CVE-2016-4270

2016-08-26T19:59:00

Description

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, and CVE-2016-4269.

Affected Software

CPE Name	Name	Version
adobe:acrobat	adobe acrobat	11.0.16
adobe:acrobat_dc	adobe acrobat dc	15.006.30174
adobe:acrobat_dc	adobe acrobat dc	15.016.20045
adobe:acrobat_reader_dc	adobe acrobat reader dc	15.006.30174
adobe:acrobat_reader_dc	adobe acrobat reader dc	15.016.20045
adobe:reader	adobe reader	11.0.16

{"id": "CVE-2016-4270", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2016-4270", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, and CVE-2016-4269.", "published": "2016-08-26T19:59:00", "modified": "2016-11-28T20:17:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4270", "reporter": "psirt@adobe.com", "references": ["https://helpx.adobe.com/security/products/acrobat/apsb16-26.html", "http://www.zerodayinitiative.com/advisories/ZDI-16-493", "http://www.securityfocus.com/bid/92635"], "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254", "CVE-2016-4265", "CVE-2016-4266", "CVE-2016-4267", "CVE-2016-4268", "CVE-2016-4269", "CVE-2016-4270"], "immutableFields": [], "lastseen": "2023-02-09T14:12:03", "viewCount": 107, "enchantments": {"dependencies": {"references": [{"type": "adobe", "idList": ["APSB16-26"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2016-0627", "CPAI-2016-0629", "CPAI-2016-0630", "CPAI-2016-0633", "CPAI-2016-0635", "CPAI-2016-0636", "CPAI-2016-0637", "CPAI-2016-0638", "CPAI-2016-0641", "CPAI-2016-0642", "CPAI-2016-0644", "CPAI-2016-0652", "CPAI-2016-0654"]}, {"type": "cve", "idList": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254", "CVE-2016-4265", "CVE-2016-4266", "CVE-2016-4267", "CVE-2016-4268", "CVE-2016-4269", "CVE-2016-6937"]}, {"type": "exploitdb", "idList": ["EDB-ID:40095", "EDB-ID:40096", "EDB-ID:40098", "EDB-ID:40099"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:6DD2F016F414468EE13E62685679B7D4", "EXPLOITPACK:7FEA489E322BA2EAEEC43E467C6F7F2A", "EXPLOITPACK:9C277D4E105894458928A7018ADFBA92", "EXPLOITPACK:A913D3C0B64A2C969AEF23A78AB9CBC4", "EXPLOITPACK:F6C09396C72378631A36B32689E4525B", "EXPLOITPACK:FA4B3CD1A81E79AE03B8CA7608B43077", "EXPLOITPACK:FF6189C51FFB76D35BEDEBC471A9E191"]}, {"type": "kaspersky", "idList": ["KLA10838"]}, {"type": "nessus", "idList": ["ADOBE_ACROBAT_APSB16-26.NASL", "ADOBE_READER_APSB16-26.NASL", "MACOSX_ADOBE_ACROBAT_APSB16-26.NASL", "MACOSX_ADOBE_READER_APSB16-26.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310808581", "OPENVAS:1361412562310808582", "OPENVAS:1361412562310808583", "OPENVAS:1361412562310808584"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:47F2249FC4903D395D79675E2BE38D91"]}, {"type": "zdi", "idList": ["ZDI-16-414", "ZDI-16-415", "ZDI-16-416", "ZDI-16-417", "ZDI-16-418", "ZDI-16-419", "ZDI-16-421", "ZDI-16-422", "ZDI-16-423", "ZDI-16-488", "ZDI-16-489", "ZDI-16-490", "ZDI-16-491", "ZDI-16-492", "ZDI-16-493"]}, {"type": "zdt", "idList": ["1337DAY-ID-26091", "1337DAY-ID-26092", "1337DAY-ID-26093", "1337DAY-ID-26094", "1337DAY-ID-26095", "1337DAY-ID-26096", "1337DAY-ID-26097"]}]}, "score": {"value": 8.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"]}, {"type": "nessus", "idList": ["ADOBE_ACROBAT_APSB16-26.NASL", "ADOBE_READER_APSB16-26.NASL", "MACOSX_ADOBE_ACROBAT_APSB16-26.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310808582"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "adobe reader", "version": 11}, {"name": "adobe acrobat", "version": 11}, {"name": "adobe acrobat dc", "version": 15}, {"name": "adobe acrobat dc", "version": 15}, {"name": "adobe acrobat reader dc", "version": 15}, {"name": "adobe acrobat reader dc", "version": 15}]}, "epss": [{"cve": "CVE-2016-4270", "epss": "0.018420000", "percentile": "0.864460000", "modified": "2023-03-14"}], "vulnersScore": 8.1}, "_state": {"dependencies": 1675955419, "score": 1675957768, "affected_software_major_version": 1677257749, "epss": 1678812679}, "_internal": {"score_hash": "8d5606b5074fc5dc23ca8a8c4fac7066"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"], "cwe": ["CWE-119"], "affectedSoftware": [{"cpeName": "adobe:acrobat", "version": "11.0.16", "operator": "le", "name": "adobe acrobat"}, {"cpeName": "adobe:acrobat_dc", "version": "15.006.30174", "operator": "le", "name": "adobe acrobat dc"}, {"cpeName": "adobe:acrobat_dc", "version": "15.016.20045", "operator": "le", "name": "adobe acrobat dc"}, {"cpeName": "adobe:acrobat_reader_dc", "version": "15.006.30174", "operator": "le", "name": "adobe acrobat reader dc"}, {"cpeName": "adobe:acrobat_reader_dc", "version": "15.016.20045", "operator": "le", "name": "adobe acrobat reader dc"}, {"cpeName": "adobe:reader", "version": "11.0.16", "operator": "le", "name": "adobe reader"}], "affectedConfiguration": [{"name": "apple mac os x", "cpeName": "apple:mac_os_x", "version": "*", "operator": "eq"}, {"name": "microsoft windows", "cpeName": "microsoft:windows", "version": "*", "operator": "eq"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": false, "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "versionEndIncluding": "11.0.16", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*", "versionEndIncluding": "15.006.30174", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "versionEndIncluding": "15.016.20045", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "versionEndIncluding": "15.006.30174", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "versionEndIncluding": "15.016.20045", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "versionEndIncluding": "11.0.16", "cpe_name": []}]}], "cpe_match": []}]}, "extraReferences": [{"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-26.html", "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-26.html", "refsource": "CONFIRM", "tags": ["Patch", "Vendor Advisory"]}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-493", "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-493", "refsource": "MISC", "tags": []}, {"url": "http://www.securityfocus.com/bid/92635", "name": "92635", "refsource": "BID", "tags": []}], "product_info": [{"vendor": "Adobe", "product": "Acrobat"}, {"vendor": "Adobe", "product": "Reader"}, {"vendor": "Adobe", "product": "Acrobat_reader_dc"}, {"vendor": "Adobe", "product": "Acrobat_dc"}]}

{"cve": [{"lastseen": "2023-02-09T14:11:19", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, CVE-2016-4269, and CVE-2016-4270.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-08-26T19:59:00", "type": "cve", "title": "CVE-2016-4265", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254", "CVE-2016-4265", "CVE-2016-4266", "CVE-2016-4267", "CVE-2016-4268", "CVE-2016-4269", "CVE-2016-4270"], "modified": "2016-11-28T20:17:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4265", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4265", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:18", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4267, CVE-2016-4268, CVE-2016-4269, and CVE-2016-4270.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-08-26T19:59:00", "type": "cve", "title": "CVE-2016-4266", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254", "CVE-2016-4265", "CVE-2016-4266", "CVE-2016-4267", "CVE-2016-4268", "CVE-2016-4269", "CVE-2016-4270"], "modified": "2016-11-28T20:17:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4266", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4266", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:18", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4268, CVE-2016-4269, and CVE-2016-4270.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-08-26T19:59:00", "type": "cve", "title": "CVE-2016-4267", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254", "CVE-2016-4265", "CVE-2016-4266", "CVE-2016-4267", "CVE-2016-4268", "CVE-2016-4269", "CVE-2016-4270"], "modified": "2016-11-28T20:17:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4267", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4267", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:19", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4269, and CVE-2016-4270.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-08-26T19:59:00", "type": "cve", "title": "CVE-2016-4268", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254", "CVE-2016-4265", "CVE-2016-4266", "CVE-2016-4267", "CVE-2016-4268", "CVE-2016-4269", "CVE-2016-4270"], "modified": "2016-11-28T20:17:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4268", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4268", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:19", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, and CVE-2016-4270.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-08-26T19:59:00", "type": "cve", "title": "CVE-2016-4269", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254", "CVE-2016-4265", "CVE-2016-4266", "CVE-2016-4267", "CVE-2016-4268", "CVE-2016-4269", "CVE-2016-4270"], "modified": "2016-11-28T20:17:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4269", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4269", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:17:22", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, CVE-2016-4269, and CVE-2016-4270.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-09-17T02:59:00", "type": "cve", "title": "CVE-2016-6937", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254", "CVE-2016-4265", "CVE-2016-4266", "CVE-2016-4267", "CVE-2016-4268", "CVE-2016-4269", "CVE-2016-4270", "CVE-2016-6937"], "modified": "2017-07-30T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-6937", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6937", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:06", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T02:00:00", "type": "cve", "title": "CVE-2016-4191", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4191", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4191", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:06", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T02:00:00", "type": "cve", "title": "CVE-2016-4192", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4192", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4192", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:06", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T02:00:00", "type": "cve", "title": "CVE-2016-4193", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4193", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4193", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:06", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T02:00:00", "type": "cve", "title": "CVE-2016-4194", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4194", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4194", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:06", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-13T02:00:00", "type": "cve", "title": "CVE-2016-4195", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4195", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4195", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:08", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-13T02:00:00", "type": "cve", "title": "CVE-2016-4197", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4197", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4197", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:07", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-13T02:00:00", "type": "cve", "title": "CVE-2016-4198", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4198", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4198", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:08", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-13T02:00:00", "type": "cve", "title": "CVE-2016-4199", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4199", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4199", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:07", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-13T02:00:00", "type": "cve", "title": "CVE-2016-4200", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4200", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4200", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:07", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-13T02:00:00", "type": "cve", "title": "CVE-2016-4202", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4202", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4202", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:15", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T02:00:00", "type": "cve", "title": "CVE-2016-4250", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4250", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4250", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:15", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4252, and CVE-2016-4254.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T02:00:00", "type": "cve", "title": "CVE-2016-4251", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4251", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4251", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:15", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, and CVE-2016-4254.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T02:00:00", "type": "cve", "title": "CVE-2016-4252", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4252", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4252", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:17", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, and CVE-2016-4252.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T02:00:00", "type": "cve", "title": "CVE-2016-4254", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4254", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4254", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:11", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T02:00:00", "type": "cve", "title": "CVE-2016-4211", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4211", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4211", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:13", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T02:00:00", "type": "cve", "title": "CVE-2016-4212", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4212", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4212", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:10", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T02:00:00", "type": "cve", "title": "CVE-2016-4213", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4213", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4213", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:08", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T02:00:00", "type": "cve", "title": "CVE-2016-4203", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"], "modified": "2017-09-03T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4203", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4203", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:07", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T02:00:00", "type": "cve", "title": "CVE-2016-4205", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"], "modified": "2017-09-03T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4205", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4205", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:08", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T02:00:00", "type": "cve", "title": "CVE-2016-4206", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"], "modified": "2017-09-03T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4206", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4206", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:09", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T02:00:00", "type": "cve", "title": "CVE-2016-4207", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"], "modified": "2017-09-03T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4207", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4207", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:12", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T02:00:00", "type": "cve", "title": "CVE-2016-4208", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"], "modified": "2017-09-03T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4208", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4208", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:11", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T02:00:00", "type": "cve", "title": "CVE-2016-4214", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4214", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4214", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:08", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-13T02:00:00", "type": "cve", "title": "CVE-2016-4196", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4196", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4196", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:07", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T02:00:00", "type": "cve", "title": "CVE-2016-4201", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"], "modified": "2017-09-03T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4201", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4201", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}, {"lastseen": "2023-02-09T14:11:08", "description": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T02:00:00", "type": "cve", "title": "CVE-2016-4204", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254"], "modified": "2017-09-03T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30174", "cpe:/a:adobe:acrobat:11.0.16", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045", "cpe:/a:adobe:acrobat_dc:15.006.30174", "cpe:/a:adobe:reader:11.0.16", "cpe:/a:adobe:acrobat_dc:15.016.20045"], "id": "CVE-2016-4204", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4204", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.016.20045:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30174:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:reader:11.