Adobe Acrobat Reader up to 11.0.17/15.006.30201/15.017.20053 use after free

A vulnerability classified as critical was found in Adobe Acrobat Reader up to 11.0.17/15.006.30201/15.017.20053 (Document Reader Software). This vulnerability affects an unknown part. Upgrading to version 11.0.18, 15.006.30243 or 15.020.20039 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field10/13/2016 09:51 AM04/07/2017 11:06 AM09/23/2022 12:21 PM
cvss3_vuldb_tempscore6.06.06.0
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
date1475712000 (10/06/2016)1475712000 (10/06/2016)1475712000 (10/06/2016)
locationWebsiteWebsiteWebsite
typeSecurity BulletinSecurity BulletinSecurity Bulletin
urlhttps://helpx.adobe.com/security/products/acrobat/apsb16-33.htmlhttps://helpx.adobe.com/security/products/acrobat/apsb16-33.htmlhttps://helpx.adobe.com/security/products/acrobat/apsb16-33.html
identifierAPSB16-33APSB16-33APSB16-33
disputed000
freeformdeDas Hersteller-Advisory zeigt auf, dass es eigentlich am 06. Oktober 2016 veröffentlicht wurde. Es macht aber den Anschein, dass dies erst im Zuge des 11. Oktober 2016 geschehen ist.Das Hersteller-Advisory zeigt auf, dass es eigentlich am 06. Oktober 2016 veröffentlicht wurde. Es macht aber den Anschein, dass dies erst im Zuge des 11. Oktober 2016 geschehen ist.Das Hersteller-Advisory zeigt auf, dass es eigentlich am 06. Oktober 2016 veröffentlicht wurde. Es macht aber den Anschein, dass dies erst im Zuge des 11. Oktober 2016 geschehen ist.
freeformenThe vendor advisory states that the initial disclosure was October 6, 2016. But it appears that the advisory got released on October 11, 2016 to the public.The vendor advisory states that the initial disclosure was October 6, 2016. But it appears that the advisory got released on October 11, 2016 to the public.The vendor advisory states that the initial disclosure was October 6, 2016. But it appears that the advisory got released on October 11, 2016 to the public.
price_0day$25k-$100k$25k-$100k$25k-$100k
nameUpgradeUpgradeUpgrade
date1475712000 (10/06/2016)1475712000 (10/06/2016)1475712000 (10/06/2016)
upgrade_version11.0.18/15.006.30243/15.020.2003911.0.18/15.006.30243/15.020.2003911.0.18/15.006.30243/15.020.20039
cveCVE-2016-6949CVE-2016-6949CVE-2016-6949
cve_nvd_published147631680014763168001476316800
securityfocus934919349193491
securityfocus_titleAdobe Acrobat and Reader APSB16-33 Use-After-Free Multiple Remote Code Execution VulnerabilitiesAdobe Acrobat and Reader APSB16-33 Use-After-Free Multiple Remote Code Execution VulnerabilitiesAdobe Acrobat and Reader APSB16-33 Use-After-Free Multiple Remote Code Execution Vulnerabilities
sectracker103698610369861036986
sectracker_date1476144000 (10/11/2016)1476144000 (10/11/2016)1476144000 (10/11/2016)
sectracker_titleAdobe Acrobat/Reader Multiple Flaws Let Remote Users Bypass Security Restrictions and Execute Arbitrary CodeAdobe Acrobat/Reader Multiple Flaws Let Remote Users Bypass Security Restrictions and Execute Arbitrary CodeAdobe Acrobat/Reader Multiple Flaws Let Remote Users Bypass Security Restrictions and Execute Arbitrary Code
sectracker_causeAccess control errorAccess control errorAccess control error
nessus_id940749407494074
nessus_nameAdobe Reader < 11.0.18 / 15.006.30243 / 15.020.20039 Multiple Vulnerabilities (APSB16-33) (macOS)Adobe Reader < 11.0.18 / 15.006.30243 / 15.020.20039 Multiple Vulnerabilities (APSB16-33) (macOS)Adobe Reader < 11.0.18 / 15.006.30243 / 15.020.20039 Multiple Vulnerabilities (APSB16-33) (macOS)
nessus_filenamemacosx_adobe_reader_apsb16-33.naslmacosx_adobe_reader_apsb16-33.naslmacosx_adobe_reader_apsb16-33.nasl
nessus_familyMacOS X Local Security ChecksMacOS X Local Security ChecksMacOS X Local Security Checks
openvas_id861284861284861284
openvas_filenamegb_adobe_acrobat_apsb16-33_macosx.naslgb_adobe_acrobat_apsb16-33_macosx.naslgb_adobe_acrobat_apsb16-33_macosx.nasl
openvas_titleAdobe Acrobat Security Updates(apsb16-33)-MAC OS XAdobe Acrobat Security Updates(apsb16-33)-MAC OS XAdobe Acrobat Security Updates(apsb16-33)-MAC OS X
openvas_familyGeneralGeneralGeneral
qualys_id370154370154370154
qualys_titleAdobe Reader and Acrobat Multiple Vulnerabilities (APSB16-33)Adobe Reader and Acrobat Multiple Vulnerabilities (APSB16-33)Adobe Reader and Acrobat Multiple Vulnerabilities (APSB16-33)
seealso92615 92616 92617 92618 92619 92621 92622 92623 92624 92625 92626 92627 92628 92629 92630 92631 92632 92633 92634 92635 92636 92637 92638 92639 92640 92641 92642 92643 92644 9264592615 92616 92617 92618 92619 92621 92622 92623 92624 92625 92626 92627 92628 92629 92630 92631 92632 92633 92634 92635 92636 92637 92638 92639 92640 92641 92642 92643 92644 9264592615 92616 92617 92618 92619 92621 92622 92623 92624 92625 92626 92627 92628 92629 92630 92631 92632 92633 92634 92635 92636 92637 92638 92639 92640 92641 92642 92643 92644 92645
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
cvss3_nvd_basescore9.89.89.8
typeDocument Reader SoftwareDocument Reader SoftwareDocument Reader Software
vendorAdobeAdobeAdobe
nameAcrobat ReaderAcrobat ReaderAcrobat Reader
version<=11.0.17/15.006.30201/15.017.20053<=11.0.17/15.006.30201/15.017.20053<=11.0.17/15.006.30201/15.017.20053
cwe416 (use after free)416 (use after free)416 (use after free)
risk222
historic000
cvss2_vuldb_basescore6.86.86.8
cvss2_vuldb_tempscore5.95.95.9
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciCCC
cvss2_nvd_iiCCC
cvss2_nvd_aiCCC
cvss3_meta_basescore8.08.08.0
cvss3_meta_tempscore7.77.77.9
cvss3_vuldb_basescore6.36.36.3
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
person_nameAbdulAziz HaririAbdulAziz Hariri
company_nameZero Day InitiativeZero Day Initiative
confirm_urlhttps://helpx.adobe.com/security/products/acrobat/apsb16-33.htmlhttps://helpx.adobe.com/security/products/acrobat/apsb16-33.html
cve_assigned1471910400 (08/23/2016)1471910400 (08/23/2016)
securityfocus_date1476144000 (10/11/2016)1476144000 (10/11/2016)
securityfocus_classUnknownUnknown
cve_nvd_summaryUse-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.
cvss2_nvd_basescore10.0

Interested in the pricing of exploits?

See the underground prices here!