Multiple Vulnerabilities in Adobe Acrobat and Adobe Reader

Bookmark and Share
Back to Accume Alerts
Apr 12, 2017

OVERVIEW:

Multiple vulnerabilities have been discovered in Adobe Acrobat and Adobe Reader, the most severe of which could allow for code execution. Adobe Acrobat and Reader allow a user to view, create, manipulate, print and manage files in Portable Document Format (PDF). Successful exploitation of the most severe of these vulnerabilities could result in the attacker gaining control of the affected system.  Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

SYSTEMS AFFECTED:

Continuous Track:

  • Adobe Acrobat DC versions 15.023.20070 and prior for Windows and Macintosh
  • Adobe Acrobat Reader DC versions 15.023.20070 and prior for Windows and Macintosh

Classic Track:

  • Adobe Acrobat DC versions 15.006.30280 and prior for Windows and Macintosh
  • Adobe Acrobat Reader DC versions 15.006.30280 and prior for Windows and Macintosh

Desktop Track:

  • Adobe Acrobat XI versions 11.0.19 and prior for Windows and Macintosh
  • Adobe Reader XI versions 11.0.19 and prior for Windows and Macintosh

RISK:

Businesses:

·Large and medium business entities: High

·Small business entities: Medium

Home users: Low

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in Adobe Acrobat and Adobe Reader, the most severe of which could allow for code execution. The vulnerabilities are as follows:

·Six use-after-free vulnerabilities that could lead to code execution (CVE-2017-3014, CVE-2017-3026, CVE-2017-3027, CVE-2017-3035, CVE-2017-3047, CVE-2017-3057).

·Four heap buffer overflow vulnerabilities that could lead to code execution (CVE-2017-3042, CVE-2017-3048, CVE-2017-3049, CVE-2017-3055).

·Twenty-one memory corruption vulnerabilities that could lead to code execution (CVE-2017-3015, CVE-2017-3017, CVE-2017-3018, CVE-2017-3019, CVE-2017-3023, CVE-2017-3024, CVE-2017-3025, CVE-2017-3028, CVE-2017-3030, CVE-2017-3036, CVE-2017-3037, CVE-2017-3038, CVE-2017-3039, CVE-2017-3040, CVE-2017-3041, CVE-2017-3044, CVE-2017-3050, CVE-2017-3051, CVE-2017-3054, CVE-2017-3056, CVE-2017-3065).

·Two integer overflow vulnerabilities that could lead to code execution (CVE-2017-3011, CVE-2017-3034).

·Twelve memory corruption vulnerabilities that could lead to a memory address leak (CVE-2017-3020, CVE-2017-3021, CVE-2017-3022, CVE-2017-3029, CVE-2017-3031, CVE-2017-3032, CVE-2017-3033, CVE-2017-3043, CVE-2017-3045, CVE-2017-3046, CVE-2017-3052, CVE-2017-3053).

·Two vulnerabilities in the directory search path used to find resources that could lead to code execution (CVE-2017-3012, CVE-2017-3013).

Successful exploitation of the most severe of these vulnerabilities could result in the attacker gaining control of the affected system.  Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

RECOMMENDATIONS:

We recommend the following actions be taken:

·Install the updates provided by Adobe immediately after appropriate testing.

·Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

·Remind users not to visit websites or follow links provided by unknown or untrusted sources.

·Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from untrusted sources.

·Apply the Principle of Least Privilege to all systems and services.

 

REFERENCES:

Adobe:

https://helpx.adobe.com/security/products/acrobat/apsb17-11.html

http://www.adobe.com/devnet-docs/acrobatetk/tools/AdminGuide/whatsnewdc.html

 

CVE:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3011

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3012

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3013

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3014

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3015

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3017

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3018

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3019

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3020

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3021

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3022

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3023

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3024

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3025

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3026

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3027

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3028

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3029

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3030

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3031

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3032

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3033

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3034

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3035

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3036

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3037

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3038

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3039

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3040

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3041

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3042

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3043

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3044

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3045

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3046

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3047

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3048

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3049

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3050

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3051

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3052

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3053

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3054

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3055

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3056

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3057

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3065

 

For more information on this alert, please contact Accume Partners.