Vulnerability CVE-2016-1007


Published: 2016-03-09   Modified: 2016-03-14

Description:
Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1009.

See advisories in our WLB2 database:
Topic
Author
Date
High
SwiftMailer Remote Code Execution
Dawid Golunski
30.12.2016
High
PHPMailer / Zend-mail / SwiftMailer Remote Code Execution
PwnScriptum
04.01.2017
High
WordPress Core 4.6 Unauthenticated Remote Code Execution Full Advisory
Dawid Golunski
05.05.2017
High
Vanilla Forums <= 2.3 Remote Code Execution (RCE) PoC Exploit 0day
Dawid Golunski
12.05.2017

Vendor: Adobe
Product: Acrobat dc 
Version: 15.010.20059; 15.006.30119;
Product: Acrobat reader dc 
Version: 15.010.20059; 15.006.30119;
Product: Acrobat 
Version: 11.0.14;
Product: Acrobat reader 
Version: 11.0.14;

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
https://helpx.adobe.com/security/products/acrobat/apsb16-09.html

Related CVE
CVE-2017-3073
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3074
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3071
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3072
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3069
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3070
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3068
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3067
Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms.

Copyright 2017, cxsecurity.com