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30174:*:*:*:classic:*:*:*"]}], "openvas": [{"lastseen": "2019-07-17T14:25:39", "description": "This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-07-14T00:00:00", "type": "openvas", "title": "Adobe Acrobat Security Updates(apsb16-26)-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4204", "CVE-2016-4200", "CVE-2016-4266", "CVE-2016-4214", "CVE-2016-4209", "CVE-2016-4193", "CVE-2016-4206", "CVE-2016-4251", "CVE-2016-4192", "CVE-2016-4194", "CVE-2016-4205", "CVE-2016-4267", "CVE-2016-4213", "CVE-2016-4250", "CVE-2016-6937", "CVE-2016-4210", "CVE-2016-4255", "CVE-2016-4269", "CVE-2016-4191", "CVE-2016-4202", "CVE-2016-4197", "CVE-2016-4211", "CVE-2016-4208", "CVE-2016-4265", "CVE-2016-4198", "CVE-2016-4201", "CVE-2016-4119", "CVE-2016-4215", "CVE-2016-4252", "CVE-2016-4196", "CVE-2016-4199", "CVE-2016-4203", "CVE-2016-4212", "CVE-2016-4207", "CVE-2016-4195", "CVE-2016-4268", "CVE-2016-4254", "CVE-2016-6938", "CVE-2016-4270"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310808584", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808584", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat Security Updates(apsb16-26)-MAC OS X\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808584\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2016-4191\", \"CVE-2016-4192\", \"CVE-2016-4193\", \"CVE-2016-4194\",\n \"CVE-2016-4195\", \"CVE-2016-4196\", \"CVE-2016-4197\", \"CVE-2016-4198\",\n \"CVE-2016-4199\", \"CVE-2016-4200\", \"CVE-2016-4201\", \"CVE-2016-4202\",\n \"CVE-2016-4203\", \"CVE-2016-4204\", \"CVE-2016-4205\", \"CVE-2016-4206\",\n \"CVE-2016-4207\", \"CVE-2016-4208\", \"CVE-2016-4209\", \"CVE-2016-4210\",\n \"CVE-2016-4211\", \"CVE-2016-4212\", \"CVE-2016-4213\", \"CVE-2016-4214\",\n \"CVE-2016-4215\", \"CVE-2016-4250\", \"CVE-2016-4251\", \"CVE-2016-4252\",\n \"CVE-2016-4254\", \"CVE-2016-4255\", \"CVE-2016-4265\", \"CVE-2016-4266\",\n \"CVE-2016-4267\", \"CVE-2016-4268\", \"CVE-2016-4269\", \"CVE-2016-4270\",\n \"CVE-2016-4119\", \"CVE-2016-6938\", \"CVE-2016-6937\");\n script_bugtraq_id(91716, 91712, 91714, 93014, 93016);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-07-14 13:02:40 +0530 (Thu, 14 Jul 2016)\");\n script_name(\"Adobe Acrobat Security Updates(apsb16-26)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - An integer overflow vulnerability.\n\n - An use-after-free vulnerability.\n\n - A heap buffer overflow vulnerability.\n\n - A Memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attacker lead to code execution and\n to bypass JavaScript API execution restrictions.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat version 11.x before 11.0.17 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat version\n 11.0.17 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb16-26.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(!readerVer =~ \"^(11\\.)\"){\n exit(0);\n}\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.16\"))\n{\n report = report_fixed_ver(installed_version:readerVer, fixed_version:\"11.0.17\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:25:55", "description": "This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-07-14T00:00:00", "type": "openvas", "title": "Adobe Reader Security Updates(apsb16-26)-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4204", "CVE-2016-4200", "CVE-2016-4266", "CVE-2016-4214", "CVE-2016-4209", "CVE-2016-4193", "CVE-2016-4206", "CVE-2016-4251", "CVE-2016-4192", "CVE-2016-4194", "CVE-2016-4205", "CVE-2016-4267", "CVE-2016-4213", "CVE-2016-4250", "CVE-2016-6937", "CVE-2016-4210", "CVE-2016-4255", "CVE-2016-4269", "CVE-2016-4191", "CVE-2016-4202", "CVE-2016-4197", "CVE-2016-4211", "CVE-2016-4208", "CVE-2016-4265", "CVE-2016-4198", "CVE-2016-4201", "CVE-2016-4119", "CVE-2016-4215", "CVE-2016-4252", "CVE-2016-4196", "CVE-2016-4199", "CVE-2016-4203", "CVE-2016-4212", "CVE-2016-4207", "CVE-2016-4195", "CVE-2016-4268", "CVE-2016-4254", "CVE-2016-6938", "CVE-2016-4270"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310808582", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808582", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Reader Security Updates(apsb16-26)-MAC OS X\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808582\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2016-4191\", \"CVE-2016-4192\", \"CVE-2016-4193\", \"CVE-2016-4194\",\n \"CVE-2016-4195\", \"CVE-2016-4196\", \"CVE-2016-4197\", \"CVE-2016-4198\",\n \"CVE-2016-4199\", \"CVE-2016-4200\", \"CVE-2016-4201\", \"CVE-2016-4202\",\n \"CVE-2016-4203\", \"CVE-2016-4204\", \"CVE-2016-4205\", \"CVE-2016-4206\",\n \"CVE-2016-4207\", \"CVE-2016-4208\", \"CVE-2016-4209\", \"CVE-2016-4210\",\n \"CVE-2016-4211\", \"CVE-2016-4212\", \"CVE-2016-4213\", \"CVE-2016-4214\",\n \"CVE-2016-4215\", \"CVE-2016-4250\", \"CVE-2016-4251\", \"CVE-2016-4252\",\n \"CVE-2016-4254\", \"CVE-2016-4255\", \"CVE-2016-4265\", \"CVE-2016-4266\",\n \"CVE-2016-4267\", \"CVE-2016-4268\", \"CVE-2016-4269\", \"CVE-2016-4270\",\n \"CVE-2016-4119\", \"CVE-2016-6937\", \"CVE-2016-6938\");\n script_bugtraq_id(91716, 91712, 91714, 93016, 93014);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-07-14 13:02:40 +0530 (Thu, 14 Jul 2016)\");\n script_name(\"Adobe Reader Security Updates(apsb16-26)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - An integer overflow vulnerability.\n\n - An use-after-free vulnerability.\n\n - A heap buffer overflow vulnerability.\n\n - A Memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attacker lead to code execution and\n to bypass JavaScript API execution restrictions.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader version 11.x before 11.0.17 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader version\n 11.0.17 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb16-26.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Reader/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(!readerVer =~ \"^(11\\.)\"){\n exit(0);\n}\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.16\"))\n{\n report = report_fixed_ver(installed_version:readerVer, fixed_version:\"11.0.17\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:25:06", "description": "This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-07-14T00:00:00", "type": "openvas", "title": "Adobe Reader Security Updates(apsb16-26)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4204", "CVE-2016-4200", "CVE-2016-4266", "CVE-2016-4214", "CVE-2016-4209", "CVE-2016-4193", "CVE-2016-4206", "CVE-2016-4251", "CVE-2016-4192", "CVE-2016-4194", "CVE-2016-4205", "CVE-2016-4267", "CVE-2016-4213", "CVE-2016-4250", "CVE-2016-6937", "CVE-2016-4210", "CVE-2016-4255", "CVE-2016-4269", "CVE-2016-4191", "CVE-2016-4202", "CVE-2016-4197", "CVE-2016-4211", "CVE-2016-4208", "CVE-2016-4265", "CVE-2016-4198", "CVE-2016-4201", "CVE-2016-4119", "CVE-2016-4215", "CVE-2016-4252", "CVE-2016-4196", "CVE-2016-4199", "CVE-2016-4203", "CVE-2016-4212", "CVE-2016-4207", "CVE-2016-4195", "CVE-2016-4268", "CVE-2016-4254", "CVE-2016-6938", "CVE-2016-4270"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310808581", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808581", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Reader Security Updates(apsb16-26)-Windows\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808581\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2016-4191\", \"CVE-2016-4192\", \"CVE-2016-4193\", \"CVE-2016-4194\",\n \"CVE-2016-4195\", \"CVE-2016-4196\", \"CVE-2016-4197\", \"CVE-2016-4198\",\n \"CVE-2016-4199\", \"CVE-2016-4200\", \"CVE-2016-4201\", \"CVE-2016-4202\",\n \"CVE-2016-4203\", \"CVE-2016-4204\", \"CVE-2016-4205\", \"CVE-2016-4206\",\n \"CVE-2016-4207\", \"CVE-2016-4208\", \"CVE-2016-4209\", \"CVE-2016-4210\",\n \"CVE-2016-4211\", \"CVE-2016-4212\", \"CVE-2016-4213\", \"CVE-2016-4214\",\n \"CVE-2016-4215\", \"CVE-2016-4250\", \"CVE-2016-4251\", \"CVE-2016-4252\",\n \"CVE-2016-4254\", \"CVE-2016-4255\", \"CVE-2016-4265\", \"CVE-2016-4266\",\n \"CVE-2016-4267\", \"CVE-2016-4268\", \"CVE-2016-4269\", \"CVE-2016-4270\",\n \"CVE-2016-4119\", \"CVE-2016-6937\", \"CVE-2016-6938\");\n script_bugtraq_id(91716, 91712, 91714, 93016, 93014);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-07-14 13:02:40 +0530 (Thu, 14 Jul 2016)\");\n script_name(\"Adobe Reader Security Updates(apsb16-26)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - An integer overflow vulnerability.\n\n - An use-after-free vulnerability.\n\n - A heap buffer overflow vulnerability.\n\n - A Memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attacker lead to code execution and\n to bypass JavaScript API execution restrictions.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader version 11.x before 11.0.17 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader version\n 11.0.17 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb16-26.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Reader/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(!readerVer =~ \"^(11\\.)\"){\n exit(0);\n}\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.16\"))\n{\n report = report_fixed_ver(installed_version:readerVer, fixed_version:\"11.0.17\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:25:41", "description": "This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-07-14T00:00:00", "type": "openvas", "title": "Adobe Acrobat Security Updates(apsb16-26)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4204", "CVE-2016-4200", "CVE-2016-4266", "CVE-2016-4214", "CVE-2016-4209", "CVE-2016-4193", "CVE-2016-4206", "CVE-2016-4251", "CVE-2016-4192", "CVE-2016-4194", "CVE-2016-4205", "CVE-2016-4267", "CVE-2016-4213", "CVE-2016-4250", "CVE-2016-6937", "CVE-2016-4210", "CVE-2016-4255", "CVE-2016-4269", "CVE-2016-4191", "CVE-2016-4202", "CVE-2016-4197", "CVE-2016-4211", "CVE-2016-4208", "CVE-2016-4265", "CVE-2016-4198", "CVE-2016-4201", "CVE-2016-4119", "CVE-2016-4215", "CVE-2016-4252", "CVE-2016-4196", "CVE-2016-4199", "CVE-2016-4203", "CVE-2016-4212", "CVE-2016-4207", "CVE-2016-4195", "CVE-2016-4268", "CVE-2016-4254", "CVE-2016-6938", "CVE-2016-4270"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310808583", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808583", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat Security Updates(apsb16-26)-Windows\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808583\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2016-4191\", \"CVE-2016-4192\", \"CVE-2016-4193\", \"CVE-2016-4194\",\n \"CVE-2016-4195\", \"CVE-2016-4196\", \"CVE-2016-4197\", \"CVE-2016-4198\",\n \"CVE-2016-4199\", \"CVE-2016-4200\", \"CVE-2016-4201\", \"CVE-2016-4202\",\n \"CVE-2016-4203\", \"CVE-2016-4204\", \"CVE-2016-4205\", \"CVE-2016-4206\",\n \"CVE-2016-4207\", \"CVE-2016-4208\", \"CVE-2016-4209\", \"CVE-2016-4210\",\n \"CVE-2016-4211\", \"CVE-2016-4212\", \"CVE-2016-4213\", \"CVE-2016-4214\",\n \"CVE-2016-4215\", \"CVE-2016-4250\", \"CVE-2016-4251\", \"CVE-2016-4252\",\n \"CVE-2016-4254\", \"CVE-2016-4255\", \"CVE-2016-4265\", \"CVE-2016-4266\",\n \"CVE-2016-4267\", \"CVE-2016-4268\", \"CVE-2016-4269\", \"CVE-2016-4270\",\n \"CVE-2016-4119\", \"CVE-2016-6937\", \"CVE-2016-6938\");\n script_bugtraq_id(91716, 91712, 91714, 93016, 93014);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-07-14 13:02:40 +0530 (Thu, 14 Jul 2016)\");\n script_name(\"Adobe Acrobat Security Updates(apsb16-26)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - An integer overflow vulnerability.\n\n - An use-after-free vulnerability.\n\n - A heap buffer overflow vulnerability.\n\n - A Memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attacker lead to code execution and\n to bypass JavaScript API execution restrictions.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat version 11.x before 11.0.17 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat version\n 11.0.17 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb16-26.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(!readerVer =~ \"^(11\\.)\"){\n exit(0);\n}\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.16\"))\n{\n report = report_fixed_ver(installed_version:readerVer, fixed_version:\"11.0.17\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-17T14:22:56", "description": "The version of Adobe Acrobat installed on the remote Mac OS X host is prior to 11.0.17, 15.006.30198, or 15.017.20050. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, CVE-2016-4269, CVE-2016-4270, CVE-2016-6937)\n\n - An unspecified heap buffer overflow condition exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-4209)\n\n - An unspecified integer overflow condition exists that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-4210)\n\n - An unspecified flaw exists that allows an unauthenticated, remote attacker to bypass the JavaScript API and execute arbitrary code.\n CVE-2016-4215)\n\n - An unspecified use-after-free error exists that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-4255, CVE-2016-6938)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T00:00:00", "type": "nessus", "title": "Adobe Acrobat < 11.0.17 / 15.006.30198 / 15.017.20050 Multiple Vulnerabilities (APSB16-26) (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4209", "CVE-2016-4210", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4215", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254", "CVE-2016-4255", "CVE-2016-4265", "CVE-2016-4266", "CVE-2016-4267", "CVE-2016-4268", "CVE-2016-4269", "CVE-2016-4270", "CVE-2016-6937", "CVE-2016-6938"], "modified": "2019-11-19T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "MACOSX_ADOBE_ACROBAT_APSB16-26.NASL", "href": "https://www.tenable.com/plugins/nessus/92036", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92036);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\n \"CVE-2016-4191\",\n \"CVE-2016-4192\",\n \"CVE-2016-4193\",\n \"CVE-2016-4194\",\n \"CVE-2016-4195\",\n \"CVE-2016-4196\",\n \"CVE-2016-4197\",\n \"CVE-2016-4198\",\n \"CVE-2016-4199\",\n \"CVE-2016-4200\",\n \"CVE-2016-4201\",\n \"CVE-2016-4202\",\n \"CVE-2016-4203\",\n \"CVE-2016-4204\",\n \"CVE-2016-4205\",\n \"CVE-2016-4206\",\n \"CVE-2016-4207\",\n \"CVE-2016-4208\",\n \"CVE-2016-4209\",\n \"CVE-2016-4210\",\n \"CVE-2016-4211\",\n \"CVE-2016-4212\",\n \"CVE-2016-4213\",\n \"CVE-2016-4214\",\n \"CVE-2016-4215\",\n \"CVE-2016-4250\",\n \"CVE-2016-4251\",\n \"CVE-2016-4252\",\n \"CVE-2016-4254\",\n \"CVE-2016-4255\",\n \"CVE-2016-4265\",\n \"CVE-2016-4266\",\n \"CVE-2016-4267\",\n \"CVE-2016-4268\",\n \"CVE-2016-4269\",\n \"CVE-2016-4270\",\n \"CVE-2016-6937\",\n \"CVE-2016-6938\"\n );\n script_bugtraq_id(\n 91710,\n 91711,\n 91712,\n 91714,\n 91716,\n 92635,\n 92636,\n 92637,\n 92640,\n 92641,\n 92643,\n 93014,\n 93016\n );\n\n script_name(english:\"Adobe Acrobat < 11.0.17 / 15.006.30198 / 15.017.20050 Multiple Vulnerabilities (APSB16-26) (Mac OS X)\");\n script_summary(english:\"Checks the version of Adobe Acrobat.