| ID | Vendor | Product | Vulnerability | Name | CVE | Timeline |
| CY-2017-022 | Microsoft | Word | Type Confusion | getTextRange | CVE-2017-11825 | August 21, 2017 – Reported to vendor August 21, 2017 – Assigned MSRC 40327 August 23, 2017 – Vulnerability confirmed October 10, 2017 – Vulnerability fixed October 10, 2017 – CVE-2017-11825 issued October 10, 2017 – Closed |
| CY-2017-021 | Microsoft | Edge | Type Confusion | msRequestAnimationFrame | CVE-2017-11827 | August 21, 2017 – Reported to vendor August 21, 2017 – Assigned MSRC 40325 August 22, 2017 – Vulnerability confirmed November 15, 2017 – Vulnerability fixed November 15, 2017 – CVE-2017-11827 issued November 15, 2017 – Closed |
| CY-2017-008 | Adobe | Acrobat | Out-Of-Bounds Access | Compare Files Tool | CVE-2017-16376 | July 13, 2017 – Reported to vendor July 14, 2017 – Assigned PSIRT-7071 November 06, 2017 – Vulnerability confirmed November 15, 2017 – Vulnerability fixed November 15, 2017 – CVE-2017-16376 issued November 15, 2017 – Closed |
| CY-2017-009 | Adobe | Acrobat | Uninitialized Heap Access | Ucomiss | CVE-2017-16377 | July 13, 2017 – Reported to vendor July 14, 2017 – Assigned PSIRT-7072 November 06, 2017 – Vulnerability confirmed November 15, 2017 – Vulnerability fixed November 15, 2017 – CVE-2017-16377 issued November 15, 2017 – Closed |
| CY-2017-010 | Adobe | Acrobat | Uninitialized Heap Access | Worker Thread | CVE-2017-16378 | July 13, 2017 – Reported to vendor July 14, 2017 – Assigned PSIRT-7073 November 06, 2017 – Vulnerability confirmed November 15, 2017 – Vulnerability fixed November 15, 2017 – CVE-2017-16378 issued November 15, 2017 – Closed |
| CY-2017-011 | Adobe | Acrobat | Type Confusion | HBITMAP Confused as Pointer | CVE-2017-16379 | July 13, 2017 – Reported to vendor July 14, 2017 – Assigned PSIRT-7074 November 06, 2017 – Vulnerability confirmed November 15, 2017 – Vulnerability fixed November 15, 2017 – CVE-2017-16379 issued November 15, 2017 – Closed |
| CY-2017-007 | Adobe | Acrobat | Heap Overflow | Weblink | CVE-2017-3117 | January 22, 2017 – Reported to vendor January 23, 2017 – Assigned PSIRT-6325 March 20, 2017 – Vulnerability confirmed August 8, 2017 – Vulnerability fixed August 8, 2017 – CVE-2017-3117 issued August 8, 2017 – Closed |
| CY-2018-003 | Adobe | Acrobat Pro | Use After Free | AirplaneCrash | CVE-2018-4989 | April 9, 2018 – Reported to vendor April 9, 2018 – Assigned PSIRT-8039 April 30, 2018 – Vulnerability confirmed May 14, 2018 – CVE-2018-4989 May 14, 2018 – Closed |
| CY-2018-004 | Adobe | Acrobat | Use After Free | AirplaneCrash | CVE-2018-4989 | April 9, 2018 – Reported to vendor April 9, 2018 – Assigned PSIRT-8041 April 30, 2018 – Vulnerability confirmed May 14, 2018 – CVE-2018-4989 May 14, 2018 – Closed |
