VARIoT IoT vulnerabilities database
| VAR-201505-0416 | CVE-2015-3049 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3046, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3056, CVE-2015-3057, CVE-2015-3070, and CVE-2015-3076. Adobe Reader and Acrobat are prone to multiple memory-corruption vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. The following products and versions are affected: Adobe Reader 10.1.13 and earlier and 11.0.10 and earlier, Acrobat 10.1.13 and earlier and 11.0.10 and earlier
| VAR-201505-0415 | CVE-2015-3048 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to buffer overflow |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unknown vectors. Adobe Reader and Acrobat are prone to a remote buffer-overflow vulnerability.
Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts likely result in denial-of-service conditions.
The affected products are:
Adobe Reader 11.x versions prior to 11.0.11
Adobe Reader 10.x versions prior to 10.1.14
Adobe Acrobat 11.x versions prior to 11.0.11
Adobe Acrobat 10.x versions prior to 10.1.14. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool
| VAR-201505-0414 | CVE-2015-3047 | Windows and Mac OS X Run on Adobe Reader and Acrobat Service disruption in (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. http://cwe.mitre.org/data/definitions/476.htmlDenial of service by attacker (NULL Pointer dereference ) There is a possibility of being put into a state. Adobe Acrobat and Reader are prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to cause the denial-of-service condition. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service (memory corruption). The following products and versions are affected: Adobe Reader 10.1.13 and earlier and 11.0.10 and earlier, Acrobat 10.1.13 and earlier and 11.0.10 and earlier
| VAR-201505-0413 | CVE-2015-3046 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3056, CVE-2015-3057, CVE-2015-3070, and CVE-2015-3076. Adobe Reader and Acrobat are prone to multiple memory-corruption vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. The following products and versions are affected: Adobe Reader 10.1.13 and earlier and 11.0.10 and earlier, Acrobat 10.1.13 and earlier and 11.0.10 and earlier
| VAR-201505-0314 | CVE-2015-3063 | Windows and Mac OS X Run on Adobe Reader and Acrobat In JavaScript API Vulnerability that circumvents execution restrictions |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074. This vulnerability CVE-2015-3060 , CVE-2015-3061 , CVE-2015-3062 , CVE-2015-3064 , CVE-2015-3065 , CVE-2015-3066 , CVE-2015-3067 , CVE-2015-3068 , CVE-2015-3069 , CVE-2015-3071 , CVE-2015-3072 , CVE-2015-3073 and CVE-2015-3074 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy the attacker, JavaScript API May limit the execution limit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the app.Monitors().select method. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the JavaScript API restrictions. A remote attacker could exploit this vulnerability to execute arbitrary code. Adobe Reader and Acrobat are prone to multiple security-bypass vulnerabilities.
An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. The following products and versions are affected: Adobe Reader 10.1.13 and earlier and 11.0.10 and earlier, Acrobat 10.1.13 and earlier and 11.0.10 and earlier
| VAR-201505-0313 | CVE-2015-3062 | Windows and Mac OS X Run on Adobe Reader and Acrobat In JavaScript API Vulnerability that circumvents execution restrictions |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074. This vulnerability CVE-2015-3060 , CVE-2015-3061 , CVE-2015-3063 , CVE-2015-3064 , CVE-2015-3065 , CVE-2015-3066 , CVE-2015-3067 , CVE-2015-3068 , CVE-2015-3069 , CVE-2015-3071 , CVE-2015-3072 , CVE-2015-3073 and CVE-2015-3074 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy the attacker, JavaScript API May limit the execution limit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the AFExactMatch method. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the JavaScript API restrictions. A remote attacker could exploit this vulnerability to execute arbitrary code. Adobe Reader and Acrobat are prone to multiple security-bypass vulnerabilities.
An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. The following products and versions are affected: Adobe Reader 10.1.13 and earlier and 11.0.10 and earlier, Acrobat 10.1.13 and earlier and 11.0.10 and earlier
| VAR-201505-0312 | CVE-2015-3061 | Windows and Mac OS X Run on Adobe Reader and Acrobat In JavaScript API Vulnerability that circumvents execution restrictions |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074. This vulnerability CVE-2015-3060 , CVE-2015-3062 , CVE-2015-3063 , CVE-2015-3064 , CVE-2015-3065 , CVE-2015-3066 , CVE-2015-3067 , CVE-2015-3068 , CVE-2015-3069 , CVE-2015-3071 , CVE-2015-3072 , CVE-2015-3073 and CVE-2015-3074 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy the attacker, JavaScript API May limit the execution limit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the ANMatchString method. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the JavaScript API restrictions. A remote attacker could exploit this vulnerability to execute arbitrary code. Adobe Reader and Acrobat are prone to multiple security-bypass vulnerabilities.
