Use After Free Vulnerability in Adobe Acrobat Reader's XFA Engine Allows Arbitrary Code Execution

Use After Free Vulnerability in Adobe Acrobat Reader's XFA Engine Allows Arbitrary Code Execution

CVE-2017-2950 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution.

Learn more about our Web Application Penetration Testing UK.