KLA10880 Multiple vulnerabilities in Adobe Acrobat Reader

Multiple serious vulnerabilities have been found in Adobe Acrobat and Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code or bypass security restrictions.

Below is a complete list of vulnerabilities

1. Use-after-free, buffer overflow, memory corruption and integer overflow vulnerabilities can be exploited remotely to execute arbitrary code;
2. An unknown vulnerability can be exploited remotely to bypass Javascript API restrictions;
3. An unknown vulnerability can be exploited to bypass security restrictions.

Original advisories

Adobe bulletin

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Adobe-Reader-XI

Adobe-Acrobat-Reader-DC-Continuous

Adobe-Acrobat-Reader-DC-Classic

Adobe-Acrobat-DC-Continuous

Adobe-Acrobat-DC-Classic

CVE list

CVE-2016-1089 critical

CVE-2016-1091 critical

CVE-2016-6939 critical

CVE-2016-6940 critical

CVE-2016-6941 critical

CVE-2016-6942 critical

CVE-2016-6943 critical

CVE-2016-6944 critical

CVE-2016-6945 critical

CVE-2016-6946 critical

CVE-2016-6947 critical

CVE-2016-6948 critical

CVE-2016-6949 critical

CVE-2016-6950 critical

CVE-2016-6951 critical

CVE-2016-6952 critical

CVE-2016-6953 critical

CVE-2016-6954 critical

CVE-2016-6955 critical

CVE-2016-6956 critical

CVE-2016-6957 critical

CVE-2016-6958 critical

CVE-2016-6959 critical

CVE-2016-6960 critical

CVE-2016-6961 critical

CVE-2016-6962 critical

CVE-2016-6963 critical

CVE-2016-6964 critical

CVE-2016-6965 critical

CVE-2016-6966 critical

CVE-2016-6967 critical

CVE-2016-6968 critical

CVE-2016-6969 critical

CVE-2016-6970 critical

CVE-2016-6971 critical

CVE-2016-6972 critical

CVE-2016-6973 critical

CVE-2016-6974 critical

CVE-2016-6975 critical

CVE-2016-6976 critical

CVE-2016-6977 critical

CVE-2016-6978 critical

CVE-2016-6979 critical

CVE-2016-6988 critical

CVE-2016-6993 critical

CVE-2016-6994 critical

CVE-2016-6995 critical

CVE-2016-6996 critical

CVE-2016-6997 critical

CVE-2016-6998 critical

CVE-2016-7019 critical

CVE-2016-7018 critical

CVE-2016-7017 critical

CVE-2016-7016 critical

CVE-2016-7015 critical

CVE-2016-7014 critical

CVE-2016-7013 critical

CVE-2016-7012 critical

CVE-2016-7011 critical

CVE-2016-7010 critical

CVE-2016-7009 critical

CVE-2016-7008 critical

CVE-2016-7007 critical

CVE-2016-7006 critical

CVE-2016-7005 critical

CVE-2016-7004 critical

CVE-2016-7003 critical

CVE-2016-7002 critical

CVE-2016-7001 critical

CVE-2016-7000 critical

CVE-2016-6999 critical

Solution

Update to the latest version

Get Reader

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

• Adobe Reader XI versions earlier than 11.0.18Adobe Acrobat DC Classic versions earlier than 15.006.30243Adobe Acrobat Reader DC Classic versions earlier than 15.006.30243Adobe Acrobat DC Continuous versions earlier than 15.020.20039Adobe Acrobat XI versions earlier than 11.0.18Adobe Acrobat Reader DC Continuous versions earlier than 15.020.20039