An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. The following products and versions are affected: Adobe Reader 10.1.13 and earlier and 11.0.10 and earlier, Acrobat 10.1.13 and earlier and 11.0.10 and earlier
| VAR-201505-0311 | CVE-2015-3074 | Windows and Mac OS X Run on Adobe Reader and Acrobat In JavaScript API Vulnerability that circumvents execution restrictions |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, and CVE-2015-3073. This vulnerability CVE-2015-3060 , CVE-2015-3061 , CVE-2015-3062 , CVE-2015-3063 , CVE-2015-3064 , CVE-2015-3065 , CVE-2015-3066 , CVE-2015-3067 , CVE-2015-3068 , CVE-2015-3069 , CVE-2015-3071 , CVE-2015-3072 and CVE-2015-3073 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy the attacker, JavaScript API May limit the execution limit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within ScriptBridgeUtils. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the Javascript API restrictions. A remote attacker could exploit this vulnerability to execute arbitrary code. Adobe Reader and Acrobat are prone to multiple security-bypass vulnerabilities.
An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. The following products and versions are affected: Adobe Reader 10.1.13 and earlier and 11.0.10 and earlier, Acrobat 10.1.13 and earlier and 11.0.10 and earlier
| VAR-201505-0310 | CVE-2015-3073 | Windows and Mac OS X Run on Adobe Reader and Acrobat In JavaScript API Vulnerability that circumvents execution restrictions |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, and CVE-2015-3074. This vulnerability CVE-2015-3060 , CVE-2015-3061 , CVE-2015-3062 , CVE-2015-3063 , CVE-2015-3064 , CVE-2015-3065 , CVE-2015-3066 , CVE-2015-3067 , CVE-2015-3068 , CVE-2015-3069 , CVE-2015-3071 , CVE-2015-3072 and CVE-2015-3074 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy the attacker, JavaScript API May limit the execution limit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within AFParseDate. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the Javascript API restrictions. A remote attacker could exploit this vulnerability to execute arbitrary code. Adobe Reader and Acrobat are prone to multiple security-bypass vulnerabilities.
An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. The following products and versions are affected: Adobe Reader 10.1.13 and earlier and 11.0.10 and earlier, Acrobat 10.1.13 and earlier and 11.0.10 and earlier
| VAR-201505-0309 | CVE-2015-3072 | Windows and Mac OS X Run on Adobe Reader and Acrobat In JavaScript API Vulnerability that circumvents execution restrictions |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3073, and CVE-2015-3074. This vulnerability CVE-2015-3060 , CVE-2015-3061 , CVE-2015-3062 , CVE-2015-3063 , CVE-2015-3064 , CVE-2015-3065 , CVE-2015-3066 , CVE-2015-3067 , CVE-2015-3068 , CVE-2015-3069 , CVE-2015-3071 , CVE-2015-3073 and CVE-2015-3074 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy the attacker, JavaScript API May limit the execution limit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within ADBCAnnotEnumerator. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the Javascript API restrictions. A remote attacker could exploit this vulnerability to execute arbitrary code. Adobe Reader and Acrobat are prone to multiple security-bypass vulnerabilities.
An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. The following products and versions are affected: Adobe Reader 10.1.13 and earlier and 11.0.10 and earlier, Acrobat 10.1.13 and earlier and 11.0.10 and earlier
| VAR-201505-0308 | CVE-2015-3056 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3057, CVE-2015-3070, and CVE-2015-3076. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within Line Annotations. A specially crafted Line Annotation can force Adobe Acrobat Reader to read memory past the end of an allocated object. Adobe Reader and Acrobat are prone to multiple memory-corruption vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. The following products and versions are affected: Adobe Reader 10.1.13 and earlier and 11.0.10 and earlier, Acrobat 10.1.13 and earlier and 11.0.10 and earlier
| VAR-201505-0307 | CVE-2015-3055 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3054, CVE-2015-3059, and CVE-2015-3075. This vulnerability CVE-2015-3053 , CVE-2015-3054 , CVE-2015-3059 ,and CVE-2015-3075 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Fields. A specially crafted PDF with specific Fields embedded can force a dangling pointer to be reused after it has been freed. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. The following products and versions are affected: Adobe Reader 10.1.13 and earlier and 11.0.10 and earlier, Acrobat 10.1.13 and earlier and 11.0.10 and earlier
| VAR-201505-0306 | CVE-2015-3054 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3055, CVE-2015-3059, and CVE-2015-3075. This vulnerability CVE-2015-3053 , CVE-2015-3055 , CVE-2015-3059 ,and CVE-2015-3075 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the WillSave document action. A specially crafted WillSave document action can force a dangling pointer to be reused after it has been freed. Adobe Reader and Acrobat are prone to multiple remote code-execution vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. The following products and versions are affected: Adobe Reader 10.1.13 and earlier and 11.0.10 and earlier, Acrobat 10.1.13 and earlier and 11.0.10 and earlier
