VARIoT IoT vulnerabilities database
| VAR-201510-0356 | CVE-2015-6685 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) by using the Format action for unspecified fields, a different vulnerability than CVE-2015-6686, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, and CVE-2015-7622. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The flaw exists within the handling of fields. A specially crafted PDF with specific fields with the Format action can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Adobe Acrobat and Reader are prone to multiple memory-corruption vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Classic and Continuous are two update mechanisms provided by Acrobat Reader DC Product Download Center. Security flaws exist in several Adobe products. 30060 and earlier, Acrobat XI Desktop 11.0.12 and earlier, Reader XI Desktop 11.0.12 and earlier, Acrobat X Desktop 10.1.15 and earlier, Reader X Desktop 10.1.15 and earlier
| VAR-201510-0352 | CVE-2015-6703 | Windows and Mac OS X Run on Adobe Reader and Acrobat of loadFlashMovie Vulnerability in function that can retrieve important information from process memory |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The loadFlashMovie function in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information from process memory via invalid arguments, a different vulnerability than CVE-2015-6697, CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, and CVE-2015-6704. This vulnerability CVE-2015-6697 , CVE-2015-6699 , CVE-2015-6700 , CVE-2015-6701 , CVE-2015-6702 ,and CVE-2015-6704 Is a different vulnerability.An attacker could retrieve important information from process memory via an invalid argument. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the loadFlashMovie function. The issue lies in excess values being returned in the error message when improper arguments are given. Adobe Acrobat and Reader are prone to multiple information-disclosure vulnerabilities.
An attacker can exploit these issues to gain access to sensitive information that may aid in further attacks. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A security vulnerability exists in the 'loadFlashMovie' function of several Adobe products. 30060 and earlier, Acrobat XI Desktop 11.0.12 and earlier, Reader XI Desktop 11.0.12 and earlier, Acrobat X Desktop 10.1.15 and earlier, Reader X Desktop 10.1.15 and earlier
| VAR-201510-0353 | CVE-2015-6704 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerability in implementing important information from process memory in the implementation of animation properties |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The animations property implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information from process memory via a function call, a different vulnerability than CVE-2015-6697, CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, and CVE-2015-6703. This vulnerability CVE-2015-6697 , CVE-2015-6699 , CVE-2015-6700 , CVE-2015-6701 , CVE-2015-6702 ,and CVE-2015-6703 Is a different vulnerability.An attacker could obtain important information from process memory via a function call. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the animations property. The issue lies in excess values being returned in the error message when the property is called as a function. Adobe Acrobat and Reader are prone to multiple information-disclosure vulnerabilities.
An attacker can exploit these issues to gain access to sensitive information that may aid in further attacks. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A security vulnerability exists in the implementation of the animations property of several Adobe products. 30060 and earlier, Acrobat XI Desktop 11.0.12 and earlier, Reader XI Desktop 11.0.12 and earlier, Acrobat X Desktop 10.1.15 and earlier, Reader X Desktop 10.1.15 and earlier
| VAR-201510-0349 | CVE-2015-6700 | Windows and Mac OS X Run on Adobe Reader and Acrobat of setBackground Vulnerability in function that can retrieve important information from process memory |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The setBackground function in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information from process memory via invalid arguments, a different vulnerability than CVE-2015-6697, CVE-2015-6699, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703, and CVE-2015-6704. This vulnerability CVE-2015-6697 , CVE-2015-6699 , CVE-2015-6701 , CVE-2015-6702 , CVE-2015-6703 ,and CVE-2015-6704 Is a different vulnerability.An attacker could retrieve important information from process memory via an invalid argument. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the setBackground function. The issue lies in excess values being returned in the error message when improper arguments are given. Adobe Acrobat and Reader are prone to multiple information-disclosure vulnerabilities.
