CVE-2017-16360 : What You Need to Know

A vulnerability has been identified in earlier versions of Adobe Acrobat and Reader, potentially allowing attackers to execute arbitrary code.

Understanding CVE-2017-16360

What is CVE-2017-16360?

This CVE refers to a use after free vulnerability in Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. The vulnerability exists in the MakeAccessible plugin during the creation of an internal data structure.

The Impact of CVE-2017-16360

Exploiting this vulnerability successfully may result in executing arbitrary code, potentially leading to code corruption, control-flow manipulation, or information leakage.

Technical Details of CVE-2017-16360

Vulnerability Description

The vulnerability arises from a use after free issue within the MakeAccessible plugin, allowing unauthorized access to memory when there is a discrepancy between old and new objects.

Affected Systems and Versions

Adobe Acrobat Reader 2017.012.20098 and earlier versions
Adobe Acrobat Reader 2017.011.30066 and earlier versions
Adobe Acrobat Reader 2015.006.30355 and earlier versions
Adobe Acrobat Reader 11.0.22 and earlier versions

Exploitation Mechanism

The vulnerability enables attackers to corrupt code, manipulate control-flow, or leak information by exploiting the discrepancy between old and new objects.

Mitigation and Prevention

Immediate Steps to Take

Update Adobe Acrobat and Reader to the latest version to patch the vulnerability.
Be cautious when opening PDF files from untrusted sources.

Long-Term Security Practices

Regularly update software and applications to mitigate potential vulnerabilities.
Implement security best practices to enhance overall system security.

Patching and Updates

Apply security patches and updates provided by Adobe to address the vulnerability.