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote Mac OS X host is\nprior to 11.0.17, 15.006.30198, or 15.017.20050. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple unspecified memory corruption issues exist due\n to improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit these to\n execute arbitrary code. (CVE-2016-4191, CVE-2016-4192,\n CVE-2016-4193, CVE-2016-4194, CVE-2016-4195,\n CVE-2016-4196, CVE-2016-4197, CVE-2016-4198,\n CVE-2016-4199, CVE-2016-4200, CVE-2016-4201,\n CVE-2016-4202, CVE-2016-4203, CVE-2016-4204,\n CVE-2016-4205, CVE-2016-4206, CVE-2016-4207,\n CVE-2016-4208, CVE-2016-4211, CVE-2016-4212,\n CVE-2016-4213, CVE-2016-4214, CVE-2016-4250,\n CVE-2016-4251, CVE-2016-4252, CVE-2016-4254,\n CVE-2016-4265, CVE-2016-4266, CVE-2016-4267,\n CVE-2016-4268, CVE-2016-4269, CVE-2016-4270,\n CVE-2016-6937)\n\n - An unspecified heap buffer overflow condition exists due\n to improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-4209)\n\n - An unspecified integer overflow condition exists that\n allows an unauthenticated, remote attacker to execute\n arbitrary code. (CVE-2016-4210)\n\n - An unspecified flaw exists that allows an\n unauthenticated, remote attacker to bypass the\n JavaScript API and execute arbitrary code.\n CVE-2016-4215)\n\n - An unspecified use-after-free error exists that allows\n an unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2016-4255, CVE-2016-6938)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb16-26.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat version 11.0.17 / 15.006.30198 / 15.017.20050\nor later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6938\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_acrobat_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_name = \"Adobe Acrobat\";\ninstall = get_single_install(app_name:app_name);\n\nversion = install['version'];\npath = install['path'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected is :\n#\n# 11.x < 11.0.17\n# DC Classic < 15.006.30198\n# DC Continuous < 15.017.20050\nif (\n (ver[0] == 11 && ver[1] == 0 && ver[2] <= 16) ||\n (ver[0] == 15 && ver[1] == 6 && ver[2] <= 30174) ||\n (ver[0] == 15 && ver[1] >= 7 && ver[1] <= 16) ||\n (ver[0] == 15 && ver[1] == 17 && ver[2] <= 20045)\n)\n{\n report = '\\n Path : '+path+\n '\\n Installed version : '+version+\n '\\n Fixed version : 11.0.17 / 15.006.30198 / 15.017.20050' +\n '\\n';\n security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-17T14:22:45", "description": "The version of Adobe Acrobat installed on the remote Windows host is prior to 11.0.17, 15.006.30198, or 15.017.20050. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, CVE-2016-4269, CVE-2016-4270, CVE-2016-6937)\n\n - An unspecified heap buffer overflow condition exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-4209)\n\n - An unspecified integer overflow condition exists that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-4210)\n\n - An unspecified flaw exists that allows an unauthenticated, remote attacker to bypass the JavaScript API and execute arbitrary code.\n CVE-2016-4215)\n\n - An unspecified use-after-free error exists that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-4255, CVE-2016-6938)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T00:00:00", "type": "nessus", "title": "Adobe Acrobat < 11.0.17 / 15.006.30198 / 15.017.20050 Multiple Vulnerabilities (APSB16-26)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4209", "CVE-2016-4210", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4215", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254", "CVE-2016-4255", "CVE-2016-4265", "CVE-2016-4266", "CVE-2016-4267", "CVE-2016-4268", "CVE-2016-4269", "CVE-2016-4270", "CVE-2016-6937", "CVE-2016-6938"], "modified": "2019-11-14T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "ADOBE_ACROBAT_APSB16-26.NASL", "href": "https://www.tenable.com/plugins/nessus/92034", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92034);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-4191\",\n \"CVE-2016-4192\",\n \"CVE-2016-4193\",\n \"CVE-2016-4194\",\n \"CVE-2016-4195\",\n \"CVE-2016-4196\",\n \"CVE-2016-4197\",\n \"CVE-2016-4198\",\n \"CVE-2016-4199\",\n \"CVE-2016-4200\",\n \"CVE-2016-4201\",\n \"CVE-2016-4202\",\n \"CVE-2016-4203\",\n \"CVE-2016-4204\",\n \"CVE-2016-4205\",\n \"CVE-2016-4206\",\n \"CVE-2016-4207\",\n \"CVE-2016-4208\",\n \"CVE-2016-4209\",\n \"CVE-2016-4210\",\n \"CVE-2016-4211\",\n \"CVE-2016-4212\",\n \"CVE-2016-4213\",\n \"CVE-2016-4214\",\n \"CVE-2016-4215\",\n \"CVE-2016-4250\",\n \"CVE-2016-4251\",\n \"CVE-2016-4252\",\n \"CVE-2016-4254\",\n \"CVE-2016-4255\",\n \"CVE-2016-4265\",\n \"CVE-2016-4266\",\n \"CVE-2016-4267\",\n \"CVE-2016-4268\",\n \"CVE-2016-4269\",\n \"CVE-2016-4270\",\n \"CVE-2016-6937\",\n \"CVE-2016-6938\"\n );\n script_bugtraq_id(\n 91710,\n 91711,\n 91712,\n 91714,\n 91716,\n 92635,\n 92636,\n 92637,\n 92640,\n 92641,\n 92643,\n 93014,\n 93016\n );\n\n script_name(english:\"Adobe Acrobat < 11.0.17 / 15.006.30198 / 15.017.20050 Multiple Vulnerabilities (APSB16-26)\");\n script_summary(english:\"Checks the version of Adobe Acrobat.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is\nprior to 11.0.17, 15.006.30198, or 15.017.20050. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple unspecified memory corruption issues exist due\n to improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit these to\n execute arbitrary code. (CVE-2016-4191, CVE-2016-4192,\n CVE-2016-4193, CVE-2016-4194, CVE-2016-4195,\n CVE-2016-4196, CVE-2016-4197, CVE-2016-4198,\n CVE-2016-4199, CVE-2016-4200, CVE-2016-4201,\n CVE-2016-4202, CVE-2016-4203, CVE-2016-4204,\n CVE-2016-4205, CVE-2016-4206, CVE-2016-4207,\n CVE-2016-4208, CVE-2016-4211, CVE-2016-4212,\n CVE-2016-4213, CVE-2016-4214, CVE-2016-4250,\n CVE-2016-4251, CVE-2016-4252, CVE-2016-4254,\n CVE-2016-4265, CVE-2016-4266, CVE-2016-4267,\n CVE-2016-4268, CVE-2016-4269, CVE-2016-4270,\n CVE-2016-6937)\n\n - An unspecified heap buffer overflow condition exists due\n to improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-4209)\n\n - An unspecified integer overflow condition exists that\n allows an unauthenticated, remote attacker to execute\n arbitrary code. (CVE-2016-4210)\n\n - An unspecified flaw exists that allows an\n unauthenticated, remote attacker to bypass the\n JavaScript API and execute arbitrary code.\n CVE-2016-4215)\n\n - An unspecified use-after-free error exists that allows\n an unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2016-4255, CVE-2016-6938)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb16-26.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat version 11.0.17 / 15.006.30198 / 15.017.20050\nor later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6938\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_acrobat_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_name = \"Adobe Acrobat\";\ninstall = get_single_install(app_name:app_name);\n\nversion = install['version'];\npath = install['path'];\nverui = install['display_version'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected is :\n#\n# 11.x < 11.0.17\n# DC Classic < 15.006.30198\n# DC Continuous < 15.017.20050\nif (\n (ver[0] == 11 && ver[1] == 0 && ver[2] <= 16) ||\n (ver[0] == 15 && ver[1] == 6 && ver[2] <= 30174) ||\n (ver[0] == 15 && ver[1] >= 7 && ver[1] <= 16) ||\n (ver[0] == 15 && ver[1] == 17 && ver[2] <= 20045)\n)\n{\n port = get_kb_item('SMB/transport');\n if(!port) port = 445;\n\n report = '\\n Path : '+path+\n '\\n Installed version : '+verui+\n '\\n Fixed version : 11.0.17 / 15.006.30198 / 15.017.20050' +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, verui, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T16:40:21", "description": "The version of Adobe Reader installed on the remote Windows host is prior to 11.0.17, 15.006.30198, or 15.017.20050. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, CVE-2016-4269, CVE-2016-4270, CVE-2016-6937)\n\n - An unspecified heap buffer overflow condition exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-4209)\n\n - An unspecified integer overflow condition exists that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-4210)\n\n - An unspecified flaw exists that allows an unauthenticated, remote attacker to bypass the JavaScript API and execute arbitrary code.\n CVE-2016-4215)\n\n - An unspecified use-after-free error exists that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-4255, CVE-2016-6938)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T00:00:00", "type": "nessus", "title": "Adobe Reader < 11.0.17 / 15.006.30198 / 15.017.20050 Multiple Vulnerabilities (APSB16-26)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4209", "CVE-2016-4210", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4215", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254", "CVE-2016-4255", "CVE-2016-4265", "CVE-2016-4266", "CVE-2016-4267", "CVE-2016-4268", "CVE-2016-4269", "CVE-2016-4270", "CVE-2016-6937", "CVE-2016-6938"], "modified": "2019-11-14T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "ADOBE_READER_APSB16-26.NASL", "href": "https://www.tenable.com/plugins/nessus/92035", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92035);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-4191\",\n \"CVE-2016-4192\",\n \"CVE-2016-4193\",\n \"CVE-2016-4194\",\n \"CVE-2016-4195\",\n \"CVE-2016-4196\",\n \"CVE-2016-4197\",\n \"CVE-2016-4198\",\n \"CVE-2016-4199\",\n \"CVE-2016-4200\",\n \"CVE-2016-4201\",\n \"CVE-2016-4202\",\n \"CVE-2016-4203\",\n \"CVE-2016-4204\",\n \"CVE-2016-4205\",\n \"CVE-2016-4206\",\n \"CVE-2016-4207\",\n \"CVE-2016-4208\",\n \"CVE-2016-4209\",\n \"CVE-2016-4210\",\n \"CVE-2016-4211\",\n \"CVE-2016-4212\",\n \"CVE-2016-4213\",\n \"CVE-2016-4214\",\n \"CVE-2016-4215\",\n \"CVE-2016-4250\",\n \"CVE-2016-4251\",\n \"CVE-2016-4252\",\n \"CVE-2016-4254\",\n \"CVE-2016-4255\",\n \"CVE-2016-4265\",\n \"CVE-2016-4266\",\n \"CVE-2016-4267\",\n \"CVE-2016-4268\",\n \"CVE-2016-4269\",\n \"CVE-2016-4270\",\n \"CVE-2016-6937\",\n \"CVE-2016-6938\"\n );\n script_bugtraq_id(\n 91710,\n 91711,\n 91712,\n 91714,\n 91716,\n 92635,\n 92636,\n 92637,\n 92640,\n 92641,\n 92643,\n 93014,\n 93016\n );\n\n script_name(english:\"Adobe Reader < 11.0.17 / 15.006.30198 / 15.017.20050 Multiple Vulnerabilities (APSB16-26)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote Windows host is\nprior to 11.0.17, 15.006.30198, or 15.017.20050. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple unspecified memory corruption issues exist due\n to improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit these to\n execute arbitrary code. (CVE-2016-4191, CVE-2016-4192,\n CVE-2016-4193, CVE-2016-4194, CVE-2016-4195,\n CVE-2016-4196, CVE-2016-4197, CVE-2016-4198,\n CVE-2016-4199, CVE-2016-4200, CVE-2016-4201,\n CVE-2016-4202, CVE-2016-4203, CVE-2016-4204,\n CVE-2016-4205, CVE-2016-4206, CVE-2016-4207,\n CVE-2016-4208, CVE-2016-4211, CVE-2016-4212,\n CVE-2016-4213, CVE-2016-4214, CVE-2016-4250,\n CVE-2016-4251, CVE-2016-4252, CVE-2016-4254,\n CVE-2016-4265, CVE-2016-4266, CVE-2016-4267,\n CVE-2016-4268, CVE-2016-4269, CVE-2016-4270,\n CVE-2016-6937)\n\n - An unspecified heap buffer overflow condition exists due\n to improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-4209)\n\n - An unspecified integer overflow condition exists that\n allows an unauthenticated, remote attacker to execute\n arbitrary code. (CVE-2016-4210)\n\n - An unspecified flaw exists that allows an\n unauthenticated, remote attacker to bypass the\n JavaScript API and execute arbitrary code.\n CVE-2016-4215)\n\n - An unspecified use-after-free error exists that allows\n an unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2016-4255, CVE-2016-6938)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb16-26.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader version 11.0.17 / 15.006.30198 / 15.017.20050 \nor later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6938\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_reader_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_name = \"Adobe Reader\";\ninstall = get_single_install(app_name:app_name);\n\n# NOTE: For this version of Reader, the AcroRd32.dll file was only\n# updated to reflect the proper version. The normal EXE was\n# not updated, so we have to look at the DLL.\n# The detection plugin will not report the proper version.\nversion = install['DLL_Product_Version']; # DLL version - not EXE\npath = install['path'];\nverui = install['DLL_Display_Version'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected is :\n#\n# 11.x < 11.0.17\n# DC Classic < 15.006.30198\n# DC Continuous < 15.017.20050\nif (\n (ver[0] == 11 && ver[1] == 0 && ver[2] <= 16) ||\n (ver[0] == 15 && ver[1] == 6 && ver[2] <= 30174) ||\n (ver[0] == 15 && ver[1] >= 7 && ver[1] <= 16) ||\n (ver[0] == 15 && ver[1] == 17 && ver[2] <= 20045)\n)\n{\n port = get_kb_item('SMB/transport');\n if(!port) port = 445;\n\n report = '\\n Note: The Adobe Reader version was extracted from AcroRd32.dll.' +\n '\\n Path : '+path+\n '\\n Installed version : '+verui+\n '\\n Fixed version : 11.0.17 / 15.006.30198 / 15.017.20050' +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, verui, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-17T14:22:55", "description": "The version of Adobe Reader installed on the remote Mac OS X host is prior to 11.0.17, 15.006.30198, or 15.017.20050. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, CVE-2016-4269, CVE-2016-4270, CVE-2016-6937)\n\n - An unspecified heap buffer overflow condition exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-4209)\n\n - An unspecified integer overflow condition exists that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-4210)\n\n - An unspecified flaw exists that allows an unauthenticated, remote attacker to bypass the JavaScript API and execute arbitrary code.\n CVE-2016-4215)\n\n - An unspecified use-after-free error exists that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-4255, CVE-2016-6938)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T00:00:00", "type": "nessus", "title": "Adobe Reader < 11.0.17 / 15.006.30198 / 15.017.20050 Multiple Vulnerabilities (APSB16-26) (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4209", "CVE-2016-4210", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4215", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254", "CVE-2016-4255", "CVE-2016-4265", "CVE-2016-4266", "CVE-2016-4267", "CVE-2016-4268", "CVE-2016-4269", "CVE-2016-4270", "CVE-2016-6937", "CVE-2016-6938"], "modified": "2019-11-19T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "MACOSX_ADOBE_READER_APSB16-26.NASL", "href": "https://www.tenable.com/plugins/nessus/92037", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92037);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\n \"CVE-2016-4191\",\n \"CVE-2016-4192\",\n \"CVE-2016-4193\",\n \"CVE-2016-4194\",\n \"CVE-2016-4195\",\n \"CVE-2016-4196\",\n \"CVE-2016-4197\",\n \"CVE-2016-4198\",\n \"CVE-2016-4199\",\n \"CVE-2016-4200\",\n \"CVE-2016-4201\",\n \"CVE-2016-4202\",\n \"CVE-2016-4203\",\n \"CVE-2016-4204\",\n \"CVE-2016-4205\",\n \"CVE-2016-4206\",\n \"CVE-2016-4207\",\n \"CVE-2016-4208\",\n \"CVE-2016-4209\",\n \"CVE-2016-4210\",\n \"CVE-2016-4211\",\n \"CVE-2016-4212\",\n \"CVE-2016-4213\",\n \"CVE-2016-4214\",\n \"CVE-2016-4215\",\n \"CVE-2016-4250\",\n \"CVE-2016-4251\",\n \"CVE-2016-4252\",\n \"CVE-2016-4254\",\n \"CVE-2016-4255\",\n \"CVE-2016-4265\",\n \"CVE-2016-4266\",\n \"CVE-2016-4267\",\n \"CVE-2016-4268\",\n \"CVE-2016-4269\",\n \"CVE-2016-4270\",\n \"CVE-2016-6937\",\n \"CVE-2016-6938\"\n );\n script_bugtraq_id(\n 91710,\n 91711,\n 91712,\n 91714,\n 91716,\n 92635,\n 92636,\n 92637,\n 92640,\n 92641,\n 92643,\n 93014,\n 93016\n );\n\n script_name(english:\"Adobe Reader < 11.0.17 / 15.006.30198 / 15.017.20050 Multiple Vulnerabilities (APSB16-26) (Mac OS X)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote Mac OS X host is\nprior to 11.0.17, 15.006.30198, or 15.017.20050. