CVSS: 10.0EPSS: 4%CPEs: 54EXPL: 0CVE-2015-3064 – Adobe Acrobat Reader DynamicAnnotStore compete Javascript API Restrictions Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-3064
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074. Adobe Reader y Acrobat 10.x anterior a 10.1.14 y 11.x anterior a 11.0.11 en Windows y OS X permiten a atacantes evadir las restricciones en la ejecución de la API JavaScript a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, y CVE-2015-3074. This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the DynamicAnnotStore compete method. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the JavaScript API restrictions. • http://www.securityfocus.com/bid/74604 http://www.securitytracker.com/id/1032284 http://www.zerodayinitiative.com/advisories/ZDI-15-204 https://helpx.adobe.com/security/products/reader/apsb15-10.html • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 4%CPEs: 54EXPL: 0CVE-2015-3062 – Adobe Acrobat Reader AFExactMatch Javascript API Restrictions Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-3062
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074. Adobe Reader y Acrobat 10.x anterior a 10.1.14 y 11.x anterior a 11.0.11 en Windows y OS X permite a atacantes evadir restricciones intencionadas en la ejecución de la API JavaScript a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3060, CVE-2015-3061, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073 y CVE-2015-3074. This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AFExactMatch method. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the JavaScript API restrictions. • http://www.securityfocus.com/bid/74604 http://www.securitytracker.com/id/1032284 http://www.zerodayinitiative.com/advisories/ZDI-15-207 https://helpx.adobe.com/security/products/reader/apsb15-10.html • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 1%CPEs: 54EXPL: 2CVE-2015-3073 – Adobe Acrobat Reader AFParseDate Javascript API Restrictions Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-3073
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, and CVE-2015-3074. Adobe Reader y Acrobat 10.x anterior a 10.1.14 y 11.x anterior a 11.0.11 en Windows y OS X permite a atacantes evadir restricciones intencionadas en la ejecución de la API JavaScript a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072 y CVE-2015-3074. This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within AFParseDate. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the Javascript API restrictions. • https://www.exploit-db.com/exploits/38344 https://github.com/reigningshells/CVE-2015-3073 http://www.securityfocus.com/bid/74604 http://www.securitytracker.com/id/1032284 http://www.zerodayinitiative.com/advisories/ZDI-15-197 https://helpx.adobe.com/security/products/reader/apsb15-10.html • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 2%CPEs: 54EXPL: 0CVE-2015-3059 – Adobe Acrobat Reader Text Annotations Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3059
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, and CVE-2015-3075. Vulnerabilidad de uso después de liberación en Adobe Reader y Acrobat 10.x anterior a 10.1.14 y 11.x anterior a 11.0.11 en Windows y OS X permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, y CVE-2015-3075. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. A specially crafted Text Annotation can force a dangling pointer to be reused after it has been freed. • http://www.securityfocus.com/bid/74602 http://www.securitytracker.com/id/1032284 http://www.zerodayinitiative.com/advisories/ZDI-15-212 https://helpx.adobe.com/security/products/reader/apsb15-10.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 4%CPEs: 54EXPL: 0CVE-2015-3072 – Adobe Acrobat Reader ADBCAnnotEnumerator Javascript API Restrictions Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-3072
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3073, and CVE-2015-3074. Adobe Reader y Acrobat 10.x anterior a 10.1.14 y 11.x anterior a 11.0.11 en Windows y OS X permite a atacantes evadir restricciones intencionadas en la ejecución de la API JavaScript a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3073 y CVE-2015-3074. This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ADBCAnnotEnumerator. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the Javascript API restrictions. • http://www.securityfocus.com/bid/74604 http://www.securitytracker.com/id/1032284 http://www.zerodayinitiative.com/advisories/ZDI-15-196 https://helpx.adobe.com/security/products/reader/apsb15-10.html • CWE-284: Improper Access Control •