An attacker can exploit these issues to gain access to sensitive information that may aid in further attacks. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A security vulnerability exists in the 'setBackground' function of several Adobe products. 30060 and earlier, Acrobat XI Desktop 11.0.12 and earlier, Reader XI Desktop 11.0.12 and earlier, Acrobat X Desktop 10.1.15 and earlier, Reader X Desktop 10.1.15 and earlier
| VAR-201510-0350 | CVE-2015-6701 | Windows and Mac OS X Run on Adobe Reader and Acrobat of ambientIlluminationColor Vulnerability in which important information is obtained from process memory in property implementation |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The ambientIlluminationColor property implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information from process memory via a function call, a different vulnerability than CVE-2015-6697, CVE-2015-6699, CVE-2015-6700, CVE-2015-6702, CVE-2015-6703, and CVE-2015-6704. This vulnerability CVE-2015-6697 , CVE-2015-6699 , CVE-2015-6700 , CVE-2015-6702 , CVE-2015-6703 ,and CVE-2015-6704 Is a different vulnerability.An attacker could obtain important information from process memory via a function call. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the ambientIlluminationColor property. The issue lies in excess values being returned in the error message when the property is called as a function. Adobe Acrobat and Reader are prone to multiple information-disclosure vulnerabilities.
An attacker can exploit these issues to gain access to sensitive information that may aid in further attacks. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A security vulnerability exists in the implementation of the ambientIlluminationColor property of several Adobe products. 30060 and earlier, Acrobat XI Desktop 11.0.12 and earlier, Reader XI Desktop 11.0.12 and earlier, Acrobat X Desktop 10.1.15 and earlier, Reader X Desktop 10.1.15 and earlier
| VAR-201510-0351 | CVE-2015-6702 | Windows and Mac OS X Run on Adobe Reader and Acrobat of createSquareMesh Vulnerability in function that can retrieve important information from process memory |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The createSquareMesh function in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information from process memory via invalid arguments, a different vulnerability than CVE-2015-6697, CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6703, and CVE-2015-6704. This vulnerability CVE-2015-6697 , CVE-2015-6699 , CVE-2015-6700 , CVE-2015-6701 , CVE-2015-6703 ,and CVE-2015-6704 Is a different vulnerability.An attacker could retrieve important information from process memory via an invalid argument. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the createSquareMesh function. The issue lies in excess values being returned in the error message when improper arguments are given. Adobe Acrobat and Reader are prone to multiple information-disclosure vulnerabilities.
An attacker can exploit these issues to gain access to sensitive information that may aid in further attacks. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A security vulnerability exists in the 'createSquareMesh' function of several Adobe products. 30060 and earlier, Acrobat XI Desktop 11.0.12 and earlier, Reader XI Desktop 11.0.12 and earlier, Acrobat X Desktop 10.1.15 and earlier, Reader X Desktop 10.1.15 and earlier
| VAR-201510-0348 | CVE-2015-6699 | Windows and Mac OS X Run on Adobe Reader and Acrobat of addForegroundSprite Vulnerability in function that can retrieve important information from process memory |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The addForegroundSprite function in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information from process memory via invalid arguments, a different vulnerability than CVE-2015-6697, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703, and CVE-2015-6704. This vulnerability CVE-2015-6697 , CVE-2015-6700 , CVE-2015-6701 , CVE-2015-6702 , CVE-2015-6703 ,and CVE-2015-6704 Is a different vulnerability.An attacker could retrieve important information from process memory via an invalid argument. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the addForegroundSprite function. The issue lies in excess values being returned in the error message when improper arguments are given. Adobe Acrobat and Reader are prone to multiple information-disclosure vulnerabilities.
An attacker can exploit these issues to gain access to sensitive information that may aid in further attacks. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A security vulnerability exists in the 'addForegroundSprite' function of several Adobe products. 30060 and earlier, Acrobat XI Desktop 11.0.12 and earlier, Reader XI Desktop 11.0.12 and earlier, Acrobat X Desktop 10.1.15 and earlier, Reader X Desktop 10.1.15 and earlier
| VAR-201510-0347 | CVE-2015-6698 | Windows and Mac OS X Run on Adobe Reader and Acrobat of AcroForm Implementation of heap-based buffer overflow vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Heap-based buffer overflow in the AcroForm implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6696. This vulnerability CVE-2015-6696 and CVE-2015-8458 Is a different vulnerability.An attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within AcroForm. A specially crafted form can force Adobe Reader DC to write past the end of an allocated object. Adobe Acrobat and Reader are prone to multiple unspecified heap-buffer-overflow vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. 30060 and earlier, Acrobat XI Desktop 11.0.12 and earlier, Reader XI Desktop 11.0.12 and earlier, Acrobat X Desktop 10.1.15 and earlier, Reader X Desktop 10.1.15 and earlier
| VAR-201510-0346 | CVE-2015-6697 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerability in obtaining important information about color objects from process memory |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to obtain sensitive information about color objects from process memory by reading a light object's RGB data, a different vulnerability than CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703, and CVE-2015-6704. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the implementation of color objects in light objects. The RGB values returned from a newly created light object can disclose the heap address of a color object. An attacker can use this information in conjunction with other vulnerabilities to execute code in the context of the process. Adobe Acrobat and Reader are prone to multiple information-disclosure vulnerabilities.
