Vulnerability CVE-2016-0947


Published: 2016-01-14   Modified: 2016-12-07

Description:
Untrusted search path vulnerability in Adobe Download Manager, as used in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X, allows local users to gain privileges via a crafted resource in an unspecified directory.

Vendor: Adobe
Product: Acrobat dc 
Version: 15.009.20077; 15.006.30097;
Product: Acrobat reader dc 
Version: 15.009.20077; 15.006.30097;
Product: Acrobat 
Version:
11.0.9
11.0.8
11.0.7
11.0.6
11.0.5
11.0.4
11.0.3
11.0.2
11.0.13
11.0.12
11.0.11
11.0.10
11.0.1
11.0.0
Product: Acrobat reader 
Version:
11.0.9
11.0.8
11.0.7
11.0.6
11.0.5
11.0.4
11.0.3
11.0.2
11.0.13
11.0.12
11.0.11
11.0.10
11.0.1
11.0.0

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.securitytracker.com/id/1034646
https://helpx.adobe.com/security/products/acrobat/apsb16-02.html

Related CVE
CVE-2017-3103
Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a stored cross-site scripting attack.
CVE-2017-3102
Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Successful exploitation could lead to a reflected cross-site scripting attack.
CVE-2017-3101
Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerability. Successful exploitation could lead to a clickjacking attack.
CVE-2016-0959
Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before 20.0.0.267, Adobe Flash Player for Microsoft Edge and Int...
CVE-2015-0955
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 6.1.0.
CVE-2017-3098
Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server.
CVE-2017-3096
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the character code mapping module. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3097
Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading functions in the installer plugin. A successful exploitation could lead to arbitrary code executio...

Copyright 2017, cxsecurity.com