HTTP: Adobe Acrobat CVE-2017-16381 Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Adobe Acrobat. A successful attack can lead to arbitrary code execution.
Extended Description
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value when processing TIFF files embedded within an XPS document. Crafted TIFF image input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.
Affected Products
Adobe acrobat_dc
References
CVE: CVE-2017-16381
Short Name
HTTP:STC:ADOBE:CVE-2017-16381CE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Acrobat Adobe CVE-2017-16381 Code Execution Remote
Release Date
11/21/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Adobe
CVSS Score
9.3