What is CVE-2017-3010?

CVE-2017-3010 is a critical-severity vulnerability in Adobe Acrobat, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 9.8/10. Published 2017-03-31.

How severe is CVE-2017-3010?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Buffer overflow in Adobe Acrobat

CVE-2017-3010

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the rendering engine. Successful exploitation could lead to arbitrary code executi…

Vulnerability class: Buffer Overflow

EPSS: 0.023 (85.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Adobe Acrobat
Adobe Acrobat_dc
Adobe Acrobat_reader_dc
Adobe Reader
Apple Macos
Microsoft Windows
N/a Adobe Acrobat Reader 15.020.20042 And Earlier, 15.006.30244 11.0.18 Earlier. — versions Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

psirt@adobe.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
psirt@adobe.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2017-3010?: CVE-2017-3010 is a critical-severity vulnerability in Adobe Acrobat, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 9.8/10. Published 2017-03-31.
How severe is CVE-2017-3010?: Critical severity. CVSS v3 base score is 9.8 out of 10.