CVSS: 10.0EPSS: 4%CPEs: 54EXPL: 0CVE-2015-3074 – Adobe Acrobat Reader ScriptBridgeUtils Javascript API Restrictions Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-3074
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, and CVE-2015-3073. Adobe Reader y Acrobat 10.x anterior a 10.1.14 y 11.x anterior a 11.0.11 en Windows y OS X permite a atacantes evadir restricciones intencionadas en la ejecución de la API JavaScript a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072 y CVE-2015-3073. This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ScriptBridgeUtils. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the Javascript API restrictions. • http://www.securityfocus.com/bid/74604 http://www.securitytracker.com/id/1032284 http://www.zerodayinitiative.com/advisories/ZDI-15-198 https://helpx.adobe.com/security/products/reader/apsb15-10.html • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 4%CPEs: 54EXPL: 0CVE-2015-3062 – Adobe Acrobat Reader AFExactMatch Javascript API Restrictions Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-3062
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074. Adobe Reader y Acrobat 10.x anterior a 10.1.14 y 11.x anterior a 11.0.11 en Windows y OS X permite a atacantes evadir restricciones intencionadas en la ejecución de la API JavaScript a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3060, CVE-2015-3061, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073 y CVE-2015-3074. This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AFExactMatch method. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the JavaScript API restrictions. • http://www.securityfocus.com/bid/74604 http://www.securitytracker.com/id/1032284 http://www.zerodayinitiative.com/advisories/ZDI-15-207 https://helpx.adobe.com/security/products/reader/apsb15-10.html • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 4%CPEs: 54EXPL: 0CVE-2015-3071 – Adobe Acrobat Reader WDAnnotEnumerator Javascript API Restrictions Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-3071
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074. Adobe Reader y Acrobat 10.x anterior a 10.1.14 y 11.x anterior a 11.0.11 en Windows y OS X permite a atacantes evadir restricciones intencionadas en la ejecución de la API JavaScript a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3072, CVE-2015-3073 y CVE-2015-3074 This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within WDAnnotEnumerator. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the Javascript API restrictions. A remote attacker could exploit this vulnerability to execute arbitrary code. • http://www.securityfocus.com/bid/74604 http://www.securitytracker.com/id/1032284 http://www.zerodayinitiative.com/advisories/ZDI-15-195 https://helpx.adobe.com/security/products/reader/apsb15-10.html • CWE-284: Improper Access Control •
CVSS: 5.0EPSS: 1%CPEs: 54EXPL: 0CVE-2015-3058 – Adobe Acrobat Pro Spell customDictionaryExport Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-3058
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors. Adobe Reader y Acrobat 10.x anterior a 10.1.14 y 11.x anterior a 11.0.11 en Windows y OS X permiten a atacantes obtener información sensible de la memoria de procesos a través de vectores no especificados. This vulnerability allows remote attackers to leak memory addresses from Spell.api on vulnerable installations of Adobe Acrobat Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Spell object. By creating and exporting a custom dictionary, it is possible to leak memory addresses from Spell.api. • http://www.securityfocus.com/bid/74618 http://www.securitytracker.com/id/1032284 http://www.zerodayinitiative.com/advisories/ZDI-15-211 https://helpx.adobe.com/security/products/reader/apsb15-10.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 4%CPEs: 54EXPL: 0CVE-2015-3064 – Adobe Acrobat Reader DynamicAnnotStore compete Javascript API Restrictions Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-3064
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074. Adobe Reader y Acrobat 10.x anterior a 10.1.14 y 11.x anterior a 11.0.11 en Windows y OS X permiten a atacantes evadir las restricciones en la ejecución de la API JavaScript a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, y CVE-2015-3074. This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the DynamicAnnotStore compete method. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the JavaScript API restrictions. • http://www.securityfocus.com/bid/74604 http://www.securitytracker.com/id/1032284 http://www.zerodayinitiative.com/advisories/ZDI-15-204 https://helpx.adobe.com/security/products/reader/apsb15-10.html • CWE-284: Improper Access Control •