Sign-up

ID

VAR-201608-0065


CVE

CVE-2016-4119


TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2016-004463

DESCRIPTION

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105. This vulnerability CVE-2016-1037 , CVE-2016-1063 , CVE-2016-1064 , CVE-2016-1071 , CVE-2016-1072 , CVE-2016-1073 , CVE-2016-1074 , CVE-2016-1076 , CVE-2016-1077 , CVE-2016-1078 , CVE-2016-1080 , CVE-2016-1081 , CVE-2016-1082 , CVE-2016-1083 , CVE-2016-1084 , CVE-2016-1085 , CVE-2016-1086 , CVE-2016-1088 , CVE-2016-1093 , CVE-2016-1095 , CVE-2016-1116 , CVE-2016-1118 , CVE-2016-1119 , CVE-2016-1120 , CVE-2016-1123 , CVE-2016-1124 , CVE-2016-1125 , CVE-2016-1126 , CVE-2016-1127 , CVE-2016-1128 , CVE-2016-1129 , CVE-2016-1130 , CVE-2016-4088 , CVE-2016-4089 , CVE-2016-4090 , CVE-2016-4093 , CVE-2016-4094 , CVE-2016-4096 , CVE-2016-4097 , CVE-2016-4098 , CVE-2016-4099 , CVE-2016-4100 , CVE-2016-4101 , CVE-2016-4103 , CVE-2016-4104 ,and CVE-2016-4105 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Limited information is currently available regarding this issue. We will update this BID as more information emerges. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products

Trust: 1.98

sources: NVD: CVE-2016-4119 // JVNDB: JVNDB-2016-004463 // BID: 90800 // VULHUB: VHN-92938

AFFECTED PRODUCTS

vendor:adobemodel:acrobat dcscope:lteversion:15.006.30174

Trust: 1.0

vendor:adobemodel:acrobat dcscope:lteversion:15.016.20045

Trust: 1.0

vendor:adobemodel:acrobat reader dcscope:lteversion:15.016.20045

Trust: 1.0

vendor:adobemodel:acrobat reader dcscope:lteversion:15.006.30174

Trust: 1.0

vendor:adobemodel:acrobatscope:lteversion:11.0.16

Trust: 1.0

vendor:adobemodel:readerscope:lteversion:11.0.16

Trust: 1.0

vendor:adobemodel:acrobatscope:ltversion:xi desktop 11.0.16 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:acrobat dcscope:ltversion:classic 15.006.30172 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:acrobat dcscope:ltversion:continuous track 15.016.20039 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:acrobat reader dcscope:ltversion:classic 15.006.30172 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:acrobat reader dcscope:ltversion:continuous track 15.016.20039 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:readerscope:ltversion:xi desktop 11.0.16 (windows/macintosh)

Trust: 0.8

vendor:applemodel:mac os xscope: - version: -

Trust: 0.6

sources: JVNDB: JVNDB-2016-004463 // CNNVD: CNNVD-201607-472 // NVD: CVE-2016-4119

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4119
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-4119
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201607-472
value: CRITICAL

Trust: 0.6

VULHUB: VHN-92938
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-4119
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-92938
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4119
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-92938 // JVNDB: JVNDB-2016-004463 // CNNVD: CNNVD-201607-472 // NVD: CVE-2016-4119

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-92938 // JVNDB: JVNDB-2016-004463 // NVD: CVE-2016-4119

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-472

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201607-472

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004463

PATCH
title:APSB16-14url:https://helpx.adobe.com/security/products/acrobat/apsb16-14.html
Trust: 0.8
title:APSB16-14url:https://helpx.adobe.com/jp/security/products/reader/apsb16-14.html
Trust: 0.8
title:アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせurl:http://www.fmworld.net/biz/common/adobe/20160512.html
Trust: 0.8
title:Adobe Reader  and Acrobat Repair measures for memory corruption vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62989
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-004463 // 
            
            
            
            CNNVD: CNNVD-201607-472

EXTERNAL IDS
db:NVDid:CVE-2016-4119
Trust: 2.8
db:BIDid:90800
Trust: 0.9
db:JVNDBid:JVNDB-2016-004463
Trust: 0.8
db:CNNVDid:CNNVD-201607-472
Trust: 0.7
db:VULHUBid:VHN-92938
Trust: 0.1
sources:
            
            
            VULHUB: VHN-92938 // 
            
            
            
            BID: 90800 // 
            
            
            
            JVNDB: JVNDB-2016-004463 // 
            
            
            
            CNNVD: CNNVD-201607-472 // 
            
            
            
            NVD: CVE-2016-4119

REFERENCES
url:https://helpx.adobe.com/security/products/acrobat/apsb16-14.html
Trust: 1.7
url:https://blog.fortinet.com/2016/06/06/analysis-of-use-after-free-vulnerability-cve-2016-4119-in-adobe-acrobat-and-reader
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4119
Trust: 0.8
url:https://www.ipa.go.jp/security/ciadr/vul/20160511-adobereader.html
Trust: 0.8
url:https://www.jpcert.or.jp/at/2016/at160023.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4119
Trust: 0.8
url:http://www.npa.go.jp/cyberpolice/topics/?seq=18377
Trust: 0.8
url:http://www.securityfocus.com/bid/90800
Trust: 0.6
url:http://www.adobe.com
Trust: 0.3
url:http://get.adobe.com/reader/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-92938 // 
            
            
            
            BID: 90800 // 
            
            
            
            JVNDB: JVNDB-2016-004463 // 
            
            
            
            CNNVD: CNNVD-201607-472 // 
            
            
            
            NVD: CVE-2016-4119

CREDITS
Kushal Arvind Shah and Kai Lu of Fortinet's FortiGuard Labs.
Trust: 0.9
sources:
            
            
            BID: 90800 // 
            
            
            
            CNNVD: CNNVD-201607-472

SOURCES
db:VULHUBid:VHN-92938
db:BIDid:90800
db:JVNDBid:JVNDB-2016-004463
db:CNNVDid:CNNVD-201607-472
db:NVDid:CVE-2016-4119

LAST UPDATE DATE
2025-04-13T23:09:33.548000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-92938date:2017-04-05T00:00:00
db:BIDid:90800date:2016-07-06T14:46:00
db:JVNDBid:JVNDB-2016-004463date:2016-08-30T00:00:00
db:CNNVDid:CNNVD-201607-472date:2016-08-29T00:00:00
db:NVDid:CVE-2016-4119date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-92938date:2016-08-26T00:00:00
db:BIDid:90800date:2016-05-19T00:00:00
db:JVNDBid:JVNDB-2016-004463date:2016-08-30T00:00:00
db:CNNVDid:CNNVD-201607-472date:2016-05-19T00:00:00
db:NVDid:CVE-2016-4119date:2016-08-26T19:59:00.117