Page 46 of 428 results (0.005 seconds)

CVSS: 9.3EPSS: 9%CPEs: 10EXPL: 0

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-5085, and CVE-2015-5086. Adobe Reader y Acrobat 10.x anterior a 10.1.15 y 11.x anterior a 11.0.12, Acrobat y Acrobat Reader DC Classic anterior a 2015.006.30060 y Acrobat y Acrobat Reader DC Continuous anterior a 2015.008.20082 en Windows y OS X permite a atacantes eludir las restricciones de ejecución de JavaScript API a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-5085 y CVE-2015-5086. This vulnerability allows remote attackers to unload folder level scripts on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the objects in app.doc. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to overwrite various objects methods from the document level. • http://www.securityfocus.com/bid/75737 http://www.securitytracker.com/id/1032892 https://helpx.adobe.com/security/products/reader/apsb15-15.html •

CVSS: 6.8EPSS: 9%CPEs: 10EXPL: 0

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, and CVE-2015-5086. Adobe Reader y Acrobat 10.x anterior a 10.1.15 y 11.x anterior a 11.0.12, Acrobat y Acrobat Reader DC Classic anterior a 2015.006.30060 y Acrobat y Acrobat Reader DC Continuous anterior a 2015.008.20082 en Windows y OS X permite a atacantes eludir las restricciones de ejecución de JavaScript API a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452 y CVE-2015-5086. This vulnerability allows remote attackers to unload folder level scripts on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.doc object. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to unload folder level scripts from the document level. • http://www.securityfocus.com/bid/75737 http://www.securitytracker.com/id/1032892 https://helpx.adobe.com/security/products/reader/apsb15-15.html •

CVSS: 6.8EPSS: 9%CPEs: 10EXPL: 0

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, and CVE-2015-5085. Adobe Reader y Acrobat 10.x anterior a 10.1.15 y 11.x anterior a 11.0.12, Acrobat y Acrobat Reader DC Classic anterior a 2015.006.30060 y Acrobat y Acrobat Reader DC Continuous anterior a 2015.008.20082 en Windows y OS X permite a atacantes eludir las restricciones de ejecución de JavaScript API a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, y CVE-2015-5085. This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Adobe handles execution in certain contexts. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to trigger a race condition that allows bypassing of Javascript API restrictions. • http://www.securityfocus.com/bid/75737 http://www.securitytracker.com/id/1032892 https://helpx.adobe.com/security/products/reader/apsb15-15.html •

CVSS: 7.2EPSS: 1%CPEs: 10EXPL: 0

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and perform a transition from Low Integrity to Medium Integrity via unspecified vectors, a different vulnerability than CVE-2015-4446 and CVE-2015-5106. Adobe Reader y Acrobat 10.x anterior a 10.1.15 y 11.x anterior a 11.0.12, Acrobat y Acrobat Reader DC Classic anterior a 2015.006.30060 y Acrobat y Acrobat Reader DC Continuous anterior a 2015.008.20082 en Windows y OS X permite a atacantes eludir las restricciones de acceso previstas y realizar una transición desde Baja Integridad a Media Integridad a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-4446 y CVE-2015-5106. This vulnerability allows local attackers to elevate privileges on vulnerable installations of Adobe Reader. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ARMSvc service. An attacker can force the service to overwrite the Adobe updater with any file signed by Adobe. • http://www.securityfocus.com/bid/75743 http://www.securitytracker.com/id/1032892 https://helpx.adobe.com/security/products/reader/apsb15-15.html • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to cause a denial of service via invalid data. Adobe Reader y Acrobat 10.x anterior a 10.1.15 y 11.x anterior a 11.0.12, Acrobat y Acrobat Reader DC Classic anterior a 2015.006.30060 y Acrobat y Acrobat Reader DC Continuous anterior a 2015.008.20082 en Windows y OS X permite a atacantes provocar una denegación de servicio a través de datos no válidos. This vulnerability allows local attackers to delete files on vulnerable installations of Adobe Reader. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of junction points in AdobeARM.exe. A local attacker running code as a normal user can set up a junction point in the ARM folder and then run a user control which will delete the contents of the folder. • http://www.securityfocus.com/bid/75738 http://www.securitytracker.com/id/1032892 https://helpx.adobe.com/security/products/reader/apsb15-15.html • CWE-20: Improper Input Validation •