CVSS: 8.8EPSS: 4%CPEs: 38EXPL: 0CVE-2016-0943 – Adobe Reader DC Global Javascript API Restrictions Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2016-0943
Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X mishandle the Global object, which allows attackers to bypass JavaScript API execution restrictions via unspecified vectors. Adobe Reader y Acrobat en versiones anteriores a 11.0.14, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 15.006.30119 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 15.010.20056 en Windows y OS X no maneja adecuadamente el objeto Global, lo que permite a atacantes eludir las restricciones de ejecución de la API JavaScript a través de vectores no especificados. This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Global object. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the JavaScript API restrictions. • http://www.securitytracker.com/id/1034646 http://zerodayinitiative.com/advisories/ZDI-16-012 https://helpx.adobe.com/security/products/acrobat/apsb16-02.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 2%CPEs: 10EXPL: 0CVE-2015-8458 – Adobe Reader DC AGM Heap Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-8458
Heap-based buffer overflow in AGM.dll in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via a multiple-layer PDF document, a different vulnerability than CVE-2015-6696 and CVE-2015-6698. Desbordamiento de buffer basado en memoria dinámica en Adobe Reader y Acrobat 10.x en versiones anteriores a 10.1.16 y 11.x en versiones anteriores a 11.0.13, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 2015.006.30094 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 2015.009.20069 en Windows y OS X permite a atacantes ejecutar código arbitrario a través de un documento PDF de capa múltiple, una vulnerabilidad diferente a CVE-2015-6696 y CVE-2015-6698. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within AGM.dll. A specially crafted PDF with multiple layers can force a heap buffer overflow condition. • http://www.securityfocus.com/bid/79208 http://www.zerodayinitiative.com/advisories/ZDI-15-637 https://helpx.adobe.com/security/products/acrobat/apsb15-24.html • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 1%CPEs: 10EXPL: 0CVE-2015-7650 – Adobe Acrobat Reader DC CMAP Table Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-7650
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via a crafted CMAP table in a PDF document, a different vulnerability than CVE-2015-6685, CVE-2015-6686, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, and CVE-2015-7622. Adobe Reader y Acrobat 10.x en versiones anteriores a 10.1.16 y 11.x en versiones anteriores a 11.0.13, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 2015.006.30094 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 2015.009.20069 en Windows y OS X permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (lectura fuera de rango y corrupción de memoria) a través de una tabla CMAP manipulada en un documento PDF, una vulnerabilidad diferente a CVE-2015-6685, CVE-2015-6686, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695 y CVE-2015-7622. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way CMAP tables are parsed. A specially crafted CMAP table embedded in a PDF file can force Adobe Acrobat Reader to read memory past the end of an allocated object. • http://www.zerodayinitiative.com/advisories/ZDI-15-534 https://helpx.adobe.com/security/products/acrobat/apsb15-24.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 0CVE-2015-6684
https://notcve.org/view.php?id=CVE-2015-6684
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6687, CVE-2015-6688, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621. Vulnerabilidad de uso después de liberación de memoria en Adobe Reader y Acrobat 10.x en versiones anteriores a 10.1.16 y 11.x en versiones anteriores a 11.0.13, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 2015.006.30094 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 2015.009.20069 en Windows y OS X permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-5586, CVE-2015-6683, CVE-2015-6687, CVE-2015-6688, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617 y CVE-2015-7621. • http://www.securitytracker.com/id/1033796 https://helpx.adobe.com/security/products/acrobat/apsb15-24.html https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1205 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 3%CPEs: 10EXPL: 0CVE-2015-6687
https://notcve.org/view.php?id=CVE-2015-6687
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6688, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621. Vulnerabilidad de uso después de liberación de memoria en Adobe Reader y Acrobat 10.x en versiones anteriores a 10.1.16 y 11.x en versiones anteriores a 11.0.13, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 2015.006.30094 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 2015.009.20069 en Windows y OS X permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6688, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617 y CVE-2015-7621. • http://www.securitytracker.com/id/1033796 https://helpx.adobe.com/security/products/acrobat/apsb15-24.html • CWE-416: Use After Free •