CVSS: 10.0EPSS: 21%CPEs: 10EXPL: 0CVE-2015-4445 – Adobe Reader CBBBRInit Javascript API Restrictions Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-4445
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, and CVE-2015-5086. Adobe Reader y Acrobat 10.x anterior a 10.1.15 y 11.x anterior a 11.0.12, Acrobat y Acrobat Reader DC Classic anterior a 2015.006.30060 y Acrobat y Acrobat Reader DC Continuous anterior a 2015.008.20082 en Windows y OS X permite a atacantes eludir las restricciones de ejecución de JavaScript API a través de vectores no especificados, una vulnerabilidad diferrente a CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, y CVE-2015-5086. This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CBBBRInit method. By creating a specially crafted PDF with specific Javascript instructions, it is possible to bypass the Javascript API restrictions. • http://www.securityfocus.com/bid/75737 http://www.securitytracker.com/id/1032892 https://helpx.adobe.com/security/products/reader/apsb15-15.html •
CVSS: 10.0EPSS: 21%CPEs: 10EXPL: 0CVE-2015-4447 – Adobe Reader ANSendApprovalToAuthorEnabled Javascript API Restrictions Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-4447
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, and CVE-2015-5086. Adobe Reader y Acrobat 10.x anterior a 10.1.15 y 11.x anterior a 11.0.12, Acrobat y Acrobat Reader DC Classic anterior a 2015.006.30060 y Acrobat y Acrobat Reader DC Continuous anterior a 2015.008.20082 en Windows y OS X permite a atacantes eludir las restricciones de ejecución de JavaScript API por medio de vectores no especificados, una vulnerabilidad diferente a CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, y CVE-2015-5086. This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ANSendApprovalToAuthorEnabled method. By creating a specially crafted PDF with specific Javascript instructions, it is possible to bypass the Javascript API restrictions. • http://www.securityfocus.com/bid/75737 http://www.securitytracker.com/id/1032892 https://helpx.adobe.com/security/products/reader/apsb15-15.html •
CVSS: 9.3EPSS: 15%CPEs: 10EXPL: 0CVE-2015-4452 – Adobe Reader Folder Level Script Objects Overwrite Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-4452
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-5085, and CVE-2015-5086. Adobe Reader y Acrobat 10.x anterior a 10.1.15 y 11.x anterior a 11.0.12, Acrobat y Acrobat Reader DC Classic anterior a 2015.006.30060 y Acrobat y Acrobat Reader DC Continuous anterior a 2015.008.20082 en Windows y OS X permite a atacantes eludir las restricciones de ejecución de JavaScript API a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-5085 y CVE-2015-5086. This vulnerability allows remote attackers to unload folder level scripts on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the objects in app.doc. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to overwrite various objects methods from the document level. • http://www.securityfocus.com/bid/75737 http://www.securitytracker.com/id/1032892 https://helpx.adobe.com/security/products/reader/apsb15-15.html •
CVSS: 6.8EPSS: 15%CPEs: 10EXPL: 0CVE-2015-5085 – Adobe Reader Folder Level Scripts Unload Denial Of Service Vulnerability
https://notcve.org/view.php?id=CVE-2015-5085
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, and CVE-2015-5086. Adobe Reader y Acrobat 10.x anterior a 10.1.15 y 11.x anterior a 11.0.12, Acrobat y Acrobat Reader DC Classic anterior a 2015.006.30060 y Acrobat y Acrobat Reader DC Continuous anterior a 2015.008.20082 en Windows y OS X permite a atacantes eludir las restricciones de ejecución de JavaScript API a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452 y CVE-2015-5086. This vulnerability allows remote attackers to unload folder level scripts on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.doc object. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to unload folder level scripts from the document level. • http://www.securityfocus.com/bid/75737 http://www.securitytracker.com/id/1032892 https://helpx.adobe.com/security/products/reader/apsb15-15.html •
CVSS: 6.8EPSS: 15%CPEs: 10EXPL: 0CVE-2015-5086 – Adobe Reader JavaScript API Race Condition Restrictions Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-5086
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, and CVE-2015-5085. Adobe Reader y Acrobat 10.x anterior a 10.1.15 y 11.x anterior a 11.0.12, Acrobat y Acrobat Reader DC Classic anterior a 2015.006.30060 y Acrobat y Acrobat Reader DC Continuous anterior a 2015.008.20082 en Windows y OS X permite a atacantes eludir las restricciones de ejecución de JavaScript API a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, y CVE-2015-5085. This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Adobe handles execution in certain contexts. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to trigger a race condition that allows bypassing of Javascript API restrictions. • http://www.securityfocus.com/bid/75737 http://www.securitytracker.com/id/1032892 https://helpx.adobe.com/security/products/reader/apsb15-15.html •