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple unspecified memory corruption issues exist due\n to improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit these to\n execute arbitrary code. (CVE-2016-4191, CVE-2016-4192,\n CVE-2016-4193, CVE-2016-4194, CVE-2016-4195,\n CVE-2016-4196, CVE-2016-4197, CVE-2016-4198,\n CVE-2016-4199, CVE-2016-4200, CVE-2016-4201,\n CVE-2016-4202, CVE-2016-4203, CVE-2016-4204,\n CVE-2016-4205, CVE-2016-4206, CVE-2016-4207,\n CVE-2016-4208, CVE-2016-4211, CVE-2016-4212,\n CVE-2016-4213, CVE-2016-4214, CVE-2016-4250,\n CVE-2016-4251, CVE-2016-4252, CVE-2016-4254,\n CVE-2016-4265, CVE-2016-4266, CVE-2016-4267,\n CVE-2016-4268, CVE-2016-4269, CVE-2016-4270,\n CVE-2016-6937)\n\n - An unspecified heap buffer overflow condition exists due\n to improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-4209)\n\n - An unspecified integer overflow condition exists that\n allows an unauthenticated, remote attacker to execute\n arbitrary code. (CVE-2016-4210)\n\n - An unspecified flaw exists that allows an\n unauthenticated, remote attacker to bypass the\n JavaScript API and execute arbitrary code.\n CVE-2016-4215)\n\n - An unspecified use-after-free error exists that allows\n an unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2016-4255, CVE-2016-6938)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb16-26.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader version 11.0.17 / 15.006.30198 / 15.017.20050 \nor later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6938\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_reader_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_name = \"Adobe Reader\";\ninstall = get_single_install(app_name:app_name);\n\nversion = install['version'];\npath = install['path'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected is :\n#\n# 11.x < 11.0.17\n# DC Classic < 15.006.30198\n# DC Continuous < 15.017.20050\nif (\n (ver[0] == 11 && ver[1] == 0 && ver[2] <= 16) ||\n (ver[0] == 15 && ver[1] == 6 && ver[2] <= 30174) ||\n (ver[0] == 15 && ver[1] >= 7 && ver[1] <= 16) ||\n (ver[0] == 15 && ver[1] == 17 && ver[2] <= 20045)\n)\n{\n report = '\\n Path : '+path+\n '\\n Installed version : '+version+\n '\\n Fixed version : 11.0.17 / 15.006.30198 / 15.017.20050' +\n '\\n';\n security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "adobe": [{"lastseen": "2022-10-21T17:06:26", "description": "Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-07T00:00:00", "type": "adobe", "title": "APSB16-26 Security updates available for Adobe Acrobat and Reader", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4189", "CVE-2016-4190", "CVE-2016-4191", "CVE-2016-4192", "CVE-2016-4193", "CVE-2016-4194", "CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4201", "CVE-2016-4202", "CVE-2016-4203", "CVE-2016-4204", "CVE-2016-4205", "CVE-2016-4206", "CVE-2016-4207", "CVE-2016-4208", "CVE-2016-4209", "CVE-2016-4210", "CVE-2016-4211", "CVE-2016-4212", "CVE-2016-4213", "CVE-2016-4214", "CVE-2016-4215", "CVE-2016-4250", "CVE-2016-4251", "CVE-2016-4252", "CVE-2016-4254", "CVE-2016-4255", "CVE-2016-4265", "CVE-2016-4266", "CVE-2016-4267", "CVE-2016-4268", "CVE-2016-4269", "CVE-2016-4270", "CVE-2016-6937", "CVE-2016-6938"], "modified": "2016-07-12T00:00:00", "id": "APSB16-26", "href": "https://helpx.adobe.com/security/products/acrobat/apsb16-26.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2023-02-08T16:10:32", "description": "### *Detect date*:\n07/12/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Adobe products. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions or cause a denial of service.\n\n### *Affected products*:\nAdobe Acrobat DC Continuous versions earlier than 15.017.20050 \nAdobe Acrobat Reader DC Continuous versions earlier than 15.017.20050 \nAdobe Acrobat DC Classic versions earlier than 15.006.30198 \nAdobe Acrobat Reader DC Classic versions earlier than 15.006.30198 \nAdobe Acrobat XI versions earlier than 11.0.17 \nAdobe Reader XI versions earlier than 11.0.17\n\n### *Solution*:\nUpdate to the latest version \n[Get Adobe Reader](<https://get.adobe.com/reader/>)\n\n### *Original advisories*:\n[Adobe security advisory](<https://helpx.adobe.com/security/products/acrobat/apsb16-26.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Reader XI](<https://threats.kaspersky.com/en/product/Adobe-Reader-XI/>)\n\n### *CVE-IDS*:\n[CVE-2016-4255](<https://vulners.com/cve/CVE-2016-4255>)6.8High \n[CVE-2016-4202](<https://vulners.com/cve/CVE-2016-4202>)6.8High \n[CVE-2016-4195](<https://vulners.com/cve/CVE-2016-4195>)6.8High \n[CVE-2016-4196](<https://vulners.com/cve/CVE-2016-4196>)6.8High \n[CVE-2016-4197](<https://vulners.com/cve/CVE-2016-4197>)6.8High \n[CVE-2016-4198](<https://vulners.com/cve/CVE-2016-4198>)6.8High \n[CVE-2016-4199](<https://vulners.com/cve/CVE-2016-4199>)6.8High \n[CVE-2016-4200](<https://vulners.com/cve/CVE-2016-4200>)6.8High\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-12T00:00:00", "type": "kaspersky", "title": "KLA10838 Multiple vulnerabilities in Adobe Acrobat & Reader", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200", "CVE-2016-4202", "CVE-2016-4255"], "modified": "2020-06-18T00:00:00", "id": "KLA10838", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10838/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T11:42:46", "description": "A memory corruption vulnerability exists in Adobe Reader and Acrobat. In particular, the vulnerability is caused by a crafted PDF file which causes an out of bounds memory access, which sometimes triggers access violation exception. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-21T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Memory Corruption (APSB16-26: CVE-2016-4197; CVE-2016-4198; CVE-2016-4199; CVE-2016-4200)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4197", "CVE-2016-4198", "CVE-2016-4199", "CVE-2016-4200"], "modified": "2016-07-25T00:00:00", "id": "CPAI-2016-0630", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-17T11:42:24", "description": "A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-21T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Reader Memory Corruption (APSB16-26: CVE-2016-4196; CVE-2016-4195; CVE-2016-4202)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4195", "CVE-2016-4196", "CVE-2016-4202"], "modified": "2016-07-26T00:00:00", "id": "CPAI-2016-0642", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-17T11:42:21", "description": "A memory corruption vulnerability exists in Adobe Reader. In particular, the vulnerability is trigger by a crafted PDF file which causes an out of bounds memory access, which can trigger an access violation. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes or frees \u2013 potentially leading to memory corruption.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-24T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Memory Corruption (APSB16-26 : CVE-2016-4205)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4205"], "modified": "2016-07-27T00:00:00", "id": "CPAI-2016-0635", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:42:46", "description": "This vulnerability is an instance of a memory corruption vulnerability. In particular, the vulnerability is caused by a crafted PDF file which causes an out of bounds memory access, which can trigger an access violation exception. Attackers can exploit the vulnerability by enticing a victim to open a maliciously crafted PDF file.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-24T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Reader Memory Corruption (APSB16-26: CVE-2016-4251)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4251"], "modified": "2016-07-25T00:00:00", "id": "CPAI-2016-0636", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:42:52", "description": "This vulnerability is an instance of a memory corruption vulnerability. In particular, the vulnerability is caused by a crafted PDF file which causes an out of bounds memory access, which can trigger an access violation exception. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes or frees \u2013 potentially leading to code corruption, control-flow hijack, or information leak attack.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-20T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Reader Out of Bounds Memory Access (APSB16-26: CVE-2016-4191)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191"], "modified": "2016-07-21T00:00:00", "id": "CPAI-2016-0627", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:42:00", "description": "A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to out-of-bounds error while accessing to unintended memory in a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF file.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-08-21T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Reader Memory Corruption (APSB16-26: CVE-2016-4204)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4204"], "modified": "2016-08-21T00:00:00", "id": "CPAI-2016-0652", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:42:23", "description": "A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is caused by a crafted PDF file which causes an out of bounds memory access, which sometimes triggers access violation exception. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF file.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-21T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Memory Corruption (APSB16-26: CVE-2016-4201)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4201"], "modified": "2016-07-26T00:00:00", "id": "CPAI-2016-0633", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:42:15", "description": "A memory corruption vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error while handling a specially crafted PDF file that leads to out-of-bounds memory access. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF file.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-24T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Use After Free (APSB16-26: CVE-2016-4206)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4206"], "modified": "2016-08-07T00:00:00", "id": "CPAI-2016-0644", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:42:48", "description": "A memory corruption vulnerability exists in Adobe Reader. In particular, the vulnerability is triggered by a crafted PDF file which causes an out of bounds memory access, which can trigger an access violation. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes or frees \u2013 potentially leading to memory corruption.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-24T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Memory Corruption (APSB16-26 : CVE-2016-4252)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4252"], "modified": "2016-07-24T00:00:00", "id": "CPAI-2016-0641", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:42:46", "description": "A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-24T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Memory Corruption (APSB16-26: CVE-2016-4208)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4208"], "modified": "2016-07-25T00:00:00", "id": "CPAI-2016-0638", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:42:47", "description": "A memory corruption vulnerability exists in Adobe Reader. In particular, the vulnerability is trigger by a crafted PDF file which causes an out of bounds memory access, which can trigger an access violation. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes or frees \u2013 potentially leading to memory corruption.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-20T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Memory Corruption (APSB16-26 : CVE-2016-4192)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4192"], "modified": "2016-07-25T00:00:00", "id": "CPAI-2016-0629", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T19:46:01", "description": "A memory corruption vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error while loading a PDF containing a malicious ttf font. A remote attacker may exploit this issue by enticing a target user to open a malicious PDF file with an affected version of Adobe Reader or Acrobat.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-26T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Reader and Acrobat Memory Corruption (APSB16-26: CVE-2016-4203)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4203"], "modified": "2016-07-26T00:00:00", "id": "CPAI-2016-0654", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:42:47", "description": "A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-24T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Memory Corruption (APSB16-26: CVE-2016-4207)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4207"], "modified": "2016-07-25T00:00:00", "id": "CPAI-2016-0637", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "zdi": [{"lastseen": "2023-02-13T16:39:24", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Font streams. A crafted Font stream can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-08-24T00:00:00", "type": "zdi", "title": "Adobe Reader DC Font stream Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4270"], "modified": "2016-08-24T00:00:00", "id": "ZDI-16-493", "href": "https://www.zerodayinitiative.com/advisories/ZDI-16-493/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T16:39:25", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of FlateDecode streams. A crafted FlateDecode stream can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-08-24T00:00:00", "type": "zdi", "title": "Adobe Reader DC FlateDecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4269"], "modified": "2016-08-24T00:00:00", "id": "ZDI-16-491", "href": "https://www.zerodayinitiative.com/advisories/ZDI-16-491/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-19T19:49:56", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XPath expressions. A PDF document with a specific value-of element and an XPath expression can force Adobe Reader DC to write values past the end of an allocated object. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-12T00:00:00", "type": "zdi", "title": "Adobe Reader DC XSLT value-of Out-Of-Bounds Write Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4198"], "modified": "2016-07-12T00:00:00", "id": "ZDI-16-422", "href": "https://www.zerodayinitiative.com/advisories/ZDI-16-422/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-31T21:20:17", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XPath expressions. A PDF document with a specific \"for-each\" element and an XPath expression can force Adobe Reader DC to write values past the end of an allocated object. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-12T00:00:00", "type": "zdi", "title": "Adobe Reader DC for-each XSLT Out-Of-Bounds Write Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4199"], "modified": "2016-07-12T00:00:00", "id": "ZDI-16-417", "href": "https://www.zerodayinitiative.com/advisories/ZDI-16-417/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-13T16:39:26", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of FlateDecode streams. A crafted FlateDecode stream can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-08-24T00:00:00", "type": "zdi", "title": "Adobe Reader DC FlateDecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4267"], "modified": "2016-08-24T00:00:00", "id": "ZDI-16-490", "href": "https://www.zerodayinitiative.com/advisories/ZDI-16-490/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T16:39:27", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of FlateDecode streams. A crafted FlateDecode stream can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-08-24T00:00:00", "type": "zdi", "title": "Adobe Reader DC FlateDecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4265"], "modified": "2016-08-24T00:00:00", "id": "ZDI-16-488", "href": "https://www.zerodayinitiative.com/advisories/ZDI-16-488/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:20:15", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XPath expressions. A PDF document with a specific \"copy-of\" element and an XPath expression can force Adobe Reader DC to write values past the end of an allocated object. