Think you have a false positive on this rule?

Sid 1-50442


FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt


This event is generated when a TIFF file that exploits the vulnerability outlined in CVE-2017-2966 is detected.


Out of bounds read


CVSS base score 7.8

CVSS impact score 5.9

CVSS exploitability score 1.8

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Detailed information

CVE-2017-2966: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the image conversion engine related to parsing malformed TIFF segments. Successful exploitation could lead to arbitrary code execution.

Affected systems

  • adobe acrobat 11.0.18
  • adobe acrobat_dc 15.006.30244
  • adobe acrobat_dc 15.020.20042
  • adobe acrobatreaderdc 15.006.30244
  • adobe acrobatreaderdc 15.020.20042
  • adobe reader 11.0.18

Ease of attack


Access Vector

Access Complexity


False positives

False negatives

Corrective action


  • Cisco Talos Intelligence Group

Additional References