Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an XFA n POST injection vulnerability. Successful exploitation could lead to a security bypass.
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Acrobat_dc | Adobe | 15.006.30060 (including) | 15.006.30417 (including) |
Acrobat_dc | Adobe | 15.008.20082 (including) | 18.011.20038 (including) |
Acrobat_dc | Adobe | 17.011.30059 (including) | 17.011.30079 (including) |
Acrobat_reader_dc | Adobe | 15.006.30060 (including) | 15.006.30417 (including) |
Acrobat_reader_dc | Adobe | 15.008.20082 (including) | 18.011.20038 (including) |
Acrobat_reader_dc | Adobe | 17.011.30059 (including) | 17.011.30079 (including) |