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-12T00:00:00", "type": "zdi", "title": "Adobe Reader DC copy-of XSLT Out-Of-Bounds Write Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4200"], "modified": "2016-07-12T00:00:00", "id": "ZDI-16-419", "href": "https://www.zerodayinitiative.com/advisories/ZDI-16-419/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-31T21:20:18", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XPath expressions. A PDF document with a specific \"if\" element and an XPath expression can force Adobe Reader DC to write values past the end of an allocated object. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-12T00:00:00", "type": "zdi", "title": "Adobe Reader DC if XSLT Out-Of-Bounds Write Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4196"], "modified": "2016-07-12T00:00:00", "id": "ZDI-16-416", "href": "https://www.zerodayinitiative.com/advisories/ZDI-16-416/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-19T19:49:56", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of FlateDecode streams. A crafted FlateDecode stream can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-12T00:00:00", "type": "zdi", "title": "Adobe Reader DC FlateDecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4251"], "modified": "2016-07-12T00:00:00", "id": "ZDI-16-421", "href": "https://www.zerodayinitiative.com/advisories/ZDI-16-421/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:19:04", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Font streams. A crafted Font stream can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-08-24T00:00:00", "type": "zdi", "title": "Adobe Reader DC Font stream Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4268"], "modified": "2016-08-24T00:00:00", "id": "ZDI-16-492", "href": "https://www.zerodayinitiative.com/advisories/ZDI-16-492/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T16:39:26", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of FlateDecode streams. A crafted FlateDecode stream can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-08-24T00:00:00", "type": "zdi", "title": "Adobe Reader DC FlateDecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4266"], "modified": "2016-08-24T00:00:00", "id": "ZDI-16-489", "href": "https://www.zerodayinitiative.com/advisories/ZDI-16-489/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T16:40:01", "description": "This vulnerability allows an attacker to leak sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JPEG2000 files. The issue lies in the failure to validate multiple fields in the JPEG2000 file structure. An attacker can leverage this vulnerability to disclose the contents of adjacent memory.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-12T00:00:00", "type": "zdi", "title": "Adobe Reader DC JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4191"], "modified": "2016-07-12T00:00:00", "id": "ZDI-16-423", "href": "https://www.zerodayinitiative.com/advisories/ZDI-16-423/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:20:17", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XPath expressions. A PDF document with a specific \"choose\" element and an XPath expression can force Adobe Reader DC to write values past the end of an allocated object. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-12T00:00:00", "type": "zdi", "title": "Adobe Reader DC choose XSLT Out-Of-Bounds Write Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4195"], "modified": "2016-07-12T00:00:00", "id": "ZDI-16-418", "href": "https://www.zerodayinitiative.com/advisories/ZDI-16-418/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-31T21:20:20", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XPath expressions. A PDF document with a specific 'number' element and an XPath expression can force Adobe Reader DC to write values past the end of an allocated object. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-12T00:00:00", "type": "zdi", "title": "Adobe Reader DC number XSLT Out-Of-Bounds Write Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4202"], "modified": "2016-07-12T00:00:00", "id": "ZDI-16-414", "href": "https://www.zerodayinitiative.com/advisories/ZDI-16-414/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-31T21:20:19", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XPath expressions. A PDF document with a specific apply-templates element and an XPath expression can force Adobe Reader DC to write values past the end of an allocated object. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-12T00:00:00", "type": "zdi", "title": "Adobe Reader DC apply-templates XSLT Out-Of-Bounds Write Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4197"], "modified": "2016-07-12T00:00:00", "id": "ZDI-16-415", "href": "https://www.zerodayinitiative.com/advisories/ZDI-16-415/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "zdt": [{"lastseen": "2018-01-05T03:21:58", "description": "Exploit for multiple platform in category dos / poc", "cvss3": {}, "published": "2016-07-13T00:00:00", "type": "zdt", "title": "Adobe Acrobat Reader DC 15.016.20045 - Invalid Font '.ttf' Memory Corruption (1)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-4205"], "modified": "2016-07-13T00:00:00", "id": "1337DAY-ID-26097", "href": "https://0day.today/exploit/description/26097", "sourceData": "#####################################################################################\r\n \r\n# Application: Adobe Acrobat Reader DC\r\n# Platforms: Windows,OSX\r\n# Versions: 15.016.20045 and earlier\r\n# Author: S\u00e9bastien Morin and Pier-Luc Maltais of COSIG\r\n# Website: https://cosig.gouv.qc.ca/en/advisory/\r\n# Twitter: @COSIG_\r\n# Date: July 12, 2016\r\n# CVE: CVE-2016-4205\r\n# COSIG-2016-30\r\n \r\n#####################################################################################\r\n \r\n1) Introduction\r\n2) Report Timeline\r\n3) Technical details\r\n4) POC\r\n \r\n#####################################################################################\r\n \r\n================\r\n1) Introduction\r\n================\r\nAdobe Acrobat is a family of application software and Web services developed by Adobe Systems to view, create, manipulate, print and manage files in Portable Document Format (PDF).\r\n \r\n(https://en.wikipedia.org/wiki/Adobe_Acrobat)\r\n \r\n#####################################################################################\r\n \r\n====================\r\n2) Report Timeline\r\n====================\r\n2016-05-18: S\u00e9bastien Morin and Pier-Luc Maltais of COSIG report this vulnerability to Adobe PSIRT;\r\n2016-06-08: Adobe PSIRT confirm this vulnerability;\r\n2016-07-12: Adobe fixed the issue (APSB16-26);\r\n2016-07-12: Advisory released by COSIG;\r\n \r\n#####################################################################################\r\n \r\n=====================\r\n3) Technical details\r\n=====================\r\nThe vulnerability allows a remote attacker to execute malicious code or access to part of dynamically allocated memory using a user interaction\r\nthat opens a specially crafted PDF file containing an invalid font (.ttf ) including invalid data.\r\n \r\n#####################################################################################\r\n \r\n===========\r\n4) POC\r\n===========\r\n \r\nhttps://cosig.gouv.qc.ca/wp-content/uploads/2016/07/COSIG-2016-30.pdf\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40095.zip\r\n \r\n####################################################################################\n\n# 0day.today [2018-01-05] #", "sourceHref": "https://0day.today/exploit/26097", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-31T01:27:32", "description": "Exploit for multiple platform in category dos / poc", "cvss3": {}, "published": "2016-07-13T00:00:00", "type": "zdt", "title": "Adobe Acrobat Reader DC 15.016.20045 - Invalid Font '.ttf' Memory Corruption (2)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-4204"], "modified": "2016-07-13T00:00:00", "id": "1337DAY-ID-26096", "href": "https://0day.today/exploit/description/26096", "sourceData": "#####################################################################################\r\n \r\n# Application: Adobe Acrobat Reader DC\r\n# Platforms: Windows,OSX\r\n# Versions: 15.016.20045 and earlier\r\n# Author: S\u00e9bastien Morin and Pier-Luc Maltais of COSIG\r\n# Website: https://cosig.gouv.qc.ca/en/advisory/\r\n# Twitter: @COSIG_\r\n# Date: July 12, 2016\r\n# CVE: CVE-2016-4204\r\n# COSIG-2016-29\r\n \r\n#####################################################################################\r\n \r\n1) Introduction\r\n2) Report Timeline\r\n3) Technical details\r\n4) POC\r\n \r\n#####################################################################################\r\n \r\n================\r\n1) Introduction\r\n================\r\nAdobe Acrobat is a family of application software and Web services developed by Adobe Systems to view, create, manipulate, print and manage files in Portable Document Format (PDF).\r\n \r\n(https://en.wikipedia.org/wiki/Adobe_Acrobat)\r\n \r\n#####################################################################################\r\n \r\n====================\r\n2) Report Timeline\r\n====================\r\n2016-05-18: S\u00e9bastien Morin and Pier-Luc Maltais of COSIG report this vulnerability to Adobe PSIRT;\r\n2016-06-08: Adobe PSIRT confirm this vulnerability;\r\n2016-07-12: Adobe fixed the issue (APSB16-26);\r\n2016-07-12: Advisory released by COSIG;\r\n \r\n#####################################################################################\r\n \r\n=====================\r\n3) Technical details\r\n=====================\r\nThe vulnerability allows a remote attacker to execute malicious code or access to part of dynamically allocated memory using a user interaction\r\nthat opens a specially crafted PDF file containing an invalid font (.ttf ) including invalid data.\r\n \r\n#####################################################################################\r\n \r\n===========\r\n4) POC\r\n===========\r\n \r\nhttps://cosig.gouv.qc.ca/wp-content/uploads/2016/07/COSIG-2016-29.pdf\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40096.zip\r\n \r\n####################################################################################\n\n# 0day.today [2018-03-31] #", "sourceHref": "https://0day.today/exploit/26096", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-19T11:10:56", "description": "Exploit for multiple platform in category dos / poc", "cvss3": {}, "published": "2016-07-13T00:00:00", "type": "zdt", "title": "Adobe Acrobat Reader DC 15.016.20045 - Invalid Font '.ttf' Memory Corruption (7)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-4201"], "modified": "2016-07-13T00:00:00", "id": "1337DAY-ID-26091", "href": "https://0day.today/exploit/description/26091", "sourceData": "#####################################################################################\r\n \r\n# Application: Adobe Acrobat Reader DC\r\n# Platforms: Windows,OSX\r\n# Versions: 15.016.20045 and earlier\r\n# Author: S\u00e9bastien Morin of COSIG\r\n# Website: https://cosig.gouv.qc.ca/en/advisory/\r\n# Twitter: @COSIG_\r\n# Date: July 12, 2016\r\n# CVE: CVE-2016-4201\r\n# COSIG-2016-24\r\n \r\n#####################################################################################\r\n \r\n1) Introduction\r\n2) Report Timeline\r\n3) Technical details\r\n4) POC\r\n \r\n#####################################################################################\r\n \r\n================\r\n1) Introduction\r\n================\r\nAdobe Acrobat is a family of application software and Web services developed by Adobe Systems to view, create, manipulate, print and manage files in Portable Document Format (PDF).\r\n \r\n(https://en.wikipedia.org/wiki/Adobe_Acrobat)\r\n \r\n#####################################################################################\r\n \r\n====================\r\n2) Report Timeline\r\n====================\r\n2016-05-18: S\u00e9bastien Morin of COSIG report this vulnerability to Adobe PSIRT;\r\n2016-06-08: Adobe PSIRT confirm this vulnerability;\r\n2016-07-12: Adobe fixed the issue (APSB16-26);\r\n2016-07-12: Advisory released by COSIG;\r\n \r\n#####################################################################################\r\n \r\n=====================\r\n3) Technical details\r\n=====================\r\nThe vulnerability allows a remote attacker to execute malicious code or access to part of dynamically allocated memory using a user interaction\r\nthat opens a specially crafted PDF file containing an invalid font (.ttf ) including invalid data.\r\n \r\n#####################################################################################\r\n \r\n===========\r\n4) POC\r\n===========\r\n \r\nhttps://cosig.gouv.qc.ca/wp-content/uploads/2016/07/COSIG-2016-24.pdf\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40101.zip\r\n \r\n####################################################################################\n\n# 0day.today [2018-03-19] #", "sourceHref": "https://0day.today/exploit/26091", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-19T11:05:10", "description": "Exploit for multiple platform in category dos / poc", "cvss3": {}, "published": "2016-07-13T00:00:00", "type": "zdt", "title": "Adobe Acrobat Reader DC 15.016.20045 - Invalid Font '.ttf' Memory Corruption (6)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-4206"], "modified": "2016-07-13T00:00:00", "id": "1337DAY-ID-26092", "href": "https://0day.today/exploit/description/26092", "sourceData": "#####################################################################################\r\n \r\n# Application: Adobe Acrobat Reader DC\r\n# Platforms: Windows,OSX\r\n# Versions: 15.016.20045 and earlier\r\n# Author: S\u00e9bastien Morin of COSIG\r\n# Website: https://cosig.gouv.qc.ca/en/advisory/\r\n# Twitter: @COSIG_\r\n# Date: July 12, 2016\r\n# CVE: CVE-2016-4206\r\n# COSIG-2016-25\r\n \r\n#####################################################################################\r\n \r\n1) Introduction\r\n2) Report Timeline\r\n3) Technical details\r\n4) POC\r\n \r\n#####################################################################################\r\n \r\n================\r\n1) Introduction\r\n================\r\nAdobe Acrobat is a family of application software and Web services developed by Adobe Systems to view, create, manipulate, print and manage files in Portable Document Format (PDF).\r\n \r\n(https://en.wikipedia.org/wiki/Adobe_Acrobat)\r\n \r\n#####################################################################################\r\n \r\n====================\r\n2) Report Timeline\r\n====================\r\n2016-05-18: S\u00e9bastien Morin of COSIG report this vulnerability to Adobe PSIRT;\r\n2016-06-08: Adobe PSIRT confirm this vulnerability;\r\n2016-07-12: Adobe fixed the issue (APSB16-26);\r\n2016-07-12: Advisory released by COSIG;\r\n \r\n#####################################################################################\r\n \r\n=====================\r\n3) Technical details\r\n=====================\r\nThe vulnerability allows a remote attacker to execute malicious code or access to part of dynamically allocated memory using a user interaction\r\nthat opens a specially crafted PDF file containing an invalid font (.ttf ) including invalid data.