mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
169 lines
5.9 KiB
JSON
169 lines
5.9 KiB
JSON
{
|
|
"id": "CVE-2017-16377",
|
|
"sourceIdentifier": "psirt@adobe.com",
|
|
"published": "2017-12-09T06:29:01.537",
|
|
"lastModified": "2017-12-15T14:53:07.200",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not been initialized in the main DLL. In this case, a computation defines a read from an unexpected memory location. Therefore, an attacker might be able to read sensitive portions of memory."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se ha descubierto un problema en Adobe Acrobat y Reader: 2017.012.20098 y versiones anteriores, 2017.011.30066 y versiones anteriores, 2015.006.30355 y versiones anteriores y 11.0.22 y versiones anteriores. La vulnerabilidad se debe a un c\u00e1lculo que accede a un puntero que no se ha inicializado en el DLL principal. En este caso, un c\u00e1lculo define una lectura desde una ubicaci\u00f3n de memoria inesperada. Por lo tanto, un atacante podr\u00eda ser capaz de leer secciones de memoria sensibles."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 8.8,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "COMPLETE",
|
|
"integrityImpact": "COMPLETE",
|
|
"availabilityImpact": "COMPLETE",
|
|
"baseScore": 9.3
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 10.0,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-824"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "11.0.22",
|
|
"matchCriteriaId": "43C26AAA-3620-4229-AEFC-78AB3B2AAACF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "17.0",
|
|
"versionEndIncluding": "17.011.30066",
|
|
"matchCriteriaId": "2AD1E919-28D9-4C88-B8F9-95E062E9F9D0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
|
|
"versionStartIncluding": "-",
|
|
"versionEndIncluding": "17.012.20098",
|
|
"matchCriteriaId": "43E90FF1-8078-4B18-A492-507E6129D10D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*",
|
|
"versionStartIncluding": "15.0",
|
|
"versionEndIncluding": "15.006.30355",
|
|
"matchCriteriaId": "E45BE50E-04BE-49BE-8AFD-DFFAE6D11538"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "11.0.22",
|
|
"matchCriteriaId": "FA8E1E9D-FE27-4916-9BB3-D3E92BBB5641"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "17.0",
|
|
"versionEndIncluding": "17.011.30066",
|
|
"matchCriteriaId": "9346604B-ADB0-471B-9F81-8560E3F516AA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
|
|
"versionStartIncluding": "-",
|
|
"versionEndIncluding": "17.012.20098",
|
|
"matchCriteriaId": "2A50612A-DC1B-4F64-BF9F-748A15EC6610"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*",
|
|
"versionStartIncluding": "15.0",
|
|
"versionEndIncluding": "15.006.30355",
|
|
"matchCriteriaId": "394E8F26-2B1C-47ED-85F9-32BC5E04EC3A"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/101821",
|
|
"source": "psirt@adobe.com",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securitytracker.com/id/1039791",
|
|
"source": "psirt@adobe.com",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html",
|
|
"source": "psirt@adobe.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |