nvd-json-data-feeds/CVE-2017/CVE-2017-29xx/CVE-2017-2960.json

{
  "id": "CVE-2017-2960",
  "sourceIdentifier": "psirt@adobe.com",
  "published": "2017-01-11T04:59:01.883",
  "lastModified": "2017-01-18T02:59:22.453",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of EXIF metadata. Successful exploitation could lead to arbitrary code execution."
    },
    {
      "lang": "es",
      "value": "Las versiones de Adobe Acrobat Reader 15.020.20042 y anteriores, 15.006.30244 y anteriores, 11.0.18 y anteriores tienen una vulnerabilidad de corrupci\u00f3n de memoria explotable en el motor de conversi\u00f3n de im\u00e1genes, relacionado con el an\u00e1lisis de metadatos EXIF. Una explotaci\u00f3n satisfactoria podr\u00eda conducir a la ejecuci\u00f3n de c\u00f3digo arbitrario."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "11.0.18",
              "matchCriteriaId": "591061D5-5A3B-4788-9219-E6A267C7F205"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*",
              "versionEndIncluding": "15.006.30244",
              "matchCriteriaId": "2DA73DF1-D517-4D01-A901-11C6A410F3F7"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
              "versionEndIncluding": "15.020.20042",
              "matchCriteriaId": "1044057B-3C1D-4920-B16E-11E8F43B416D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*",
              "versionEndIncluding": "15.006.30244",
              "matchCriteriaId": "65AE21B3-AF0D-480B-9D1A-4D64D2F749D2"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
              "versionEndIncluding": "15.020.20042",
              "matchCriteriaId": "C032D3A4-80F5-4066-97DC-3AED72D6C15A"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "11.0.18",
              "matchCriteriaId": "8D7F2E90-F6DF-41A3-A1DB-26058BEA2A02"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574"
            },
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/bid/95345",
      "source": "psirt@adobe.com"
    },
    {
      "url": "http://www.securitytracker.com/id/1037574",
      "source": "psirt@adobe.com"
    },
    {
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-024",
      "source": "psirt@adobe.com"
    },
    {
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html",
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    }
  ]
}
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"id": "CVE-2017-2960",`
			`"sourceIdentifier": "psirt@adobe.com",`
			`"published": "2017-01-11T04:59:01.883",`
			`"lastModified": "2017-01-18T02:59:22.453",`
			`"vulnStatus": "Modified",`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of EXIF metadata. Successful exploitation could lead to arbitrary code execution."`
			`},`
			`{`
			`"lang": "es",`
			`"value": "Las versiones de Adobe Acrobat Reader 15.020.20042 y anteriores, 15.006.30244 y anteriores, 11.0.18 y anteriores tienen una vulnerabilidad de corrupci\u00f3n de memoria explotable en el motor de conversi\u00f3n de im\u00e1genes, relacionado con el an\u00e1lisis de metadatos EXIF. Una explotaci\u00f3n satisfactoria podr\u00eda conducir a la ejecuci\u00f3n de c\u00f3digo arbitrario."`
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV30": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.0",`
			`"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",`
			`"attackVector": "LOCAL",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "REQUIRED",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 7.8,`
			`"baseSeverity": "HIGH"`
			`},`
			`"exploitabilityScore": 1.8,`
			`"impactScore": 5.9`
			`}`
			`],`
			`"cvssMetricV2": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "2.0",`
			`"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",`
			`"accessVector": "NETWORK",`
			`"accessComplexity": "MEDIUM",`
			`"authentication": "NONE",`
			`"confidentialityImpact": "COMPLETE",`
			`"integrityImpact": "COMPLETE",`
			`"availabilityImpact": "COMPLETE",`
			`"baseScore": 9.3`
			`},`
			`"baseSeverity": "HIGH",`
			`"exploitabilityScore": 8.6,`
			`"impactScore": 10.0,`
			`"acInsufInfo": false,`
			`"obtainAllPrivilege": false,`
			`"obtainUserPrivilege": false,`
			`"obtainOtherPrivilege": false,`
			`"userInteractionRequired": true`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-119"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"operator": "AND",`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:adobe:acrobat::::::::",`
			`"versionEndIncluding": "11.0.18",`
			`"matchCriteriaId": "591061D5-5A3B-4788-9219-E6A267C7F205"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:adobe:acrobat_dc:::::classic:::*",`
			`"versionEndIncluding": "15.006.30244",`
			`"matchCriteriaId": "2DA73DF1-D517-4D01-A901-11C6A410F3F7"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:adobe:acrobat_dc:::::continuous:::*",`
			`"versionEndIncluding": "15.020.20042",`
			`"matchCriteriaId": "1044057B-3C1D-4920-B16E-11E8F43B416D"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:::::classic:::*",`
			`"versionEndIncluding": "15.006.30244",`
			`"matchCriteriaId": "65AE21B3-AF0D-480B-9D1A-4D64D2F749D2"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:::::continuous:::*",`
			`"versionEndIncluding": "15.020.20042",`
			`"matchCriteriaId": "C032D3A4-80F5-4066-97DC-3AED72D6C15A"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:adobe:reader::::::::",`
			`"versionEndIncluding": "11.0.18",`
			`"matchCriteriaId": "8D7F2E90-F6DF-41A3-A1DB-26058BEA2A02"`
			`}`
			`]`
			`},`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": false,`
			`"criteria": "cpe:2.3:o:apple:mac_os_x::::::::",`
			`"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574"`
			`},`
			`{`
			`"vulnerable": false,`
			`"criteria": "cpe:2.3:o:microsoft:windows::::::::",`
			`"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "http://www.securityfocus.com/bid/95345",`
			`"source": "psirt@adobe.com"`
			`},`
			`{`
			`"url": "http://www.securitytracker.com/id/1037574",`
			`"source": "psirt@adobe.com"`
			`},`
			`{`
			`"url": "http://www.zerodayinitiative.com/advisories/ZDI-17-024",`
			`"source": "psirt@adobe.com"`
			`},`
			`{`
			`"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html",`
			`"source": "psirt@adobe.com",`
			`"tags": [`
			`"Patch",`
			`"Vendor Advisory"`
			`]`
			`}`
			`]`
			`}`