\r\n \r\n#####################################################################################\r\n \r\n===========\r\n4) POC\r\n===========\r\n \r\nhttps://cosig.gouv.qc.ca/wp-content/uploads/2016/07/COSIG-2016-25.pdf\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40100.zip\r\n \r\n####################################################################################\n\n# 0day.today [2018-03-19] #", "sourceHref": "https://0day.today/exploit/26092", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-04T14:59:40", "description": "Exploit for multiple platform in category dos / poc", "cvss3": {}, "published": "2016-07-13T00:00:00", "type": "zdt", "title": "Adobe Acrobat Reader DC 15.016.20045 - Invalid Font '.ttf' Memory Corruption (4)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-4208"], "modified": "2016-07-13T00:00:00", "id": "1337DAY-ID-26094", "href": "https://0day.today/exploit/description/26094", "sourceData": "#####################################################################################\r\n \r\n# Application: Adobe Acrobat Reader DC\r\n# Platforms: Windows,OSX\r\n# Versions: 15.016.20045 and earlier\r\n# Author: S\u00e9bastien Morin of COSIG\r\n# Website: https://cosig.gouv.qc.ca/en/advisory/\r\n# Twitter: @COSIG_\r\n# Date: July 12, 2016\r\n# CVE: CVE-2016-4208\r\n# COSIG-2016-27\r\n \r\n#####################################################################################\r\n \r\n1) Introduction\r\n2) Report Timeline\r\n3) Technical details\r\n4) POC\r\n \r\n#####################################################################################\r\n \r\n================\r\n1) Introduction\r\n================\r\nAdobe Acrobat is a family of application software and Web services developed by Adobe Systems to view, create, manipulate, print and manage files in Portable Document Format (PDF).\r\n \r\n(https://en.wikipedia.org/wiki/Adobe_Acrobat)\r\n \r\n#####################################################################################\r\n \r\n====================\r\n2) Report Timeline\r\n====================\r\n2016-05-18: S\u00e9bastien Morin of COSIG report this vulnerability to Adobe PSIRT;\r\n2016-06-08: Adobe PSIRT confirm this vulnerability;\r\n2016-07-12: Adobe fixed the issue (APSB16-26);\r\n2016-07-12: Advisory released by COSIG;\r\n \r\n#####################################################################################\r\n \r\n=====================\r\n3) Technical details\r\n=====================\r\nThe vulnerability allows a remote attacker to execute malicious code or access to part of dynamically allocated memory using a user interaction\r\nthat opens a specially crafted PDF file containing an invalid font (.ttf ) including invalid data.\r\n \r\n#####################################################################################\r\n \r\n===========\r\n4) POC\r\n===========\r\n \r\nhttps://cosig.gouv.qc.ca/wp-content/uploads/2016/07/COSIG-2016-27.pdf\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40098.zip\r\n \r\n####################################################################################\n\n# 0day.today [2018-01-04] #", "sourceHref": "https://0day.today/exploit/26094", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-27T01:17:35", "description": "Exploit for multiple platform in category dos / poc", "cvss3": {}, "published": "2016-07-13T00:00:00", "type": "zdt", "title": "Adobe Acrobat Reader DC 15.016.20045 - Invalid Font '.ttf' Memory Corruption (3)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-4203"], "modified": "2016-07-13T00:00:00", "id": "1337DAY-ID-26095", "href": "https://0day.today/exploit/description/26095", "sourceData": "", "sourceHref": "https://0day.today/exploit/26095", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-28T03:22:39", "description": "Exploit for multiple platform in category dos / poc", "cvss3": {}, "published": "2016-07-13T00:00:00", "type": "zdt", "title": "Adobe Acrobat Reader DC 15.016.20045 - Invalid Font '.ttf' Memory Corruption (5)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-4207"], "modified": "2016-07-13T00:00:00", "id": "1337DAY-ID-26093", "href": "https://0day.today/exploit/description/26093", "sourceData": "#####################################################################################\r\n \r\n# Application: Adobe Acrobat Reader DC\r\n# Platforms: Windows,OSX\r\n# Versions: 15.016.20045 and earlier\r\n# Author: S\u00e9bastien Morin of COSIG\r\n# Website: https://cosig.gouv.qc.ca/en/advisory/\r\n# Twitter: @COSIG_\r\n# Date: July 12, 2016\r\n# CVE: CVE-2016-4207\r\n# COSIG-2016-26\r\n \r\n#####################################################################################\r\n \r\n1) Introduction\r\n2) Report Timeline\r\n3) Technical details\r\n4) POC\r\n \r\n#####################################################################################\r\n \r\n================\r\n1) Introduction\r\n================\r\nAdobe Acrobat is a family of application software and Web services developed by Adobe Systems to view, create, manipulate, print and manage files in Portable Document Format (PDF).\r\n \r\n(https://en.wikipedia.org/wiki/Adobe_Acrobat)\r\n \r\n#####################################################################################\r\n \r\n====================\r\n2) Report Timeline\r\n====================\r\n2016-05-18: S\u00e9bastien Morin of COSIG report this vulnerability to Adobe PSIRT;\r\n2016-06-08: Adobe PSIRT confirm this vulnerability;\r\n2016-07-12: Adobe fixed the issue (APSB16-26);\r\n2016-07-12: Advisory released by COSIG;\r\n \r\n#####################################################################################\r\n \r\n=====================\r\n3) Technical details\r\n=====================\r\nThe vulnerability allows a remote attacker to execute malicious code or access to part of dynamically allocated memory using a user interaction\r\nthat opens a specially crafted PDF file containing an invalid font (.ttf ) including invalid data.\r\n \r\n#####################################################################################\r\n \r\n===========\r\n4) POC\r\n===========\r\n \r\nhttps://cosig.gouv.qc.ca/wp-content/uploads/2016/07/COSIG-2016-26.pdf\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40099.zip\r\n \r\n####################################################################################\n\n# 0day.today [2018-03-28] #", "sourceHref": "https://0day.today/exploit/26093", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:01", "description": "\nAdobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption (1)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-13T00:00:00", "type": "exploitpack", "title": "Adobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption (1)", "bulletinFamily": "exploit", "hackapp": {}, "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4205"], "modified": "2016-07-13T00:00:00", "id": "EXPLOITPACK:7FEA489E322BA2EAEEC43E467C6F7F2A", "href": "", "sourceData": "#####################################################################################\n\n# Application: Adobe Acrobat Reader DC\n# Platforms: Windows,OSX\n# Versions: 15.016.20045 and earlier\n# Author: S\u00e9bastien Morin and Pier-Luc Maltais of COSIG\n# Website: https://cosig.gouv.qc.ca/en/advisory/\n# Twitter: @COSIG_\n# Date: July 12, 2016\n# CVE: CVE-2016-4205\n# COSIG-2016-30\n\n#####################################################################################\n\n1) Introduction\n2) Report Timeline\n3) Technical details\n4) POC\n\n#####################################################################################\n\n================\n1) Introduction\n================\nAdobe Acrobat is a family of application software and Web services developed by Adobe Systems to view, create, manipulate, print and manage files in Portable Document Format (PDF).\n\n(https://en.wikipedia.org/wiki/Adobe_Acrobat)\n\n#####################################################################################\n\n====================\n2) Report Timeline\n====================\n2016-05-18: S\u00e9bastien Morin and Pier-Luc Maltais of COSIG report this vulnerability to Adobe PSIRT;\n2016-06-08: Adobe PSIRT confirm this vulnerability;\n2016-07-12: Adobe fixed the issue (APSB16-26);\n2016-07-12: Advisory released by COSIG;\n\n#####################################################################################\n\n=====================\n3) Technical details\n=====================\nThe vulnerability allows a remote attacker to execute malicious code or access to part of dynamically allocated memory using a user interaction\nthat opens a specially crafted PDF file containing an invalid font (.ttf ) including invalid data.\n\n#####################################################################################\n\n===========\n4) POC\n===========\n\nhttps://cosig.gouv.qc.ca/wp-content/uploads/2016/07/COSIG-2016-30.pdf\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40095.zip\n\n####################################################################################", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-01T19:04:01", "description": "\nAdobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption (2)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-13T00:00:00", "type": "exploitpack", "title": "Adobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption (2)", "bulletinFamily": "exploit", "hackapp": {}, "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4204"], "modified": "2016-07-13T00:00:00", "id": "EXPLOITPACK:9C277D4E105894458928A7018ADFBA92", "href": "", "sourceData": "#####################################################################################\n\n# Application: Adobe Acrobat Reader DC\n# Platforms: Windows,OSX\n# Versions: 15.016.20045 and earlier\n# Author: S\u00e9bastien Morin and Pier-Luc Maltais of COSIG\n# Website: https://cosig.gouv.qc.ca/en/advisory/\n# Twitter: @COSIG_\n# Date: July 12, 2016\n# CVE: CVE-2016-4204\n# COSIG-2016-29\n\n#####################################################################################\n\n1) Introduction\n2) Report Timeline\n3) Technical details\n4) POC\n\n#####################################################################################\n\n================\n1) Introduction\n================\nAdobe Acrobat is a family of application software and Web services developed by Adobe Systems to view, create, manipulate, print and manage files in Portable Document Format (PDF).\n\n(https://en.wikipedia.org/wiki/Adobe_Acrobat)\n\n#####################################################################################\n\n====================\n2) Report Timeline\n====================\n2016-05-18: S\u00e9bastien Morin and Pier-Luc Maltais of COSIG report this vulnerability to Adobe PSIRT;\n2016-06-08: Adobe PSIRT confirm this vulnerability;\n2016-07-12: Adobe fixed the issue (APSB16-26);\n2016-07-12: Advisory released by COSIG;\n\n#####################################################################################\n\n=====================\n3) Technical details\n=====================\nThe vulnerability allows a remote attacker to execute malicious code or access to part of dynamically allocated memory using a user interaction\nthat opens a specially crafted PDF file containing an invalid font (.ttf ) including invalid data.\n\n#####################################################################################\n\n===========\n4) POC\n===========\n\nhttps://cosig.gouv.qc.ca/wp-content/uploads/2016/07/COSIG-2016-29.pdf\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40096.zip\n\n####################################################################################", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-01T19:04:01", "description": "\nAdobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption (7)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-13T00:00:00", "type": "exploitpack", "title": "Adobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption (7)", "bulletinFamily": "exploit", "hackapp": {}, "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4201"], "modified": "2016-07-13T00:00:00", "id": "EXPLOITPACK:6DD2F016F414468EE13E62685679B7D4", "href": "", "sourceData": "#####################################################################################\n\n# Application: Adobe Acrobat Reader DC\n# Platforms: Windows,OSX\n# Versions: 15.016.20045 and earlier\n# Author: S\u00e9bastien Morin of COSIG\n# Website: https://cosig.gouv.qc.ca/en/advisory/\n# Twitter: @COSIG_\n# Date: July 12, 2016\n# CVE: CVE-2016-4201\n# COSIG-2016-24\n\n#####################################################################################\n\n1) Introduction\n2) Report Timeline\n3) Technical details\n4) POC\n\n#####################################################################################\n\n================\n1) Introduction\n================\nAdobe Acrobat is a family of application software and Web services developed by Adobe Systems to view, create, manipulate, print and manage files in Portable Document Format (PDF).\n\n(https://en.wikipedia.org/wiki/Adobe_Acrobat)\n\n#####################################################################################\n\n====================\n2) Report Timeline\n====================\n2016-05-18: S\u00e9bastien Morin of COSIG report this vulnerability to Adobe PSIRT;\n2016-06-08: Adobe PSIRT confirm this vulnerability;\n2016-07-12: Adobe fixed the issue (APSB16-26);\n2016-07-12: Advisory released by COSIG;\n\n#####################################################################################\n\n=====================\n3) Technical details\n=====================\nThe vulnerability allows a remote attacker to execute malicious code or access to part of dynamically allocated memory using a user interaction\nthat opens a specially crafted PDF file containing an invalid font (.ttf ) including invalid data.\n\n#####################################################################################\n\n===========\n4) POC\n===========\n\nhttps://cosig.gouv.qc.ca/wp-content/uploads/2016/07/COSIG-2016-24.pdf\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40101.zip\n\n####################################################################################", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-01T19:04:01", "description": "\nAdobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption (6)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-13T00:00:00", "type": "exploitpack", "title": "Adobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption (6)", "bulletinFamily": "exploit", "hackapp": {}, "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4206"], "modified": "2016-07-13T00:00:00", "id": "EXPLOITPACK:A913D3C0B64A2C969AEF23A78AB9CBC4", "href": "", "sourceData": "#####################################################################################\n\n# Application: Adobe Acrobat Reader DC\n# Platforms: Windows,OSX\n# Versions: 15.016.20045 and earlier\n# Author: S\u00e9bastien Morin of COSIG\n# Website: https://cosig.gouv.qc.ca/en/advisory/\n# Twitter: @COSIG_\n# Date: July 12, 2016\n# CVE: CVE-2016-4206\n# COSIG-2016-25\n\n#####################################################################################\n\n1) Introduction\n2) Report Timeline\n3) Technical details\n4) POC\n\n#####################################################################################\n\n================\n1) Introduction\n================\nAdobe Acrobat is a family of application software and Web services developed by Adobe Systems to view, create, manipulate, print and manage files in Portable Document Format (PDF).\n\n(https://en.wikipedia.org/wiki/Adobe_Acrobat)\n\n#####################################################################################\n\n====================\n2) Report Timeline\n====================\n2016-05-18: S\u00e9bastien Morin of COSIG report this vulnerability to Adobe PSIRT;\n2016-06-08: Adobe PSIRT confirm this vulnerability;\n2016-07-12: Adobe fixed the issue (APSB16-26);\n2016-07-12: Advisory released by COSIG;\n\n#####################################################################################\n\n=====================\n3) Technical details\n=====================\nThe vulnerability allows a remote attacker to execute malicious code or access to part of dynamically allocated memory using a user interaction\nthat opens a specially crafted PDF file containing an invalid font (.ttf ) including invalid data.