CVSS: 6.8EPSS: 1%CPEs: 10EXPL: 0CVE-2015-6709 – Adobe Acrobat Reader DC CBBBRInvite Javascript API Restrictions Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-6709
The CBBBRInvite method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623. El método CBBBRInvite en Adobe Reader y Acrobat 10.x en versiones anteriores a 10.1.16 y 11.x en versiones anteriores a 11.0.13, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 2015.006.30094 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 2015.009.20069 en Windows y OS X permite a atacantes eludir las restricciones de ejecución de la API JavaScript a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-6707, CVE-2015-6708, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620 y CVE-2015-7623. This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CBBBRInvite method. By creating a specially crafted PDF with specific Javascript instructions, it is possible to bypass the Javascript API restrictions. • http://www.securitytracker.com/id/1033796 http://www.zerodayinitiative.com/advisories/ZDI-15-486 https://helpx.adobe.com/security/products/acrobat/apsb15-24.html •
CVSS: 6.8EPSS: 1%CPEs: 10EXPL: 0CVE-2015-6697 – Adobe Acrobat Pro DC Color Object Address Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-6697
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to obtain sensitive information about color objects from process memory by reading a light object's RGB data, a different vulnerability than CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703, and CVE-2015-6704. Adobe Reader y Acrobat 10.x en versiones anteriores a 10.1.16 y 11.x en versiones anteriores a 11.0.13, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 2015.006.30094 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 2015.009.20069 en Windows y OS X permite a atacantes obtener información sensible sobre objetos color desde la memoria de proceso mediante la lectura de datos RGB de un objeto light, una vulnerabilidad diferente a CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703 y CVE-2015-6704. This vulnerability allows remote attackers to gain information about the layout of memory on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of color objects in light objects. The RGB values returned from a newly created light object can disclose the heap address of a color object. • http://www.securitytracker.com/id/1033796 http://www.zerodayinitiative.com/advisories/ZDI-15-475 https://helpx.adobe.com/security/products/acrobat/apsb15-24.html • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.8EPSS: 1%CPEs: 10EXPL: 0CVE-2015-6711 – Adobe Acrobat Reader DC DoIdentityDialog Javascript API Restrictions Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-6711
The DoIdentityDialog method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623. El método DoIdentityDialog en Adobe Reader y Acrobat 10.x en versiones anteriores a 10.1.16 y 11.x en versiones anteriores a 11.0.13, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 2015.006.30094 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 2015.009.20069 en Windows y OS X permite a atacantes eludir las restricciones de ejecución de la API JavaScript a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620 y CVE-2015-7623. This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the DoIdentityDialog method. By creating a specially crafted PDF with specific Javascript instructions, it is possible to bypass the Javascript API restrictions. • http://www.securitytracker.com/id/1033796 http://www.zerodayinitiative.com/advisories/ZDI-15-485 https://helpx.adobe.com/security/products/acrobat/apsb15-24.html •
CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2014-8450
https://notcve.org/view.php?id=CVE-2014-8450
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-4449, CVE-2015-4450, CVE-2015-5088, CVE-2015-5089, and CVE-2015-5092. Adobe Reader y Acrobat 10.x anterior a 10.1.15 y 11.x anterior a 11.0.12, Acrobat y Acrobat Reader DC Classic anterior 2015.006.30060, y Acrobat y Acrobat Reader DC Continuous anterior a 2015.008.20082 en Windows y OS X permite a atacantes eludir las restricciones de acceso previstas y obtener informacion sensible a través de vectores no especificados, vulnerabilidad diferente a CVE-2015-4449, CVE-2015-4450, CVE-2015-5088, CVE-2015-5089, y CVE-2015-5092. • http://www.securityfocus.com/bid/75742 http://www.securitytracker.com/id/1032892 https://helpx.adobe.com/security/products/reader/apsb15-15.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2015-5092
https://notcve.org/view.php?id=CVE-2015-5092
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2014-8450, CVE-2015-4449, CVE-2015-4450, CVE-2015-5088, and CVE-2015-5089. Adobe Reader y Acrobat 10.x anterior a 10.1.15 y 11.x anterior a 11.0.12, Acrobat y Acrobat Reader DC Classic anterior a 2015.006.30060 y Acrobat y Acrobat Reader DC Continuous anterior a 2015.008.20082 en Windows y OS X permite a atacantes eludir las restricciones de acceso previstas y obtener informacion sensible a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-8450, CVE-2015-4449, CVE-2015-4450, CVE-2015-5088 y CVE-2015-5089. • http://www.securityfocus.com/bid/75742 http://www.securitytracker.com/id/1032892 https://helpx.adobe.com/security/products/reader/apsb15-15.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •