Lucene search

AdobeCVE-2016-0947

HistoryJan 14, 2016 - 5:59 a.m.

CVE-2016-0947

2016-01-1405:59:15

adobe

web.nvd.nist.gov

cve-2016-0947

adobe download manager

adobe reader

acrobat

untrusted search path issue

windows

os x.

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

34.8%

JSON

Untrusted search path vulnerability in Adobe Download Manager, as used in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X, allows local users to gain privileges via a crafted resource in an unspecified directory.

Affected configurations

Nvd

Node

adobeacrobatRange≤11.0.13

adobeacrobatMatch11.0.0

adobeacrobatMatch11.0.1

adobeacrobatMatch11.0.2

adobeacrobatMatch11.0.3

adobeacrobatMatch11.0.4

adobeacrobatMatch11.0.5

adobeacrobatMatch11.0.6

adobeacrobatMatch11.0.7

adobeacrobatMatch11.0.8

adobeacrobatMatch11.0.9

adobeacrobatMatch11.0.10

adobeacrobatMatch11.0.11

adobeacrobatMatch11.0.12

AND

applemac_os_x

microsoftwindows

Node

adobeacrobat_dcRange≤15.006.30097classic

adobeacrobat_dcRange≤15.009.20077continuous

adobeacrobat_reader_dcRange≤15.006.30097classic

adobeacrobat_reader_dcRange≤15.009.20077continuous

AND

applemac_os_x

microsoftwindows

Node

adobeacrobat_readerRange≤11.0.13

adobeacrobat_readerMatch11.0.0

adobeacrobat_readerMatch11.0.1

adobeacrobat_readerMatch11.0.2

adobeacrobat_readerMatch11.0.3

adobeacrobat_readerMatch11.0.4

adobeacrobat_readerMatch11.0.5

adobeacrobat_readerMatch11.0.6

adobeacrobat_readerMatch11.0.7

adobeacrobat_readerMatch11.0.8

adobeacrobat_readerMatch11.0.9

adobeacrobat_readerMatch11.0.10

adobeacrobat_readerMatch11.0.11

adobeacrobat_readerMatch11.0.12

AND

applemac_os_x

microsoftwindows

VendorProductVersionCPE
adobeacrobat*cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
adobeacrobat11.0.0cpe:2.3:a:adobe:acrobat:11.0.0:*:*:*:*:*:*:*
adobeacrobat11.0.1cpe:2.3:a:adobe:acrobat:11.0.1:*:*:*:*:*:*:*
adobeacrobat11.0.2cpe:2.3:a:adobe:acrobat:11.0.2:*:*:*:*:*:*:*
adobeacrobat11.0.3cpe:2.3:a:adobe:acrobat:11.0.3:*:*:*:*:*:*:*
adobeacrobat11.0.4cpe:2.3:a:adobe:acrobat:11.0.4:*:*:*:*:*:*:*
adobeacrobat11.0.5cpe:2.3:a:adobe:acrobat:11.0.5:*:*:*:*:*:*:*
adobeacrobat11.0.6cpe:2.3:a:adobe:acrobat:11.0.6:*:*:*:*:*:*:*
adobeacrobat11.0.7cpe:2.3:a:adobe:acrobat:11.0.7:*:*:*:*:*:*:*
adobeacrobat11.0.8cpe:2.3:a:adobe:acrobat:11.0.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	acrobat	*	cpe:2.3:a:adobe:acrobat::::::::
adobe	acrobat	11.0.0	cpe:2.3:a:adobe:acrobat:11.0.0:::::::*
adobe	acrobat	11.0.1	cpe:2.3:a:adobe:acrobat:11.0.1:::::::*
adobe	acrobat	11.0.2	cpe:2.3:a:adobe:acrobat:11.0.2:::::::*
adobe	acrobat	11.0.3	cpe:2.3:a:adobe:acrobat:11.0.3:::::::*
adobe	acrobat	11.0.4	cpe:2.3:a:adobe:acrobat:11.0.4:::::::*
adobe	acrobat	11.0.5	cpe:2.3:a:adobe:acrobat:11.0.5:::::::*
adobe	acrobat	11.0.6	cpe:2.3:a:adobe:acrobat:11.0.6:::::::*
adobe	acrobat	11.0.7	cpe:2.3:a:adobe:acrobat:11.0.7:::::::*
adobe	acrobat	11.0.8	cpe:2.3:a:adobe:acrobat:11.0.8:::::::*

Rows per page:

1-10 of 341

References

www.securitytracker.com/id/1034646

helpx.adobe.com/security/products/acrobat/apsb16-02.html

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

34.8%

JSON

Related for CVE-2016-0947