Kaspersky LabKLA10807KLA10807 Multiple vulnerabilities in Adobe Acrobat
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.2 High
AI Score
Confidence
High
0.67 Medium
EPSS
Percentile
98.0%
Multiple serious vulnerabilities have been found in Adobe Acrobat. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions or obtain sensitive information.
Below is a complete list of vulnerabilities
- Multiple use-after-free, heap buffer overflow, integer overflow and memory corruption vulnerabilities can be exploited to execute arbitrary code;
- Memory leak vulnerability can be potentially exploited to cause denial of service;
- An unknown vulnerability can be exploited remotely to obtain sensitive information;
- An unknown vulnerabilities can be exploited to bypass Javascript API restrictions;
- An insecure search path while updates resolve can be exploited to execute arbitrary code;
- Memory corruption vulnerability can be exploited remotely to cause denial of service.
Original advisories
Exploitation
Public exploits exist for this vulnerability.
Related products
Adobe-Acrobat-Reader-DC-Continuous
Adobe-Acrobat-Reader-DC-Classic
CVE list
CVE-2016-1037 critical
CVE-2016-1038 critical
CVE-2016-1039 critical
CVE-2016-1040 critical
CVE-2016-1041 critical
CVE-2016-1042 critical
CVE-2016-1043 critical
CVE-2016-1044 critical
CVE-2016-1045 critical
CVE-2016-1046 critical
CVE-2016-1047 critical
CVE-2016-1048 critical
CVE-2016-1049 critical
CVE-2016-1050 critical
CVE-2016-1051 critical
CVE-2016-1052 critical
CVE-2016-1053 critical
CVE-2016-1054 critical
CVE-2016-1055 critical
CVE-2016-1056 critical
CVE-2016-1057 critical
CVE-2016-1058 critical
CVE-2016-1059 critical
CVE-2016-1060 critical
CVE-2016-1061 critical
CVE-2016-1062 critical
CVE-2016-1063 critical
CVE-2016-1064 critical
CVE-2016-1065 critical
CVE-2016-1066 critical
CVE-2016-1067 critical
CVE-2016-1068 critical
CVE-2016-1069 critical
CVE-2016-1070 critical
CVE-2016-1071 critical
CVE-2016-1072 critical
CVE-2016-1073 critical
CVE-2016-1074 critical
CVE-2016-1075 critical
CVE-2016-1076 critical
CVE-2016-1077 critical
CVE-2016-1078 critical
CVE-2016-1079 warning
CVE-2016-1080 critical
CVE-2016-1081 critical
CVE-2016-1082 critical
CVE-2016-1083 critical
CVE-2016-1084 critical
CVE-2016-1085 critical
CVE-2016-1086 critical
CVE-2016-1087 high
CVE-2016-1088 critical
CVE-2016-1090 high
CVE-2016-1092 warning
CVE-2016-1093 critical
CVE-2016-1094 critical
CVE-2016-1095 critical
CVE-2016-1112 critical
CVE-2016-1116 critical
CVE-2016-1117 critical
CVE-2016-1118 critical
CVE-2016-1119 critical
CVE-2016-1120 critical
CVE-2016-1121 critical
CVE-2016-1122 critical
CVE-2016-1123 critical
CVE-2016-1124 critical
CVE-2016-1125 critical
CVE-2016-1126 critical
CVE-2016-1127 critical
CVE-2016-1128 critical
CVE-2016-1129 critical
CVE-2016-1130 critical
CVE-2016-4088 critical
CVE-2016-4089 critical
CVE-2016-4090 critical
CVE-2016-4091 critical
CVE-2016-4092 critical
CVE-2016-4093 critical
CVE-2016-4094 critical
CVE-2016-4096 critical
CVE-2016-4097 critical
CVE-2016-4098 critical
CVE-2016-4099 critical
CVE-2016-4100 critical
CVE-2016-4101 critical
CVE-2016-4102 critical
CVE-2016-4103 critical
CVE-2016-4104 critical
CVE-2016-4105 critical
CVE-2016-4106 high
CVE-2016-4107 critical
CVE-2016-4119 critical
Solution
Update to the latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Affected Products
- Adobe Acrobat Reader DC Continuous versions earlier than 15.016.20039Adobe Acrobat XI versions earlier than 11.0.16Adobe Acrobat Reader XI versions earlier than 11.0.16Adobe Acrobat DC Classic versions earlier than 15.006.30172Adobe Acrobat Reader DC Classic versions earlier than 15.006.30172Adobe Acrobat DC Continuous versions earlier than 15.016.20039
References
helpx.adobe.com/security/products/acrobat/apsb16-14.html
statistics.securelist.com/
threats.kaspersky.com/en/product/Adobe-Acrobat-DC-Classic/
threats.kaspersky.com/en/product/Adobe-Acrobat-DC-Continuous/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Classic/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Continuous/
threats.kaspersky.com/en/product/Adobe-Reader-XI/
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.2 High
AI Score
Confidence
High
0.67 Medium
EPSS
Percentile
98.0%