An attacker can exploit these issues to gain access to sensitive information that may aid in further attacks. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Classic and Continuous are two update mechanisms provided by Acrobat Reader DC Product Download Center. Security flaws exist in several Adobe products. 30060 and earlier, Acrobat XI Desktop 11.0.12 and earlier, Reader XI Desktop 11.0.12 and earlier, Acrobat X Desktop 10.1.15 and earlier, Reader X Desktop 10.1.15 and earlier
| VAR-201510-0344 | CVE-2015-6695 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted use of the value attribute, a different vulnerability than CVE-2015-6685, CVE-2015-6686, CVE-2015-6693, CVE-2015-6694, and CVE-2015-7622. This vulnerability CVE-2015-6685 , CVE-2015-6686 , CVE-2015-6693 , CVE-2015-6694 , CVE-2015-7622 ,and CVE-2015-7650 Is a different vulnerability.By the attacker, value Arbitrary code execution, or the denial of service, through the clever use of attributes ( Memory corruption ) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the value attribute. By setting the value attribute to a specially crafted array an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Adobe Acrobat and Reader are prone to multiple memory-corruption vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products. 30060 and earlier, Acrobat XI Desktop 11.0.12 and earlier, Reader XI Desktop 11.0.12 and earlier, Acrobat X Desktop 10.1.15 and earlier, Reader X Desktop 10.1.15 and earlier
| VAR-201510-0343 | CVE-2015-6683 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5586, CVE-2015-6684, CVE-2015-6687, CVE-2015-6688, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621. This vulnerability CVE-2015-5586 , CVE-2015-6684 , CVE-2015-6687 , CVE-2015-6688 , CVE-2015-6689 , CVE-2015-6690 , CVE-2015-6691 , CVE-2015-7615 , CVE-2015-7617 ,and CVE-2015-7621 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. Adobe Acrobat and Reader are prone to multiple remote code-execution vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A use-after-free vulnerability exists in several Adobe products. 30060 and earlier, Acrobat XI Desktop 11.0.12 and earlier, Reader XI Desktop 11.0.12 and earlier, Acrobat X Desktop 10.1.15 and earlier, Reader X Desktop 10.1.15 and earlier
| VAR-201510-0345 | CVE-2015-6696 | Windows and Mac OS X Run on Adobe Reader and Acrobat Heap-based buffer overflow vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6698. This vulnerability CVE-2015-6698 and CVE-2015-8458 Is a different vulnerability.An attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within AGM.dll. A specially crafted PDF with multiple layers can force a dangling pointer to be reused after it has been freed. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. 30060 and earlier, Acrobat XI Desktop 11.0.12 and earlier, Reader XI Desktop 11.0.12 and earlier, Acrobat X Desktop 10.1.15 and earlier, Reader X Desktop 10.1.15 and earlier
| VAR-201510-0341 | CVE-2015-6724 | Windows and Mac OS X Run on Adobe Reader and Acrobat of ANSendForApproval In the method JavaScript API Vulnerability that circumvents execution restrictions |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The ANSendForApproval method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623. This vulnerability CVE-2015-6707 , CVE-2015-6708 , CVE-2015-6709 , CVE-2015-6710 , CVE-2015-6711 , CVE-2015-6712 , CVE-2015-6713 , CVE-2015-6714 , CVE-2015-6715 , CVE-2015-6716 , CVE-2015-6717 , CVE-2015-6718 , CVE-2015-6719 , CVE-2015-6720 , CVE-2015-6721 , CVE-2015-6722 , CVE-2015-6723 , CVE-2015-6725 , CVE-2015-7614 , CVE-2015-7616 , CVE-2015-7618 , CVE-2015-7619 , CVE-2015-7620 ,and CVE-2015-7623 Is a different vulnerability.By the attacker, JavaScript API Execution restrictions may be avoided. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the ANSendForApproval method. By creating a specially crafted PDF with specific Javascript instructions, it is possible to bypass the Javascript API restrictions. A remote attacker could exploit this vulnerability to execute arbitrary code. Adobe Acrobat and Reader are prone to multiple security-bypass vulnerabilities.
