Multiple Vulnerabilities in Adobe Acrobat and Adobe Reader Could Allow for Remote Code Execution (APSB17-36)

ITS Advisory Number: 
2017-115
Date(s) Issued: 
Wednesday, November 15, 2017
Subject: 
Multiple Vulnerabilities in Adobe Acrobat and Adobe Reader Could Allow for Remote Code Execution (APSB17-36)
Overview: 

Multiple vulnerabilities have been discovered in Adobe Acrobat and Adobe Reader, the most severe of which could allow for remote code execution. Adobe Acrobat and Reader allow a user to view, create, manipulate, print and manage files in Portable Document Format (PDF). Successful exploitation of the most severe of these vulnerabilities could result in the attacker gaining control of the affected system.  Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

 

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

Systems Affected: 

Continuous Track:

  • Adobe Acrobat DC versions 2017.012.20098 and prior for Windows and Macintosh
  • Adobe Acrobat Reader DC versions 2017.012.20098 and prior for Windows and Macintosh

Acrobat 2017:

  • Acrobat 2017 versions 2017.011.30066 and prior for Windows and Macintosh
  • Acrobat Reader 2017 versions 2017.011.30066 and prior for Windows and Macintosh

 Classic Track:

  • Adobe Acrobat DC versions 2015.006.30355 and prior for Windows and Macintosh
  • Adobe Acrobat Reader DC versions 2015.006.30355 and prior for Windows and Macintosh

 Desktop Track:

  • Adobe Acrobat XI versions 11.0.22 and prior for Windows and Macintosh
  • Adobe Reader XI versions 11.0.22 and prior for Windows and Macintosh
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
Medium
BUSINESS
Large and medium business entities: 
High
Small business entities: 
Medium
Home Users: 
Low
Description: 

Multiple vulnerabilities have been discovered in Adobe Acrobat and Adobe Reader, the most severe of which could allow for remote code execution. The vulnerabilities are as follows:

 

  • Two access of uninitialized point vulnerabilities that could result in remote could execution (CVE-2017-16377, CVE-2017-16378).
  • Six use after free vulnerabilities that could result in remote code execution (CVE-2017-16360, CVE-2017-16388, CVE-2017-16389, CVE-2017-16390, CVE-2017-16393, CVE-2017-16398).
  • Five buffer access with incorrect length value vulnerabilities that could result in remote code execution (CVE-2017-16381, CVE-2017-16385, CVE-2017-16392, CVE-2017-16395, CVE-2017-16396).
  • Six buffer over-read vulnerabilities that could result in remote code execution (CVE-2017-16363, CVE-2017-16365, CVE-2017-16374, CVE-2017-16384, CVE-2017-16386, CVE-2017-16387).
  • A buffer overflow vulnerability that could result in remote code execution (CVE-2017-16368).
  • A heap overflow vulnerability that could result in remote code execution (CVE-2017-16383).
  • Two improper validation of array index vulnerabilities that could result in remote code execution (CVE-2017-16391, CVE-2017-16410).
  • Multiple out-of-bounds read vulnerabilities that could result in remote code execution (CVE-2017-16362, CVE-2017-16370, CVE-2017-16376, CVE-2017-16382, CVE-2017-16394, CVE-2017-16397, CVE-2017-16399, CVE-2017-16400, CVE-2017-16401, CVE-2017-16402, CVE-2017-16403, CVE-2017-16404, CVE-2017-16405, CVE-2017-16408, CVE-2017-16409, CVE-2017-16412, CVE-2017-16414, CVE-2017-16417, CVE-2017-16418, CVE-2017-16420, CVE-2017-11293).
  • Four out-of-bounds write vulnerabilities that could result in remote code execution (CVE-2017-16407, CVE-2017-16413, CVE-2017-16415, CVE-2017-16416).
  • Two security bypass vulnerabilities that could result in drive-by-downloads (CVE-2017-16361, CVE-2017-16366).
  • A security bypass vulnerability that could result in information disclosure (CVE-2017-16369).
  • A security bypass vulnerability that could result in remote code execution (CVE-2017-16380).
  • A stack exhaustion vulnerability that could result in excessive resource consumption (CVE-2017-16419).
  • Three type confusion vulnerabilities that could result in remote code execution (CVE-2017-16367, CVE-2017-16379, CVE-2017-16406).
  • Six untrusted pointer dereference vulnerabilities that could result in remote code execution (CVE-2017-16364, CVE-2017-16371, CVE-2017-16372, CVE-2017-16373, CVE-2017-16375, CVE-2017-16411).

 Successful exploitation of the most severe of these vulnerabilities could result in the attacker gaining control of the affected system.  Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

Actions: 
  • After appropriate testing, immediately install the updates provided by Adobe.

  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

  • Remind users not to visit websites or follow links provided by unknown or untrusted sources.

  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

  • Apply the Principle of Least Privilege to all systems and services.

References: 

Adobe:

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

 

CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11293

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16360

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16361

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16362

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16363

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16364

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16365

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16366

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16367

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16368

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16369

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16370

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16371

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16372

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16373

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16374

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16375

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16376

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16377

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16378

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16379

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16380

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16381

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16382

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16383

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16384

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16385

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16386

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16387

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16388

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16389

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16390

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16391

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16392

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16393

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16394

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16395

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16396

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16397

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16398

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16399

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16400

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16401

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16402

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16403

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16404

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16405

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16406

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16407

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16408

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16409

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16410

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16411

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16412

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16413

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16414

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16415

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16416

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16417

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16418

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16419

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16420