\n\n#####################################################################################\n\n===========\n4) POC\n===========\n\nhttps://cosig.gouv.qc.ca/wp-content/uploads/2016/07/COSIG-2016-25.pdf\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40100.zip\n\n####################################################################################", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-01T19:04:01", "description": "\nAdobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption (4)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-13T00:00:00", "type": "exploitpack", "title": "Adobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption (4)", "bulletinFamily": "exploit", "hackapp": {}, "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4208"], "modified": "2016-07-13T00:00:00", "id": "EXPLOITPACK:F6C09396C72378631A36B32689E4525B", "href": "", "sourceData": "#####################################################################################\n\n# Application: Adobe Acrobat Reader DC\n# Platforms: Windows,OSX\n# Versions: 15.016.20045 and earlier\n# Author: S\u00e9bastien Morin of COSIG\n# Website: https://cosig.gouv.qc.ca/en/advisory/\n# Twitter: @COSIG_\n# Date: July 12, 2016\n# CVE: CVE-2016-4208\n# COSIG-2016-27\n\n#####################################################################################\n\n1) Introduction\n2) Report Timeline\n3) Technical details\n4) POC\n\n#####################################################################################\n\n================\n1) Introduction\n================\nAdobe Acrobat is a family of application software and Web services developed by Adobe Systems to view, create, manipulate, print and manage files in Portable Document Format (PDF).\n\n(https://en.wikipedia.org/wiki/Adobe_Acrobat)\n\n#####################################################################################\n\n====================\n2) Report Timeline\n====================\n2016-05-18: S\u00e9bastien Morin of COSIG report this vulnerability to Adobe PSIRT;\n2016-06-08: Adobe PSIRT confirm this vulnerability;\n2016-07-12: Adobe fixed the issue (APSB16-26);\n2016-07-12: Advisory released by COSIG;\n\n#####################################################################################\n\n=====================\n3) Technical details\n=====================\nThe vulnerability allows a remote attacker to execute malicious code or access to part of dynamically allocated memory using a user interaction\nthat opens a specially crafted PDF file containing an invalid font (.ttf ) including invalid data.\n\n#####################################################################################\n\n===========\n4) POC\n===========\n\nhttps://cosig.gouv.qc.ca/wp-content/uploads/2016/07/COSIG-2016-27.pdf\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40098.zip\n\n####################################################################################", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-01T19:04:01", "description": "\nAdobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption (3)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-13T00:00:00", "type": "exploitpack", "title": "Adobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption (3)", "bulletinFamily": "exploit", "hackapp": {}, "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4203"], "modified": "2016-07-13T00:00:00", "id": "EXPLOITPACK:FA4B3CD1A81E79AE03B8CA7608B43077", "href": "", "sourceData": "#####################################################################################\n\n# Application: Adobe Acrobat Reader DC\n# Platforms: Windows,OSX\n# Versions: 15.016.20045 and earlier\n# Author: S\u00e9bastien Morin of COSIG\n# Website: https://cosig.gouv.qc.ca/en/advisory/\n# Twitter: @COSIG_\n# Date: July 12, 2016\n# CVE: CVE-2016-4203\n# COSIG-2016-28\n\n#####################################################################################\n\n1) Introduction\n2) Report Timeline\n3) Technical details\n4) POC\n\n#####################################################################################\n\n================\n1) Introduction\n================\nAdobe Acrobat is a family of application software and Web services developed by Adobe Systems to view, create, manipulate, print and manage files in Portable Document Format (PDF).\n\n(https://en.wikipedia.org/wiki/Adobe_Acrobat)\n\n#####################################################################################\n\n====================\n2) Report Timeline\n====================\n2016-05-18: S\u00e9bastien Morin of COSIG report this vulnerability to Adobe PSIRT;\n2016-06-08: Adobe PSIRT confirm this vulnerability;\n2016-07-12: Adobe fixed the issue (APSB16-26);\n2016-07-12: Advisory released by COSIG;\n\n#####################################################################################\n\n=====================\n3) Technical details\n=====================\nThe vulnerability allows a remote attacker to execute malicious code or access to part of dynamically allocated memory using a user interaction\nthat opens a specially crafted PDF file containing an invalid font (.ttf ) including invalid data.\n\n#####################################################################################\n\n===========\n4) POC\n===========\n\nhttps://cosig.gouv.qc.ca/wp-content/uploads/2016/07/COSIG-2016-28.pdf\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40097.zip\n\n####################################################################################", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-01T19:04:01", "description": "\nAdobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption (5)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-13T00:00:00", "type": "exploitpack", "title": "Adobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption (5)", "bulletinFamily": "exploit", "hackapp": {}, "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4207"], "modified": "2016-07-13T00:00:00", "id": "EXPLOITPACK:FF6189C51FFB76D35BEDEBC471A9E191", "href": "", "sourceData": "#####################################################################################\n\n# Application: Adobe Acrobat Reader DC\n# Platforms: Windows,OSX\n# Versions: 15.016.20045 and earlier\n# Author: S\u00e9bastien Morin of COSIG\n# Website: https://cosig.gouv.qc.ca/en/advisory/\n# Twitter: @COSIG_\n# Date: July 12, 2016\n# CVE: CVE-2016-4207\n# COSIG-2016-26\n\n#####################################################################################\n\n1) Introduction\n2) Report Timeline\n3) Technical details\n4) POC\n\n#####################################################################################\n\n================\n1) Introduction\n================\nAdobe Acrobat is a family of application software and Web services developed by Adobe Systems to view, create, manipulate, print and manage files in Portable Document Format (PDF).\n\n(https://en.wikipedia.org/wiki/Adobe_Acrobat)\n\n#####################################################################################\n\n====================\n2) Report Timeline\n====================\n2016-05-18: S\u00e9bastien Morin of COSIG report this vulnerability to Adobe PSIRT;\n2016-06-08: Adobe PSIRT confirm this vulnerability;\n2016-07-12: Adobe fixed the issue (APSB16-26);\n2016-07-12: Advisory released by COSIG;\n\n#####################################################################################\n\n=====================\n3) Technical details\n=====================\nThe vulnerability allows a remote attacker to execute malicious code or access to part of dynamically allocated memory using a user interaction\nthat opens a specially crafted PDF file containing an invalid font (.ttf ) including invalid data.\n\n#####################################################################################\n\n===========\n4) POC\n===========\n\nhttps://cosig.gouv.qc.ca/wp-content/uploads/2016/07/COSIG-2016-26.pdf\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40099.zip\n\n####################################################################################", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2022-08-16T08:20:13", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T00:00:00", "type": "exploitdb", "title": "Adobe Acrobat Reader DC 15.016.20045 - Invalid Font '.ttf' Memory Corruption (1)", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["2016-4205", "CVE-2016-4205"], "modified": "2016-07-13T00:00:00", "id": "EDB-ID:40095", "href": "https://www.exploit-db.com/exploits/40095", "sourceData": "#####################################################################################\r\n\r\n# Application: Adobe Acrobat Reader DC\r\n# Platforms: Windows,OSX\r\n# Versions: 15.016.20045 and earlier\r\n# Author: S\u00e9bastien Morin and Pier-Luc Maltais of COSIG\r\n# Website: https://cosig.gouv.qc.ca/en/advisory/\r\n# Twitter: @COSIG_\r\n# Date: July 12, 2016\r\n# CVE: CVE-2016-4205\r\n# COSIG-2016-30\r\n\r\n#####################################################################################\r\n\r\n1) Introduction\r\n2) Report Timeline\r\n3) Technical details\r\n4) POC\r\n\r\n#####################################################################################\r\n\r\n================\r\n1) Introduction\r\n================\r\nAdobe Acrobat is a family of application software and Web services developed by Adobe Systems to view, create, manipulate, print and manage files in Portable Document Format (PDF).\r\n\r\n(https://en.wikipedia.org/wiki/Adobe_Acrobat)\r\n\r\n#####################################################################################\r\n\r\n====================\r\n2) Report Timeline\r\n====================\r\n2016-05-18: S\u00e9bastien Morin and Pier-Luc Maltais of COSIG report this vulnerability to Adobe PSIRT;\r\n2016-06-08: Adobe PSIRT confirm this vulnerability;\r\n2016-07-12: Adobe fixed the issue (APSB16-26);\r\n2016-07-12: Advisory released by COSIG;\r\n\r\n#####################################################################################\r\n\r\n=====================\r\n3) Technical details\r\n=====================\r\nThe vulnerability allows a remote attacker to execute malicious code or access to part of dynamically allocated memory using a user interaction\r\nthat opens a specially crafted PDF file containing an invalid font (.ttf ) including invalid data.\r\n\r\n#####################################################################################\r\n\r\n===========\r\n4) POC\r\n===========\r\n\r\nhttps://cosig.gouv.qc.ca/wp-content/uploads/2016/07/COSIG-2016-30.pdf\r\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40095.zip\r\n\r\n####################################################################################", "sourceHref": "https://www.exploit-db.com/download/40095", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-16T08:20:13", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T00:00:00", "type": "exploitdb", "title": "Adobe Acrobat Reader DC 15.016.20045 - Invalid Font '.ttf' Memory Corruption (2)", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["2016-4204", "CVE-2016-4204"], "modified": "2016-07-13T00:00:00", "id": "EDB-ID:40096", "href": "https://www.exploit-db.com/exploits/40096", "sourceData": "#####################################################################################\r\n\r\n# Application: Adobe Acrobat Reader DC\r\n# Platforms: Windows,OSX\r\n# Versions: 15.016.20045 and earlier\r\n# Author: S\u00e9bastien Morin and Pier-Luc Maltais of COSIG\r\n# Website: https://cosig.gouv.qc.ca/en/advisory/\r\n# Twitter: @COSIG_\r\n# Date: July 12, 2016\r\n# CVE: CVE-2016-4204\r\n# COSIG-2016-29\r\n\r\n#####################################################################################\r\n\r\n1) Introduction\r\n2) Report Timeline\r\n3) Technical details\r\n4) POC\r\n\r\n#####################################################################################\r\n\r\n================\r\n1) Introduction\r\n================\r\nAdobe Acrobat is a family of application software and Web services developed by Adobe Systems to view, create, manipulate, print and manage files in Portable Document Format (PDF).\r\n\r\n(https://en.wikipedia.org/wiki/Adobe_Acrobat)\r\n\r\n#####################################################################################\r\n\r\n====================\r\n2) Report Timeline\r\n====================\r\n2016-05-18: S\u00e9bastien Morin and Pier-Luc Maltais of COSIG report this vulnerability to Adobe PSIRT;\r\n2016-06-08: Adobe PSIRT confirm this vulnerability;\r\n2016-07-12: Adobe fixed the issue (APSB16-26);\r\n2016-07-12: Advisory released by COSIG;\r\n\r\n#####################################################################################\r\n\r\n=====================\r\n3) Technical details\r\n=====================\r\nThe vulnerability allows a remote attacker to execute malicious code or access to part of dynamically allocated memory using a user interaction\r\nthat opens a specially crafted PDF file containing an invalid font (.ttf ) including invalid data.\r\n\r\n#####################################################################################\r\n\r\n===========\r\n4) POC\r\n===========\r\n\r\nhttps://cosig.gouv.qc.ca/wp-content/uploads/2016/07/COSIG-2016-29.pdf\r\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40096.zip\r\n\r\n####################################################################################", "sourceHref": "https://www.exploit-db.com/download/40096", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-16T08:20:13", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T00:00:00", "type": "exploitdb", "title": "Adobe Acrobat Reader DC 15.016.20045 - Invalid Font '.ttf' Memory Corruption (4)", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["2016-4208", "CVE-2016-4208"], "modified": "2016-07-13T00:00:00", "id": "EDB-ID:40098", "href": "https://www.exploit-db.com/exploits/40098", "sourceData": "#####################################################################################\r\n\r\n# Application: Adobe Acrobat Reader DC\r\n# Platforms: Windows,OSX\r\n# Versions: 15.016.20045 and earlier\r\n# Author: S\u00e9bastien Morin of COSIG\r\n# Website: https://cosig.gouv.qc.ca/en/advisory/\r\n# Twitter: @COSIG_\r\n# Date: July 12, 2016\r\n# CVE: CVE-2016-4208\r\n# COSIG-2016-27\r\n\r\n#####################################################################################\r\n\r\n1) Introduction\r\n2) Report Timeline\r\n3) Technical details\r\n4) POC\r\n\r\n#####################################################################################\r\n\r\n================\r\n1) Introduction\r\n================\r\nAdobe Acrobat is a family of application software and Web services developed by Adobe Systems to view, create, manipulate, print and manage files in Portable Document Format (PDF).\r\n\r\n(https://en.wikipedia.org/wiki/Adobe_Acrobat)\r\n\r\n#####################################################################################\r\n\r\n====================\r\n2) Report Timeline\r\n====================\r\n2016-05-18: S\u00e9bastien Morin of COSIG report this vulnerability to Adobe PSIRT;\r\n2016-06-08: Adobe PSIRT confirm this vulnerability;\r\n2016-07-12: Adobe fixed the issue (APSB16-26);\r\n2016-07-12: Advisory released by COSIG;\r\n\r\n#####################################################################################\r\n\r\n=====================\r\n3) Technical details\r\n=====================\r\nThe vulnerability allows a remote attacker to execute malicious code or access to part of dynamically allocated memory using a user interaction\r\nthat opens a specially crafted PDF file containing an invalid font (.ttf ) including invalid data.\r\n\r\n#####################################################################################\r\n\r\n===========\r\n4) POC\r\n===========\r\n\r\nhttps://cosig.gouv.qc.ca/wp-content/uploads/2016/07/COSIG-2016-27.pdf\r\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40098.zip\r\n\r\n####################################################################################", "sourceHref": "https://www.exploit-db.com/download/40098", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-16T08:20:13", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-13T00:00:00", "type": "exploitdb", "title": "Adobe Acrobat Reader DC 15.016.20045 - Invalid Font '.ttf' Memory Corruption (5)", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["2016-4207", "CVE-2016-4207"], "modified": "2016-07-13T00:00:00", "id": "EDB-ID:40099", "href": "https://www.exploit-db.com/exploits/40099", "sourceData": "#####################################################################################\r\n\r\n# Application: Adobe Acrobat Reader DC\r\n# Platforms: Windows,OSX\r\n# Versions: 15.016.20045 and earlier\r\n# Author: S\u00e9bastien Morin of COSIG\r\n# Website: https://cosig.gouv.qc.ca/en/advisory/\r\n# Twitter: @COSIG_\r\n# Date: July 12, 2016\r\n# CVE: CVE-2016-4207\r\n# COSIG-2016-26\r\n\r\n#####################################################################################\r\n\r\n1) Introduction\r\n2) Report Timeline\r\n3) Technical details\r\n4) POC\r\n\r\n#####################################################################################\r\n\r\n================\r\n1) Introduction\r\n================\r\nAdobe Acrobat is a family of application software and Web services developed by Adobe Systems to view, create, manipulate, print and manage files in Portable Document Format (PDF).