SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Adobe Acrobat/Reader Vendors:   Adobe Systems Incorporated
Adobe Acrobat/Reader Multiple Flaws Let Remote Users Execute Arbitrary Code and Bypass Security Restrictions
SecurityTracker Alert ID:  1036281
SecurityTracker URL:  http://securitytracker.com/id/1036281
CVE Reference:   CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4209, CVE-2016-4210, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4215, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4255, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, CVE-2016-4269, CVE-2016-4270   (Links to External Site)
Updated:  Aug 29 2016
Original Entry Date:  Jul 12 2016
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 15.016.20045 and prior
Description:   Multiple vulnerabilities were reported in Adobe Acrobat/Reader. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can bypass security controls on the target system.

A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A memory corruption error may occur [CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204,
CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, CVE-2016-4269, CVE-2016-4270].

An integer overflow may occur [CVE-2016-4210].

A use-after-free memory error may occur [CVE-2016-4255].

A heap buffer overflow may occur [CVE-2016-4209].

A remote user can bypass security restrictions on Javascript API execution [CVE-2016-4215]. The impact was not disclosed.

Jaanus Kaap of Clarified Security, Ke Liu of Tencent's Xuanwu LAB and Sebastien Morin of COSIG, Kai Lu of Fortinet's FortiGuard Labs, Wei Lei Sun Zhihao and Liu Yang of Nanyang Technological University (via Trend Micro's Zero Day Initiative), Alex Infuhr and Masato Kinugawa of Cure53, AbdulAziz Hariri via Trend Micro's Zero Day Initiative, kdot (via Trend Micro's Zero Day Initiative), Stanko Jankovic, Jaanus Kp Clarified Security (via Trend Micro's Zero Day Initiative, and Sebastien Morin and Pier-Luc Maltais of COSIG reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can bypass security controls on the target system.

Solution:   The vendor has issued a fix (11.0.17 ,15.006.30198, 15.017.20050).

The vendor's advisory is available at:

https://helpx.adobe.com/security/products/acrobat/apsb16-26.html

Vendor URL:  helpx.adobe.com/security/products/acrobat/apsb16-26.html (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:  UNIX (macOS/OS X), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC