Sign-up

ID

VAR-201605-0094


CVE

CVE-2016-4106


TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2016-002691

DESCRIPTION

Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows local users to gain privileges via a Trojan horse resource in an unspecified directory, a different vulnerability than CVE-2016-1087 and CVE-2016-1090. This vulnerability CVE-2016-1087 and CVE-2016-1090 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlA local user may be able to obtain permissions through Trojan horse resources in unspecified directories. Adobe Reader and Acrobat are prone to multiple remote code-execution vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products

Trust: 1.98

sources: NVD: CVE-2016-4106 // JVNDB: JVNDB-2016-002691 // BID: 90513 // VULHUB: VHN-92925

AFFECTED PRODUCTS

vendor:adobemodel:acrobat dcscope:lteversion:15.006.30121

Trust: 1.0

vendor:adobemodel:acrobat dcscope:lteversion:15.010.20060

Trust: 1.0

vendor:adobemodel:acrobat reader dcscope:lteversion:15.006.30121

Trust: 1.0

vendor:adobemodel:readerscope:lteversion:11.0.15

Trust: 1.0

vendor:adobemodel:acrobat reader dcscope:lteversion:15.010.20060

Trust: 1.0

vendor:adobemodel:acrobatscope:lteversion:11.0.15

Trust: 1.0

vendor:adobemodel:acrobatscope:ltversion:xi desktop 11.0.16 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:acrobat dcscope:ltversion:classic 15.006.30172 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:acrobat dcscope:ltversion:continuous track 15.016.20039 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:acrobat reader dcscope:ltversion:classic 15.006.30172 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:acrobat reader dcscope:ltversion:continuous track 15.016.20039 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:readerscope:ltversion:xi desktop 11.0.16 (windows/macintosh)

Trust: 0.8

vendor:microsoftmodel:windowsscope: - version: -

Trust: 0.6

sources: JVNDB: JVNDB-2016-002691 // CNNVD: CNNVD-201605-326 // NVD: CVE-2016-4106

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4106
value: HIGH

Trust: 1.0

NVD: CVE-2016-4106
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201605-326
value: HIGH

Trust: 0.6

VULHUB: VHN-92925
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-4106
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-92925
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4106
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-92925 // JVNDB: JVNDB-2016-002691 // CNNVD: CNNVD-201605-326 // NVD: CVE-2016-4106

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2016-002691 // NVD: CVE-2016-4106

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201605-326

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201605-326

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002691

PATCH
title:APSB16-14url:https://helpx.adobe.com/security/products/acrobat/apsb16-14.html
Trust: 0.8
title:APSB16-14url:https://helpx.adobe.com/jp/security/products/reader/apsb16-14.html
Trust: 0.8
title:アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせurl:http://www.fmworld.net/biz/common/adobe/20160512.html
Trust: 0.8
title:Multiple Adobe Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61644
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-002691 // 
            
            
            
            CNNVD: CNNVD-201605-326

EXTERNAL IDS
db:NVDid:CVE-2016-4106
Trust: 2.8
db:BIDid:90513
Trust: 1.4
db:SECTRACKid:1035828
Trust: 1.1
db:JVNDBid:JVNDB-2016-002691
Trust: 0.8
db:AUSCERTid:ESB-2016.1146
Trust: 0.6
db:CNNVDid:CNNVD-201605-326
Trust: 0.6
db:VULHUBid:VHN-92925
Trust: 0.1
sources:
            
            
            VULHUB: VHN-92925 // 
            
            
            
            BID: 90513 // 
            
            
            
            JVNDB: JVNDB-2016-002691 // 
            
            
            
            CNNVD: CNNVD-201605-326 // 
            
            
            
            NVD: CVE-2016-4106

REFERENCES
url:https://helpx.adobe.com/security/products/acrobat/apsb16-14.html
Trust: 1.7
url:http://www.securityfocus.com/bid/90513
Trust: 1.1
url:http://www.securitytracker.com/id/1035828
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4106
Trust: 0.8
url:https://www.ipa.go.jp/security/ciadr/vul/20160511-adobereader.html
Trust: 0.8
url:https://www.jpcert.or.jp/at/2016/at160023.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4106
Trust: 0.8
url:http://www.npa.go.jp/cyberpolice/topics/?seq=18377
Trust: 0.8
url:https://www.auscert.org.au/render.html?it=34330
Trust: 0.6
url:http://www.adobe.com
Trust: 0.3
url:http://get.adobe.com/reader/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-92925 // 
            
            
            
            BID: 90513 // 
            
            
            
            JVNDB: JVNDB-2016-002691 // 
            
            
            
            CNNVD: CNNVD-201605-326 // 
            
            
            
            NVD: CVE-2016-4106

CREDITS
Ke Liu of Tencent's Xuanwu LAB
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201605-326

SOURCES
db:VULHUBid:VHN-92925
db:BIDid:90513
db:JVNDBid:JVNDB-2016-002691
db:CNNVDid:CNNVD-201605-326
db:NVDid:CVE-2016-4106

LAST UPDATE DATE
2025-04-13T23:02:58.393000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-92925date:2016-12-02T00:00:00
db:BIDid:90513date:2016-05-10T00:00:00
db:JVNDBid:JVNDB-2016-002691date:2016-05-17T00:00:00
db:CNNVDid:CNNVD-201605-326date:2016-05-11T00:00:00
db:NVDid:CVE-2016-4106date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-92925date:2016-05-11T00:00:00
db:BIDid:90513date:2016-05-10T00:00:00
db:JVNDBid:JVNDB-2016-002691date:2016-05-17T00:00:00
db:CNNVDid:CNNVD-201605-326date:2016-05-11T00:00:00
db:NVDid:CVE-2016-4106date:2016-05-11T11:00:59.387