\r\n\r\n(https://en.wikipedia.org/wiki/Adobe_Acrobat)\r\n\r\n#####################################################################################\r\n\r\n====================\r\n2) Report Timeline\r\n====================\r\n2016-05-18: S\u00e9bastien Morin of COSIG report this vulnerability to Adobe PSIRT;\r\n2016-06-08: Adobe PSIRT confirm this vulnerability;\r\n2016-07-12: Adobe fixed the issue (APSB16-26);\r\n2016-07-12: Advisory released by COSIG;\r\n\r\n#####################################################################################\r\n\r\n=====================\r\n3) Technical details\r\n=====================\r\nThe vulnerability allows a remote attacker to execute malicious code or access to part of dynamically allocated memory using a user interaction\r\nthat opens a specially crafted PDF file containing an invalid font (.ttf ) including invalid data.\r\n\r\n#####################################################################################\r\n\r\n===========\r\n4) POC\r\n===========\r\n\r\nhttps://cosig.gouv.qc.ca/wp-content/uploads/2016/07/COSIG-2016-26.pdf\r\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40099.zip\r\n\r\n####################################################################################", "sourceHref": "https://www.exploit-db.com/download/40099", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "rapid7blog": [{"lastseen": "2021-01-29T14:48:39", "description": "![NICER Protocol Deep Dive: Internet Exposure of HTTP and HTTPS](https://blog.rapid7.com/content/images/2021/01/NICER-Protocol-Deep-Dive--Internet-Exposure-of-HTTP-and-HTTPS.jpg)\n\nWelcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thing or two about the nature of internet exposure, so we figured, why not break up all the protocol studies into their own reports?\n\nSo, here we are! What follows is taken directly from our National / Industry / Cloud Exposure Report (NICER), so if you don't want to wait around for the next installment, you can cheat and read ahead!\n\n#### [Research] Read the full NICER report today\n\n[Get Started](<https://www.rapid7.com/info/nicer-2020/>)\n\n \n\n\n## HTTP (TCP/80) & HTTPS (TCP/443)\n\n_One protocol to bring them all, and in the darkness, bind them._\n\n### TLDR\n\n * **WHAT IT IS: HTTP: **Pristine, plaintext Hypertext Transfer Protocol communications. **HTTPS: **Encrypted HTTP.\n * **HOW MANY: **51,519,309 discovered HTTP nodes. 36,141,137 discovered HTTPS nodes. We\u2019re going to be talking a bit differently about fingerprinting in this blog post, so raw, generic counts will have no context.\n * **VULNERABILITIES:** Hoo boy! Many! But, do you mean vulnerabilities in core web servers themselves? The add-ons folks build into them? The web applications they serve? As many users of Facebook might say, \u201cit\u2019s complicated.\u201d\n * **ADVICE: **Go back to Gopher! Seriously, though, please continue to build awesome things using HTTPS. Just build them in such a way that folks who install and operate web servers can easily configure them securely, see patch status, and upgrade quickly and confidently.\n * **ALTERNATIVES: **[QUIC](<https://tools.ietf.org/html/draft-tsvwg-quic-protocol-02>), or \u201cQuick UDP Internet Connection,\u201d which is a \u201cnew multiplexed and secure transport atop UDP, designed from the ground up and optimized for HTTP/2 semantics.\u201d While HTTP[S] will be with us for a Very Long Time, QUIC is its successor and will usher in whole new ways to deliver content securely and efficiently (and undoubtedly, exploit the same).\n\nWe\u2019re going to talk about both HTTP and HTTPS combined (for the most part) as we identify what we found, some core areas of exposure, and opportunities for attackers. It\u2019ll be a bit different than all the previous blogs, but that\u2019s just part of the quirky nature of HTTP in general.\n\n### Discovery details\n\nWay back in our Email blogs, we compared encrypted and unencrypted services. We\u2019ll do the same here, but will be presenting a \u201ctop 12\u201d for countries since that is the set combination between HTTP and HTTPS.\n\nThere are 30% more devices on the internet running plaintext HTTP versus encrypted HTTPS web services. The U.S. dwarfs all other countries in terms of discovered web service, very likely due to the presence of so many cloud services, hosting providers, and routers, switches, etc. in IPv4 space allocated to the U.S.\n\nGermany and Ireland each expose 9% more HTTPS nodes than HTTP, and both the Netherlands and U.K. are quickly closing their encryption disparity as well.\n\nWe\u2019ll skip cloud counts since, well, everyone knows cloud servers are full of web servers and we\u2019re not sure what good it will do letting you know that Amazon had ~640K Elastic Load Balancers (version 2.0!) running on the day our studies kicked off. \n\n![NICER Protocol Deep Dive: Internet Exposure of HTTP and HTTPS](https://lh4.googleusercontent.com/CX1kwLLXXfVXEnnTQ_2_5jbOfIFw-9FUUj39Ht1LvtThPsCzx6cUU2Skcx_HjU76sbmzwWtK-u2bIOVKYJyMs1rzAWuhy_zoe3tApjhLcpqT1bPgrGo9b0i34GRhix2wZkGfve26)\n\n## Exposure information\n\nTo understand exposure, we need to see what is running on these web servers. That\u2019s not as easy as you might think with just lightweight scans. For example, here are the top 20 HTTP servers by vendor/family and port:\n\nVendor | Family | HTTPS (80) | % of HTTP | | HTTPS (443) | % of HTTPS \n---|---|---|---|---|---|--- \nMicrosoft | IIS | 5,273,393 | 10.24% | | 2,096,655 | 5.80% \nApache | Apache | 4,873,517 | 9.46% | | 2,595,714 | 7.18% \nnginx | nginx | 3,938,031 | 7.64% | | 2,495,667 | 6.91% \nAmazon | Elastic Load Balancing | 644,862 | 1.25% | | 386,751 | 1.07% \nSquid Cache | Squid | 381,224 | 0.74% | | 8,649 | 0.02% \nACME Laboratories | mini_httpd | 125,708 | 0.24% | | 82,427 | 0.23% \nOracle | GoAhead Webserver | 48,505 | 0.09% | | 40,501 | 0.11% \nApache | Tomcat | 40,702 | 0.08% | | 32,271 | 0.09% \nTaobao | Tengine | 37,626 | 0.07% | | 14,130 | 0.04% \nEclipse | Jetty | 29,750 | 0.06% | | 50,763 | 0.14% \nMbedthis Software | Appweb | 23,463 | 0.05% | | 19,470 | 0.05% \nVirata | EmWeb | 22,354 | 0.04% | | 7,179 | 0.02% \nEmbedthis | Appweb | 17,235 | 0.03% | | 32,629 | 0.09% \nMicrosoft | Windows CE Web Server | 14,012 | 0.03% | | 1,027 | 0.00% \nTornadoWeb | Tornado | 13,637 | 0.03% | | 10,151 | 0.03% \nTridium | Niagara | 9,772 | 0.02% | | 564 | 0.00% \nTwistedMatrix | Twisted Web | 7,481 | 0.01% | | 4,984 | 0.01% \nCaucho | Resin | 5,168 | 0.01% | | 1,812 | 0.01% \nMort Bay | Jetty | 5,079 | 0.01% | | 2,033 | 0.01% \nSolarWinds | Serv-U | 3,232 | 0.01% | | 6,421 | 0.02% \n \nRemember, we\u2019re just counting what comes back on a `GET` request to those two ports on each active IP address, and the counts come from Recog signatures (which are great, but far from comprehensive). For some servers, we can get down to the discrete version level, which lets us build a [Common Platform Enumeration](<https://nvd.nist.gov/products/cpe>) identifier. That identifier lets us see how many CVEs a given instance type has associated with it. We used this capability to compare each version of each service family against the number of CVEs it has. While we do not have complete coverage across the above list, we do have some of the heavy(ier) hitters:\n\n![NICER Protocol Deep Dive: Internet Exposure of HTTP and HTTPS](https://lh5.googleusercontent.com/Z02ByL4zxpzZSh3kcR3zWgsNu94j6_UgZP_V2J7_x4whCHiZkQoNjVOuCYfwicE6Syt360pAuAloOY3t18ZUHxBeShp8CYOFi7AdGNiltvjvTmzmZ8wWD_6VC0mrJeZU0IU8mXb4)\n\nWe limited the view to a service family having at least having 10 or more systems exposed and used color to encode the CVSS v2 scores. \n\nThe most prevalent CVE-enumerated vulnerabilities are listed in the table below. While it's technically possible that these CVEs have been mitigated through some other software control, patching them out entirely is really the best and easiest way to avoid uncomfortable conversations with your vulnerability manager.\n\nAnd, the top 30 most prevalent are:\n\nCVE | Number \n---|--- \nCVE-2017-8361 | 336 \nCVE-2013-2275 | 202 \nCVE-2012-1452 | 186 \nCVE-2016-1000107 | 184 \nCVE-2016-6440 | 184 \nCVE-2012-0038 | 168 \nCVE-2012-1835 | 165 \nCVE-2016-8827 | 165 \nCVE-2011-3868 | 164 \nCVE-2011-0607 | 160 \nCVE-2007-6740 | 154 \nCVE-2013-4564 | 150 \nCVE-2016-0948 | 149 \nCVE-2016-0956 | 149 \nCVE-2009-2047 | 146 \nCVE-2015-5670 | 145 \nCVE-2017-8577 | 143 \nCVE-2014-0134 | 135 \nCVE-2015-5355 | 135 \nCVE-2012-5932 | 127 \nCVE-2014-8089 | 120 \nCVE-2015-5685 | 118 \nCVE-2016-1000109 | 118 \nCVE-2015-5672 | 114 \nCVE-2016-5596 | 112 \nCVE-2016-5600 | 112 \nCVE-2016-4261 | 111 \nCVE-2016-4263 | 111 \nCVE-2016-4264 | 111 \nCVE-2016-4268 | 111 \n \nWhile we expect to see traditional web servers, there are other devices connected to the internet that expose web services or administrative interfaces (which we\u2019ve partially enumerated below):\n\nVendor | Device | HTTP (80) | HTTPS (443) \n---|---|---|--- \nCisco | Firewall | 123 | 986,766 \nAVM | WAP | 1,942 | 604,890 \nAsus | WAP | 1 | 177,936 \nSynology | NAS | 61,796 | 50,531 \nCheck Point | Firewall | 16,059 | 30,773 \nSonicWALL | VPN | 7,413 | 16,061 \nUbiquiti | WAP | 0 | 11,813 \nHP | Printer | 16,247 | 9,178 \nMikroTik | Router | 289,026 | 8,056 \nTivo | DVR | 6,400 | 6,779 \nPhilips | Light Bulb | 4,785 | 3,349 \nPolycom | VoIP | 369 | 3,079 \nUbiquiti | Web cam | 955 | 922 \nHP | Lights Out Management | 601 | 708 \nARRIS | Cable Modem | 350 | 217 \nFortinet | Firewall | 1,221 | 159 \nXerox | Printer | 1,575 | 29 \nCanon | Multifunction Device | 124 | 14 \nNetwave | Web cam | 6,420 | 7 \nHeiTel | DVR | 2,734 | 2 \nSamsung | DVR | 53,053 | 2 \nMerit LILIN | DVR | 2,565 | 1 \nFidelix | Industrial Control | 545 | 0 \nFUHO | DVR | 1,249 | 0 \nShenzhen Reecam Tech. Ltd. | Web cam | 1,902 | 0 \nUbiquiti | DVR | 675 | 0 \nYamaha | Router | 9,675 | 0 \n \nFor instance, we found nearly a million Cisco ASA firewalls. That fact is not necessarily \u201cbad,\u201d since they can be configured to provide remote access services (like VPN). Having 123 instances on port 80 is, however, not the best idea.\n\nUnlike Cisco, most MikroTik routers seem to be exposed sans encryption, and over 75% of them are exposing the device\u2019s admin interface. What could possibly go wrong?\n\nUpward of 50,000 Synology network-attached storage devices show up as well, and the File Sharing blog posts talked at length about the sorry state of exposure in these types of devices. They\u2019re on the internet to enable owners to play local media remotely and access other files remotely.\n\nThere are printers, and light bulbs; DVRs and home router admin interfaces; oh, and a [few thousand entire building control systems](<https://www.fidelix.com/building-automation/>).In short, you can find pretty much anything with a web interface hanging out on the internet.\n\n### Attacker\u2019s view\n\nThere are so many layers in modern HTTP[S] services that attackers likely are often paralyzed by not knowing which ones to go after first. Attacking HTTP services on embedded systems is generally one of the safest paths to take, since they\u2019re generally not monitored by the owner nor the network operator and can be used with almost guaranteed anonymity.\n\nFormal web services\u2014think Apache Struts, WebLogic, and the like\u2014are also desirable targets, since they\u2019re usually associated with enterprise deployments and, thus, have more potential for financial gain or access to confidential records. HTTP interfaces to firewalls and remote access systems (as we saw back in the Remote Access blog posts) have been a major focus for many attacker groups for the past 18\u201324 months since once compromised, they can drop an adversary right into the heart of the internal network where they can (usually) quickly establish a foothold and secondary access method.\n\n![NICER Protocol Deep Dive: Internet Exposure of HTTP and HTTPS](https://lh4.googleusercontent.com/aNswhMHDhXe-Rnyrg2jgns4bvG97Eyc2PheXb913L_fDrgGiqJXsx0d-isAEmt00xDJDPk3Bcya7gkeCPVt__9pcWiJZJZudXXCnHRVkuR-u7Qz0fNnAlWZVqhIL19S-KJ0djpPp)![NICER Protocol Deep Dive: Internet Exposure of HTTP and HTTPS](https://lh5.googleusercontent.com/940ird0uCORglxEvizlNvzhGCPt2cK76iWLYXHA03VwcaBJRJ6LzmGRwojLnTjp18-x1NSLOUGm88NGKh-UihH1gr_pJUitx0rL1kJ8T9butQFqbE7sqvSNoW-N4WO0Mqx4NeTHZ)\n\nYou\u2019re also more likely to see (at least for now) more initial probes on HTTP (80), as noted by both the unique source IPv4 and total interaction views (above). It\u2019s hard to say \u201cwatch 80 closely, and especially 80\u2192443 moves by clients,\u201d since most services are still offered on both ports and good sites are configured to automatically redirect clients to HTTPS. Still, if you see clients focus more on 80, you may want to flag those for potential further investigation. And, definitely be more careful with your systems that only talk HTTP (80).\n\n## Our advice\n\n**IT and IT security teams** should build awesome platforms and services and put them on the internet over HTTPS! Innovation drives change and progress\u2014plus, the internet has likely done more good than harm since the first HTTP request was made. Do keep all this patched and ensure secure configuration and coding practices are part of the development and deployment lifecycles. Do not put administrative interfaces to anything on the internet if at all possible and ensure you know what services your network devices and \u201cInternet of Things\u201d devices are exposing. Finally, disable `Server:` banners on everything and examine other HTTP headers for what else they might leak and sanitize what you can. Attackers on the lookout for, say, nginx will often move on if they see Apache in the Server header. You\u2019d be surprised just how effective this one change can be.\n\n**Cloud providers **should continue to offer secure, scalable web technologies. At the same time, if pre-built disk images with common application stacks are offered, keep them patched and ensure you have the ability to inform users when things go out-of-date.\n\n**Government cybersecurity agencies** should keep reminding us not to put digital detritus with embedded web servers on the internet and monitor for campaigns that are targeting these invisible services. When there are major issues with core technologies such as Microsoft IIS, Apache HTTP, or nginx, processes should be in place to notify the public and work with ISPs, hosting, and cloud providers to try to contain any possible widespread damage. There should be active programs in place to ensure no critical telecommunications infrastructure has dangerous ports or services exposed, especially router administrative interfaces over HTTP/HTTPS.\n\n#### [Research] Read the full NICER report today\n\n[Get Started](<https://www.rapid7.com/info/nicer-2020/>)", "cvss3": {}, "published": "2021-01-29T14:20:22", "type": "rapid7blog", "title": "NICER Protocol Deep Dive: Internet Exposure of HTTP and HTTPS", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2007-6740", "CVE-2009-2047", "CVE-2011-0607", "CVE-2011-3868", "CVE-2012-0038", "CVE-2012-1452", "CVE-2012-1835", "CVE-2012-5932", "CVE-2013-2275", "CVE-2013-4564", "CVE-2014-0134", "CVE-2014-8089", "CVE-2015-5355", "CVE-2015-5670", "CVE-2015-5672", "CVE-2015-5685", "CVE-2016-0948", "CVE-2016-0956", "CVE-2016-1000107", "CVE-2016-1000109", "CVE-2016-4261", "CVE-2016-4263", "CVE-2016-4264", "CVE-2016-4268", "CVE-2016-5596", "CVE-2016-5600", "CVE-2016-6440", "CVE-2016-8827", "CVE-2017-8361", "CVE-2017-8577"], "modified": "2021-01-29T14:20:22", "id": "RAPID7BLOG:47F2249FC4903D395D79675E2BE38D91", "href": "https://blog.rapid7.com/2021/01/29/nicer-protocol-deep-dive-internet-exposure-of-http-and-https/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}