An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Classic and Continuous are two update mechanisms provided by Acrobat Reader DC Product Download Center. A security vulnerability exists in the ANSendForApproval method of several Adobe products. 30060 and earlier, Acrobat XI Desktop 11.0.12 and earlier, Reader XI Desktop 11.0.12 and earlier, Acrobat X Desktop 10.1.15 and earlier, Reader X Desktop 10.1.15 and earlier
| VAR-201510-0342 | CVE-2015-6725 | Windows and Mac OS X Run on Adobe Reader and Acrobat of ANSendForSharedReview In the method JavaScript API Vulnerability that circumvents execution restrictions |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The ANSendForSharedReview method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623. This vulnerability CVE-2015-6707 , CVE-2015-6708 , CVE-2015-6709 , CVE-2015-6710 , CVE-2015-6711 , CVE-2015-6712 , CVE-2015-6713 , CVE-2015-6714 , CVE-2015-6715 , CVE-2015-6716 , CVE-2015-6717 , CVE-2015-6718 , CVE-2015-6719 , CVE-2015-6720 , CVE-2015-6721 , CVE-2015-6722 , CVE-2015-6723 , CVE-2015-6724 , CVE-2015-7614 , CVE-2015-7616 , CVE-2015-7618 , CVE-2015-7619 , CVE-2015-7620 ,and CVE-2015-7623 Is a different vulnerability.By the attacker, JavaScript API Execution restrictions may be avoided. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the ANSendForSharedReview method. By creating a specially crafted PDF with specific Javascript instructions, it is possible to bypass the Javascript API restrictions. A remote attacker could exploit this vulnerability to execute arbitrary code. Adobe Acrobat and Reader are prone to multiple security-bypass vulnerabilities.
An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Classic and Continuous are two update mechanisms provided by Acrobat Reader DC Product Download Center. A security vulnerability exists in the ANSendForSharedReview method of several Adobe products. 30060 and earlier, Acrobat XI Desktop 11.0.12 and earlier, Reader XI Desktop 11.0.12 and earlier, Acrobat X Desktop 10.1.15 and earlier, Reader X Desktop 10.1.15 and earlier
| VAR-201510-0337 | CVE-2015-6720 | Windows and Mac OS X Run on Adobe Reader and Acrobat of ANRunSharedReviewEmailStep In the method JavaScript API Vulnerability that circumvents execution restrictions |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The ANRunSharedReviewEmailStep method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623. This vulnerability CVE-2015-6707 , CVE-2015-6708 , CVE-2015-6709 , CVE-2015-6710 , CVE-2015-6711 , CVE-2015-6712 , CVE-2015-6713 , CVE-2015-6714 , CVE-2015-6715 , CVE-2015-6716 , CVE-2015-6717 , CVE-2015-6718 , CVE-2015-6719 , CVE-2015-6721 , CVE-2015-6722 , CVE-2015-6723 , CVE-2015-6724 , CVE-2015-6725 , CVE-2015-7614 , CVE-2015-7616 , CVE-2015-7618 , CVE-2015-7619 , CVE-2015-7620 ,and CVE-2015-7623 Is a different vulnerability.By the attacker, JavaScript API Execution restrictions may be avoided. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the ANRunSharedReviewEmailStep method. By creating a specially crafted PDF with specific Javascript instructions, it is possible to bypass the Javascript API restrictions. A remote attacker could exploit this vulnerability to execute arbitrary code. Adobe Acrobat and Reader are prone to multiple security-bypass vulnerabilities.
