CVE-2016-1039
Adobe Acrobat Reader DC CBSharedReviewCloseDialog Javascript API Restrictions Bypass Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062, and CVE-2016-1117.
Adobe Reader y Acrobat en versiones anteriores a 11.0.16, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 15.006.30172 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 15.016.20039 sobre Windows y OS X permiten a atacantes eludir restricciones de ejecución de la API JavaScript a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-1038, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062 y CVE-2016-1117.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the CBSharedReviewCloseDialog method. By creating a specially crafted PDF with specific Javascript instructions, it is possible to bypass the Javascript API restrictions. A remote attacker could exploit this vulnerability to execute arbitrary code.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-12-22 CVE Reserved
- 2016-05-10 CVE Published
- 2024-06-10 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/90517 | Vdb Entry | |
http://www.securitytracker.com/id/1035828 | Vdb Entry | |
http://www.zerodayinitiative.com/advisories/ZDI-16-290 | X_refsource_misc |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://helpx.adobe.com/security/products/acrobat/apsb16-14.html | 2016-12-01 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | <= 11.0.15 Search vendor "Adobe" for product "Acrobat" and version " <= 11.0.15" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | <= 11.0.15 Search vendor "Adobe" for product "Acrobat" and version " <= 11.0.15" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
Adobe Search vendor "Adobe" | Acrobat Dc Search vendor "Adobe" for product "Acrobat Dc" | <= 15.006.30121 Search vendor "Adobe" for product "Acrobat Dc" and version " <= 15.006.30121" | classic |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
Adobe Search vendor "Adobe" | Acrobat Dc Search vendor "Adobe" for product "Acrobat Dc" | <= 15.006.30121 Search vendor "Adobe" for product "Acrobat Dc" and version " <= 15.006.30121" | classic |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
Adobe Search vendor "Adobe" | Acrobat Dc Search vendor "Adobe" for product "Acrobat Dc" | <= 15.010.20060 Search vendor "Adobe" for product "Acrobat Dc" and version " <= 15.010.20060" | continuous |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
Adobe Search vendor "Adobe" | Acrobat Dc Search vendor "Adobe" for product "Acrobat Dc" | <= 15.010.20060 Search vendor "Adobe" for product "Acrobat Dc" and version " <= 15.010.20060" | continuous |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
Adobe Search vendor "Adobe" | Acrobat Reader Dc Search vendor "Adobe" for product "Acrobat Reader Dc" | <= 15.006.30121 Search vendor "Adobe" for product "Acrobat Reader Dc" and version " <= 15.006.30121" | classic |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
Adobe Search vendor "Adobe" | Acrobat Reader Dc Search vendor "Adobe" for product "Acrobat Reader Dc" | <= 15.006.30121 Search vendor "Adobe" for product "Acrobat Reader Dc" and version " <= 15.006.30121" | classic |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
Adobe Search vendor "Adobe" | Acrobat Reader Dc Search vendor "Adobe" for product "Acrobat Reader Dc" | <= 15.010.20060 Search vendor "Adobe" for product "Acrobat Reader Dc" and version " <= 15.010.20060" | continuous |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
Adobe Search vendor "Adobe" | Acrobat Reader Dc Search vendor "Adobe" for product "Acrobat Reader Dc" | <= 15.010.20060 Search vendor "Adobe" for product "Acrobat Reader Dc" and version " <= 15.010.20060" | continuous |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
Adobe Search vendor "Adobe" | Reader Search vendor "Adobe" for product "Reader" | <= 11.0.15 Search vendor "Adobe" for product "Reader" and version " <= 11.0.15" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
Adobe Search vendor "Adobe" | Reader Search vendor "Adobe" for product "Reader" | <= 11.0.15 Search vendor "Adobe" for product "Reader" and version " <= 11.0.15" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|