TTCSIRT-061.111517: TT-CSIRT Advisory – Adobe Security Updates

TTCSIRT-061.111517: TT-CSIRT Advisory – Adobe Security Updates

Multiple vulnerabilities have been discovered in Adobe Acrobat and Adobe Reader, the most severe of which could allow for remote code execution. The vulnerabilities are as follows:

a) Two access of uninitialized point vulnerabilities that could result in remote could execution – (CVE-2017-16377, CVE-2017-16378)

b) Six use after free vulnerabilities that could result in remote code execution – (CVE-2017-16360, CVE-2017-16388, CVE-2017-16389, CVE-2017-16390, CVE-2017-16393, CVE-2017-16398)

c) Five buffer access with incorrect length value vulnerabilities that could result in remote code execution – (CVE-2017-16381, CVE-2017-16385, CVE-2017-16392, CVE-2017-16395, CVE-2017-16396)

d) Six buffer over-read vulnerabilities that could result in remote code execution – (CVE-2017-16363, CVE-2017-16365, CVE-2017-16374, CVE-2017-16384, CVE-2017-16386, CVE-2017-16387)

e) A buffer overflow vulnerability that could result in remote code execution – (CVE-2017-16368)

f) A heap overflow vulnerability that could result in remote code execution – (CVE-2017-16383)

g) Two improper validation of array index vulnerabilities that could result in remote code execution – (CVE-2017-16391, CVE-2017-16410)

h) Multiple out-of-bounds read vulnerabilities that could result in remote code execution – (CVE-2017-16362, CVE-2017-16370, CVE-2017-16376, CVE-2017-16382, CVE-2017-16394, CVE-2017-16397, CVE-2017-16399, CVE-2017-16400, CVE-2017-16401, CVE-2017-16402, CVE-2017-16403, CVE-2017-16404, CVE-2017-16405, CVE-2017-16408, CVE-2017-16409, CVE-2017-16412, CVE-2017-16414, CVE-2017-16417, CVE-2017-16418, CVE-2017-16420, CVE-2017-11293)

i) Four out-of-bounds write vulnerabilities that could result in remote code execution – (CVE-2017-16407, CVE-2017-16413, CVE-2017-16415, CVE-2017-16416)

j) Two security bypass vulnerabilities that could result in drive-by-downloads – (CVE-2017-16361, CVE-2017-16366)

k) A security bypass vulnerability that could result in information disclosure – (CVE-2017-16369)

l) A security bypass vulnerability that could result in remote code execution – (CVE-2017-16380)

m) A stack exhaustion vulnerability that could result in excessive resource consumption – (CVE-2017-16419)

n) Three type confusion vulnerabilities that could result in remote code execution – (CVE-2017-16367, CVE-2017-16379, CVE-2017-16406)

o) Six untrusted pointer dereference vulnerabilities that could result in remote code execution – (CVE-2017-16364, CVE-2017-16371, CVE-2017-16372, CVE-2017-16373, CVE-2017-16375, CVE-2017-16411)

Successful exploitation of the most severe of these vulnerabilities could result in the attacker gaining control of the affected system. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

Further information on these vulnerabilities and how they can be fixed can be found at https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-adobe-acrobat-and-adobe-reader-could-allow-for-remote-code-execution-apsb17-36_2017-113/