What is CVE-2017-3037?

CVE-2017-3037 is a critical-severity vulnerability in Adobe Acrobat, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 9.8/10. Published 2017-04-12.

How severe is CVE-2017-3037?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Buffer overflow in Adobe Acrobat

CVE-2017-3037

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execut…

Vulnerability class: Buffer Overflow

EPSS: 0.024 (85.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Adobe Acrobat
Adobe Acrobat_dc
Adobe Acrobat_reader_dc
Adobe Reader
Apple Mac_os_x
Microsoft Windows
N/a Adobe Acrobat Reader 11.0.19 And Earlier, 15.006.30280 15.023.20070 Earlier. — versions Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

psirt@adobe.com (vdb-entry, x_refsource_SECTRACK)
psirt@adobe.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
psirt@adobe.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2017-3037?: CVE-2017-3037 is a critical-severity vulnerability in Adobe Acrobat, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 9.8/10. Published 2017-04-12.
How severe is CVE-2017-3037?: Critical severity. CVSS v3 base score is 9.8 out of 10.