Kaspersky LabKLA10628KLA10628 Multiple vulnerabilities in Adobe Acrobat
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9 High
AI Score
Confidence
High
0.09 Low
EPSS
Percentile
94.6%
Multiple serious vulnerabilities have been found in Adobe Acrobat. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges, execute arbitrary code or obtain sensitive information.
Below is a complete list of vulnerabilities
- Buffer, stack and integer overflows, memory corruption and use-after-free vulnerabilities can be exploited remotely via an unknown vectors;
- Lack of validation and Java API restrictions restrictions can be exploited remotely via an unknown vectors;
- null-pointer dereference can be exploited remotely via an unknown vectors;
Original advisories
Related products
Adobe-Acrobat-Reader-DC-Continuous
Adobe-Acrobat-Reader-DC-Classic
CVE list
CVE-2014-8450 critical
CVE-2015-4443 critical
CVE-2015-4444 critical
CVE-2015-4438 critical
CVE-2015-5089 critical
CVE-2015-4441 high
CVE-2015-4445 critical
CVE-2015-4446 critical
CVE-2015-5097 critical
CVE-2015-5098 critical
CVE-2015-5109 high
CVE-2015-5110 high
CVE-2015-3095 critical
CVE-2015-4435 critical
CVE-2015-5095 critical
CVE-2015-5096 critical
CVE-2014-0566 critical
CVE-2015-5090 high
CVE-2015-5091 critical
CVE-2015-5092 critical
CVE-2015-5114 critical
CVE-2015-4452 critical
CVE-2015-4451 critical
CVE-2015-5086 high
CVE-2015-5085 high
CVE-2015-4448 critical
CVE-2015-4447 critical
CVE-2015-4450 critical
CVE-2015-4449 critical
CVE-2015-5111 high
CVE-2015-5088 critical
CVE-2015-5087 critical
CVE-2015-5113 high
CVE-2015-5115 critical
CVE-2015-5108 critical
CVE-2015-5107 warning
CVE-2015-5106 high
CVE-2015-5105 critical
CVE-2015-5104 critical
CVE-2015-5103 critical
CVE-2015-5102 critical
CVE-2015-5101 critical
CVE-2015-5100 critical
CVE-2015-5099 critical
CVE-2015-5093 critical
CVE-2015-5094 critical
Solution
Update to the latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
- PE
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Affected Products
- Acrobat Reader X versions earlier than 10.1.15Acrobat XI versions earlier than 11.0.12Acrobat X versions earlier than 10.1.15Acrobat Reader XI versions earlier than 11.0.12Acrobat DC versions earlier than 2015.008.20082Acrobat Reader DC versions earlier than 2015.008.20082
References
helpx.adobe.com/security/products/reader/apsb15-15.html
statistics.securelist.com/
threats.kaspersky.com/en/product/Adobe-Acrobat-DC-Classic/
threats.kaspersky.com/en/product/Adobe-Acrobat-DC-Continuous/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Classic/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Continuous/
threats.kaspersky.com/en/product/Adobe-Acrobat-X/
threats.kaspersky.com/en/product/Adobe-Acrobat-XI/
threats.kaspersky.com/en/product/Adobe-Reader-X/
threats.kaspersky.com/en/product/Adobe-Reader-XI/
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9 High
AI Score
Confidence
High
0.09 Low
EPSS
Percentile
94.6%