admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2017/CVE-2017-163xx/CVE-2017-16380.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

169 lines
6.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2017-16380",
"sourceIdentifier": "psirt@adobe.com",
"published": "2017-12-09T06:29:01.647",
"lastModified": "2019-10-03T00:03:26.223",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability for a certain file-type extension. Acrobat maintains both a blacklist and whitelist (the user can specify an allowed attachment). However, any file extensions that are neither on the blacklist nor the whitelist can still be opened after displaying a warning prompt."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Adobe Acrobat y Reader: 2017.012.20098 y versiones anteriores, 2017.011.30066 y versiones anteriores, 2015.006.30355 y versiones anteriores y 11.0.22 y versiones anteriores. La vulnerabilidad es un ejemplo de omisi\u00f3n de seguridad para cierta extensi\u00f3n de tipo de archivo. Acrobat mantiene tanto una lista negra como una blanca (el usuario puede especificar un adjunto permitido). Sin embargo, cualquier extensi\u00f3n de archivo que no est\u00e9 ni en la lista negra ni en la blanca puede ser abierto tras mostrar un mensaje de advertencia."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
"versionEndIncluding": "11.0.22",
"matchCriteriaId": "43C26AAA-3620-4229-AEFC-78AB3B2AAACF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndIncluding": "17.011.30066",
"matchCriteriaId": "2AD1E919-28D9-4C88-B8F9-95E062E9F9D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "-",
"versionEndIncluding": "17.012.20098",
"matchCriteriaId": "43E90FF1-8078-4B18-A492-507E6129D10D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "15.0",
"versionEndIncluding": "15.006.30355",
"matchCriteriaId": "E45BE50E-04BE-49BE-8AFD-DFFAE6D11538"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
"versionEndIncluding": "11.0.22",
"matchCriteriaId": "FA8E1E9D-FE27-4916-9BB3-D3E92BBB5641"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndIncluding": "17.011.30066",
"matchCriteriaId": "9346604B-ADB0-471B-9F81-8560E3F516AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "-",
"versionEndIncluding": "17.012.20098",
"matchCriteriaId": "2A50612A-DC1B-4F64-BF9F-748A15EC6610"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "15.0",
"versionEndIncluding": "15.006.30355",
"matchCriteriaId": "394E8F26-2B1C-47ED-85F9-32BC5E04EC3A"
}
]
}
]
}
],
"references": [
{
"url": "http://www.securityfocus.com/bid/101814",
"source": "psirt@adobe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id/1039791",
"source": "psirt@adobe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html",
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink