Vulnerability CVE-2015-3073

Vulnerability CVE-2015-3073

Published: 2015-05-13

Description:

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, and CVE-2015-3074.

See advisories in our WLB2 database:

	Topic	Author	Date
High	Adobe Acrobat Reader AFParseDate Javascript API Restrictions Bypass Vulnerability	Reigning Shells	28.09.2015
High	Adobe Acrobat Reader AFParseDate Javascript API Restrictions Bypass Vulnerability Exploit	Reigning Shells	28.09.2015

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
10/10	10/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Microsoft -> Windows
Apple -> Mac os x
Adobe -> Acrobat
Adobe -> Acrobat reader

References:

http://www.securityfocus.com/bid/74604

http://www.securitytracker.com/id/1032284

http://www.zerodayinitiative.com/advisories/ZDI-15-197

https://helpx.adobe.com/security/products/reader/apsb15-10.html

https://www.exploit-db.com/exploits/38344/

Copyright 2024, cxsecurity.com