Lucene search

K
kasperskyKaspersky LabKLA10628
HistoryJul 14, 2015 - 12:00 a.m.

KLA10628 Multiple vulnerabilities in Adobe Acrobat

2015-07-1400:00:00
Kaspersky Lab
threats.kaspersky.com
57

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

9

Confidence

High

EPSS

0.09

Percentile

94.6%

Multiple serious vulnerabilities have been found in Adobe Acrobat. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges, execute arbitrary code or obtain sensitive information.

Below is a complete list of vulnerabilities

  1. Buffer, stack and integer overflows, memory corruption and use-after-free vulnerabilities can be exploited remotely via an unknown vectors;
  2. Lack of validation and Java API restrictions restrictions can be exploited remotely via an unknown vectors;
  3. null-pointer dereference can be exploited remotely via an unknown vectors;

Original advisories

Adobe advisory

Related products

Adobe-Reader-X

Adobe-Acrobat-X

Adobe-Reader-XI

Adobe-Acrobat-XI

Adobe-Acrobat-Reader-DC-Continuous

Adobe-Acrobat-Reader-DC-Classic

Adobe-Acrobat-DC-Continuous

Adobe-Acrobat-DC-Classic

CVE list

CVE-2014-8450 critical

CVE-2015-4443 critical

CVE-2015-4444 critical

CVE-2015-4438 critical

CVE-2015-5089 critical

CVE-2015-4441 high

CVE-2015-4445 critical

CVE-2015-4446 critical

CVE-2015-5097 critical

CVE-2015-5098 critical

CVE-2015-5109 high

CVE-2015-5110 high

CVE-2015-3095 critical

CVE-2015-4435 critical

CVE-2015-5095 critical

CVE-2015-5096 critical

CVE-2014-0566 critical

CVE-2015-5090 high

CVE-2015-5091 critical

CVE-2015-5092 critical

CVE-2015-5114 critical

CVE-2015-4452 critical

CVE-2015-4451 critical

CVE-2015-5086 high

CVE-2015-5085 high

CVE-2015-4448 critical

CVE-2015-4447 critical

CVE-2015-4450 critical

CVE-2015-4449 critical

CVE-2015-5111 high

CVE-2015-5088 critical

CVE-2015-5087 critical

CVE-2015-5113 high

CVE-2015-5115 critical

CVE-2015-5108 critical

CVE-2015-5107 warning

CVE-2015-5106 high

CVE-2015-5105 critical

CVE-2015-5104 critical

CVE-2015-5103 critical

CVE-2015-5102 critical

CVE-2015-5101 critical

CVE-2015-5100 critical

CVE-2015-5099 critical

CVE-2015-5093 critical

CVE-2015-5094 critical

Solution

Update to the latest version

Get Reader

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Acrobat Reader X versions earlier than 10.1.15Acrobat XI versions earlier than 11.0.12Acrobat X versions earlier than 10.1.15Acrobat Reader XI versions earlier than 11.0.12Acrobat DC versions earlier than 2015.008.20082Acrobat Reader DC versions earlier than 2015.008.20082

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

9

Confidence

High

EPSS

0.09

Percentile

94.6%