Use After Free Vulnerability in Adobe Acrobat Reader's XFA Engine Allows Arbitrary Code Execution

Use After Free Vulnerability in Adobe Acrobat Reader's XFA Engine Allows Arbitrary Code Execution

CVE-2017-2951 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to sub-form functionality. Successful exploitation could lead to arbitrary code execution.

Learn more about our Web Application Penetration Testing UK.