An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability for a certain file-type extension. Acrobat maintains both a blacklist and whitelist (the user can specify an allowed attachment). However, any file extensions that are neither on the blacklist nor the whitelist can still be opened after displaying a warning prompt.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Acrobat | Adobe | * | 11.0.22 (including) |
| Acrobat | Adobe | 17.0 (including) | 17.011.30066 (including) |
| Acrobat_dc | Adobe | - (including) | 17.012.20098 (including) |
| Acrobat_dc | Adobe | 15.0 (including) | 15.006.30355 (including) |
| Acrobat_reader | Adobe | * | 11.0.22 (including) |
| Acrobat_reader | Adobe | 17.0 (including) | 17.011.30066 (including) |
| Acrobat_reader_dc | Adobe | - (including) | 17.012.20098 (including) |
| Acrobat_reader_dc | Adobe | 15.0 (including) | 15.006.30355 (including) |