine. The vulnerability is due to an error while processing addAnnot() method. Successful exploitation could lead to arbitrary code execution. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows | |
| Reference: | CVE-2017-11254 |
|
| Solutions |
|---|
| Upgrading to version 11.0.21, 2015.006.30352, 2017.011.30059 or 2017.012.20093 eliminates this vulnerability. |