An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Classic and Continuous are two update mechanisms provided by Acrobat Reader DC Product Download Center. A security vulnerability exists in the ANRunSharedReviewEmailStep method of several Adobe products. 30060 and earlier, Acrobat XI Desktop 11.0.12 and earlier, Reader XI Desktop 11.0.12 and earlier, Acrobat X Desktop 10.1.15 and earlier, Reader X Desktop 10.1.15 and earlier
| VAR-201510-0340 | CVE-2015-6723 | Windows and Mac OS X Run on Adobe Reader and Acrobat of ANTrustPropagateAll In the method JavaScript API Vulnerability that circumvents execution restrictions |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The ANTrustPropagateAll method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623. This vulnerability CVE-2015-6707 , CVE-2015-6708 , CVE-2015-6709 , CVE-2015-6710 , CVE-2015-6711 , CVE-2015-6712 , CVE-2015-6713 , CVE-2015-6714 , CVE-2015-6715 , CVE-2015-6716 , CVE-2015-6717 , CVE-2015-6718 , CVE-2015-6719 , CVE-2015-6720 , CVE-2015-6721 , CVE-2015-6722 , CVE-2015-6724 , CVE-2015-6725 , CVE-2015-7614 , CVE-2015-7616 , CVE-2015-7618 , CVE-2015-7619 , CVE-2015-7620 ,and CVE-2015-7623 Is a different vulnerability.By the attacker, JavaScript API Execution restrictions may be avoided. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the ANTrustPropagateAll method. By creating a specially crafted PDF with specific Javascript instructions, it is possible to bypass the Javascript API restrictions. A remote attacker could exploit this vulnerability to execute arbitrary code. Adobe Acrobat and Reader are prone to multiple security-bypass vulnerabilities.
An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Classic and Continuous are two update mechanisms provided by Acrobat Reader DC Product Download Center. A security vulnerability exists in the ANTrustPropagateAll method of several Adobe products. 30060 and earlier, Acrobat XI Desktop 11.0.12 and earlier, Reader XI Desktop 11.0.12 and earlier, Acrobat X Desktop 10.1.15 and earlier, Reader X Desktop 10.1.15 and earlier
| VAR-201510-0339 | CVE-2015-6722 | Windows and Mac OS X Run on Adobe Reader and Acrobat of CBSharedReviewStatusDialog In the method JavaScript API Vulnerability that circumvents execution restrictions |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The CBSharedReviewStatusDialog method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623. This vulnerability CVE-2015-6707 , CVE-2015-6708 , CVE-2015-6709 , CVE-2015-6710 , CVE-2015-6711 , CVE-2015-6712 , CVE-2015-6713 , CVE-2015-6714 , CVE-2015-6715 , CVE-2015-6716 , CVE-2015-6717 , CVE-2015-6718 , CVE-2015-6719 , CVE-2015-6720 , CVE-2015-6721 , CVE-2015-6723 , CVE-2015-6724 , CVE-2015-6725 , CVE-2015-7614 , CVE-2015-7616 , CVE-2015-7618 , CVE-2015-7619 , CVE-2015-7620 ,and CVE-2015-7623 Is a different vulnerability.By the attacker, JavaScript API Execution restrictions may be avoided. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the CBSharedReviewStatusDialog method. By creating a specially crafted PDF with specific Javascript instructions, it is possible to bypass the Javascript API restrictions. A remote attacker could exploit this vulnerability to execute arbitrary code. Adobe Acrobat and Reader are prone to multiple security-bypass vulnerabilities.
An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Classic and Continuous are two update mechanisms provided by Acrobat Reader DC Product Download Center. A security vulnerability exists in the CBSharedReviewStatusDialog method of several Adobe products. 30060 and earlier, Acrobat XI Desktop 11.0.12 and earlier, Reader XI Desktop 11.0.12 and earlier, Acrobat X Desktop 10.1.15 and earlier, Reader X Desktop 10.1.15 and earlier
| VAR-201510-0338 | CVE-2015-6721 | Windows and Mac OS X Run on Adobe Reader and Acrobat of CBSharedReviewSecurityDialog In the method JavaScript API Vulnerability bypassing execution restrictions |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The CBSharedReviewSecurityDialog method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623. This vulnerability is CVE-2015-6707 , CVE-2015-6708 , CVE-2015-6709 , CVE-2015-6710 , CVE-2015-6711 , CVE-2015-6712 , CVE-2015-6713 , CVE-2015-6714 , CVE-2015-6715 , CVE-2015-6716 , CVE-2015-6717 , CVE-2015-6718 , CVE-2015-6719 , CVE-2015-6720 , CVE-2015-6722 , CVE-2015-6723 , CVE-2015-6724 , CVE-2015-6725 , CVE-2015-7614 , CVE-2015-7616 , CVE-2015-7618 , CVE-2015-7619 , CVE-2015-7620 ,and CVE-2015-7623 This is a different vulnerability.By the attacker, JavaScript API Execution restrictions may be bypassed. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the CBSharedReviewSecurityDialog method. A remote attacker could exploit this vulnerability to execute arbitrary code. Adobe Acrobat and Reader are prone to multiple security-bypass vulnerabilities.
