Kaspersky LabKLA10838KLA10838 Multiple vulnerabilities in Adobe Acrobat & Reader
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.036 Low
EPSS
Percentile
91.5%
Detect date:
07/12/2016
Severity:
Critical
Description:
Multiple serious vulnerabilities have been found in Adobe products. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions or cause a denial of service.
Affected products:
Adobe Acrobat DC Continuous versions earlier than 15.017.20050
Adobe Acrobat Reader DC Continuous versions earlier than 15.017.20050
Adobe Acrobat DC Classic versions earlier than 15.006.30198
Adobe Acrobat Reader DC Classic versions earlier than 15.006.30198
Adobe Acrobat XI versions earlier than 11.0.17
Adobe Reader XI versions earlier than 11.0.17
Solution:
Update to the latest version
Get Adobe Reader
Original advisories:
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2016-42556.8High
CVE-2016-42026.8High
CVE-2016-41956.8High
CVE-2016-41966.8High
CVE-2016-41976.8High
CVE-2016-41986.8High
CVE-2016-41996.8High
CVE-2016-42006.8High
Exploitation:
Public exploits exist for this vulnerability.
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4195
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4196
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4197
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4198
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4199
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4200
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4202
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4255
get.adobe.com/reader/
helpx.adobe.com/security/products/acrobat/apsb16-26.html
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Adobe-Acrobat-DC-Classic/
threats.kaspersky.com/en/product/Adobe-Acrobat-DC-Continuous/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Classic/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Continuous/
threats.kaspersky.com/en/product/Adobe-Acrobat-XI/
threats.kaspersky.com/en/product/Adobe-Reader-XI/
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.036 Low
EPSS
Percentile
91.5%