| VAR-201505-0305 | CVE-2015-3053 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3054, CVE-2015-3055, CVE-2015-3059, and CVE-2015-3075. This vulnerability CVE-2015-3054 , CVE-2015-3055 , CVE-2015-3059 ,and CVE-2015-3075 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the Close page action. A specially crafted Close page action can force a dangling pointer to be reused after it has been freed. Adobe Reader and Acrobat are prone to multiple remote code-execution vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. The following products and versions are affected: Adobe Reader 10.1.13 and earlier and 11.0.10 and earlier, Acrobat 10.1.13 and earlier and 11.0.10 and earlier
| VAR-201505-0304 | CVE-2015-3052 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3056, CVE-2015-3057, CVE-2015-3070, and CVE-2015-3076. Adobe Reader and Acrobat are prone to multiple memory-corruption vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. The following products and versions are affected: Adobe Reader 10.1.13 and earlier and 11.0.10 and earlier, Acrobat 10.1.13 and earlier and 11.0.10 and earlier
| VAR-201505-0303 | CVE-2015-3051 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3050, CVE-2015-3052, CVE-2015-3056, CVE-2015-3057, CVE-2015-3070, and CVE-2015-3076. Adobe Reader and Acrobat are prone to multiple memory-corruption vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. The following products and versions are affected: Adobe Reader 10.1.13 and earlier and 11.0.10 and earlier, Acrobat 10.1.13 and earlier and 11.0.10 and earlier
| VAR-201505-0302 | CVE-2015-3050 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3051, CVE-2015-3052, CVE-2015-3056, CVE-2015-3057, CVE-2015-3070, and CVE-2015-3076. Adobe Reader and Acrobat are prone to multiple memory-corruption vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. The following products and versions are affected: Adobe Reader 10.1.13 and earlier and 11.0.10 and earlier, Acrobat 10.1.13 and earlier and 11.0.10 and earlier
| VAR-201505-0301 | CVE-2015-3067 | Windows and Mac OS X Run on Adobe Reader and Acrobat In JavaScript API Vulnerability that circumvents execution restrictions |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074. This vulnerability CVE-2015-3060 , CVE-2015-3061 , CVE-2015-3062 , CVE-2015-3063 , CVE-2015-3064 , CVE-2015-3065 , CVE-2015-3066 , CVE-2015-3068 , CVE-2015-3069 , CVE-2015-3071 , CVE-2015-3072 , CVE-2015-3073 and CVE-2015-3074 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy the attacker, JavaScript API May limit the execution limit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the DynamicAnnotStore enumerate method. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the JavaScript API restrictions. A remote attacker could exploit this vulnerability to execute arbitrary code. Adobe Reader and Acrobat are prone to multiple security-bypass vulnerabilities.
An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. The following products and versions are affected: Adobe Reader 10.1.13 and earlier and 11.0.10 and earlier, Acrobat 10.1.13 and earlier and 11.0.10 and earlier
| VAR-201505-0300 | CVE-2015-3066 | Windows and Mac OS X Run on Adobe Reader and Acrobat In JavaScript API Vulnerability that circumvents execution restrictions |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074. This vulnerability CVE-2015-3060 , CVE-2015-3061 , CVE-2015-3062 , CVE-2015-3063 , CVE-2015-3064 , CVE-2015-3065 , CVE-2015-3067 , CVE-2015-3068 , CVE-2015-3069 , CVE-2015-3071 , CVE-2015-3072 , CVE-2015-3073 and CVE-2015-3074 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy the attacker, JavaScript API May limit the execution limit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the SharedReviewDocCenterInitiator onError event. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the JavaScript API restrictions. A remote attacker could exploit this vulnerability to execute arbitrary code. Adobe Reader and Acrobat are prone to multiple security-bypass vulnerabilities.
An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. The following products and versions are affected: Adobe Reader 10.1.13 and earlier and 11.0.10 and earlier, Acrobat 10.1.13 and earlier and 11.0.10 and earlier
| VAR-201505-0299 | CVE-2015-3065 | Windows and Mac OS X Run on Adobe Reader and Acrobat In JavaScript API Vulnerability that circumvents execution restrictions |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074. This vulnerability CVE-2015-3060 , CVE-2015-3061 , CVE-2015-3062 , CVE-2015-3063 , CVE-2015-3064 , CVE-2015-3066 , CVE-2015-3067 , CVE-2015-3068 , CVE-2015-3069 , CVE-2015-3071 , CVE-2015-3072 , CVE-2015-3073 and CVE-2015-3074 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy the attacker, JavaScript API May limit the execution limit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the Matrix2D transform method. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the JavaScript API restrictions. A remote attacker could exploit this vulnerability to execute arbitrary code. Adobe Reader and Acrobat are prone to multiple security-bypass vulnerabilities.
An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. The following products and versions are affected: Adobe Reader 10.1.13 and earlier and 11.0.10 and earlier, Acrobat 10.1.13 and earlier and 11.0.10 and earlier