An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Classic and Continuous are two update mechanisms provided by Acrobat Reader DC Product Download Center. A security vulnerability exists in the CBSharedReviewSecurityDialog method of several Adobe products. 30060 and earlier, Acrobat XI Desktop 11.0.12 and earlier, Reader XI Desktop 11.0.12 and earlier, Acrobat X Desktop 10.1.15 and earlier, Reader X Desktop 10.1.15 and earlier
| VAR-201510-0336 | CVE-2015-6719 | Windows and Mac OS X Run on Adobe Reader and Acrobat of CBSharedReviewCloseDialog In the method JavaScript API Vulnerability that circumvents execution restrictions |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The CBSharedReviewCloseDialog method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623. This vulnerability CVE-2015-6707 , CVE-2015-6708 , CVE-2015-6709 , CVE-2015-6710 , CVE-2015-6711 , CVE-2015-6712 , CVE-2015-6713 , CVE-2015-6714 , CVE-2015-6715 , CVE-2015-6716 , CVE-2015-6717 , CVE-2015-6718 , CVE-2015-6720 , CVE-2015-6721 , CVE-2015-6722 , CVE-2015-6723 , CVE-2015-6724 , CVE-2015-6725 , CVE-2015-7614 , CVE-2015-7616 , CVE-2015-7618 , CVE-2015-7619 , CVE-2015-7620 ,and CVE-2015-7623 Is a different vulnerability.By the attacker, JavaScript API Execution restrictions may be avoided. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the CBSharedReviewCloseDialog method. By creating a specially crafted PDF with specific Javascript instructions, it is possible to bypass the Javascript API restrictions. A remote attacker could exploit this vulnerability to execute arbitrary code. Adobe Acrobat and Reader are prone to multiple security-bypass vulnerabilities.
An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Classic and Continuous are two update mechanisms provided by Acrobat Reader DC Product Download Center. A security vulnerability exists in the CBSharedReviewCloseDialog method of several Adobe products. 30060 and earlier, Acrobat XI Desktop 11.0.12 and earlier, Reader XI Desktop 11.0.12 and earlier, Acrobat X Desktop 10.1.15 and earlier, Reader X Desktop 10.1.15 and earlier
| VAR-201510-0335 | CVE-2015-6718 | Windows and Mac OS X Run on Adobe Reader and Acrobat of CBSharedReviewIfOfflineDialog In the method JavaScript API Vulnerability that circumvents execution restrictions |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The CBSharedReviewIfOfflineDialog method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623. This vulnerability CVE-2015-6707 , CVE-2015-6708 , CVE-2015-6709 , CVE-2015-6710 , CVE-2015-6711 , CVE-2015-6712 , CVE-2015-6713 , CVE-2015-6714 , CVE-2015-6715 , CVE-2015-6716 , CVE-2015-6717 , CVE-2015-6719 , CVE-2015-6720 , CVE-2015-6721 , CVE-2015-6722 , CVE-2015-6723 , CVE-2015-6724 , CVE-2015-6725 , CVE-2015-7614 , CVE-2015-7616 , CVE-2015-7618 , CVE-2015-7619 , CVE-2015-7620 ,and CVE-2015-7623 Is a different vulnerability.By the attacker, JavaScript API Execution restrictions may be avoided. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the CBSharedReviewIfOfflineDialog method. By creating a specially crafted PDF with specific Javascript instructions, it is possible to bypass the Javascript API restrictions. A remote attacker could exploit this vulnerability to execute arbitrary code. Adobe Acrobat and Reader are prone to multiple security-bypass vulnerabilities.
An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Classic and Continuous are two update mechanisms provided by Acrobat Reader DC Product Download Center. A security vulnerability exists in the CBSharedReviewIfOfflineDialog method of several Adobe products. 30060 and earlier, Acrobat XI Desktop 11.0.12 and earlier, Reader XI Desktop 11.0.12 and earlier, Acrobat X Desktop 10.1.15 and earlier, Reader X Desktop 10.1.15 and earlier