Adobe Acrobat Reader up to 11.0.17/15.006.30201/15.017.20053 use after free

A vulnerability has been found in Adobe Acrobat Reader up to 11.0.17/15.006.30201/15.017.20053 (Document Reader Software) and classified as critical. This vulnerability affects an unknown functionality. Upgrading to version 11.0.18, 15.006.30243 or 15.020.20039 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field04/07/2017 11:07 AM09/23/2022 02:15 PM09/23/2022 02:18 PM
date1475712000 (10/06/2016)1475712000 (10/06/2016)1475712000 (10/06/2016)
locationWebsiteWebsiteWebsite
typeSecurity BulletinSecurity BulletinSecurity Bulletin
urlhttps://helpx.adobe.com/security/products/acrobat/apsb16-33.htmlhttps://helpx.adobe.com/security/products/acrobat/apsb16-33.htmlhttps://helpx.adobe.com/security/products/acrobat/apsb16-33.html
identifierAPSB16-33APSB16-33APSB16-33
disputed000
freeformdeDas Hersteller-Advisory zeigt auf, dass es eigentlich am 06. Oktober 2016 veröffentlicht wurde. Es macht aber den Anschein, dass dies erst im Zuge des 11. Oktober 2016 geschehen ist.Das Hersteller-Advisory zeigt auf, dass es eigentlich am 06. Oktober 2016 veröffentlicht wurde. Es macht aber den Anschein, dass dies erst im Zuge des 11. Oktober 2016 geschehen ist.Das Hersteller-Advisory zeigt auf, dass es eigentlich am 06. Oktober 2016 veröffentlicht wurde. Es macht aber den Anschein, dass dies erst im Zuge des 11. Oktober 2016 geschehen ist.
freeformenThe vendor advisory states that the initial disclosure was October 6, 2016. But it appears that the advisory got released on October 11, 2016 to the public.The vendor advisory states that the initial disclosure was October 6, 2016. But it appears that the advisory got released on October 11, 2016 to the public.The vendor advisory states that the initial disclosure was October 6, 2016. But it appears that the advisory got released on October 11, 2016 to the public.
price_0day$25k-$100k$25k-$100k$25k-$100k
nameUpgradeUpgradeUpgrade
date1475712000 (10/06/2016)1475712000 (10/06/2016)1475712000 (10/06/2016)
upgrade_version11.0.18/15.006.30243/15.020.2003911.0.18/15.006.30243/15.020.2003911.0.18/15.006.30243/15.020.20039
cveCVE-2016-6979CVE-2016-6979CVE-2016-6979
cve_nvd_published147631680014763168001476316800
securityfocus_titleAdobe Acrobat and Reader APSB16-33 Use-After-Free Multiple Remote Code Execution VulnerabilitiesAdobe Acrobat and Reader APSB16-33 Use-After-Free Multiple Remote Code Execution VulnerabilitiesAdobe Acrobat and Reader APSB16-33 Use-After-Free Multiple Remote Code Execution Vulnerabilities
sectracker103698610369861036986
sectracker_date1476144000 (10/11/2016)1476144000 (10/11/2016)1476144000 (10/11/2016)
sectracker_titleAdobe Acrobat/Reader Multiple Flaws Let Remote Users Bypass Security Restrictions and Execute Arbitrary CodeAdobe Acrobat/Reader Multiple Flaws Let Remote Users Bypass Security Restrictions and Execute Arbitrary CodeAdobe Acrobat/Reader Multiple Flaws Let Remote Users Bypass Security Restrictions and Execute Arbitrary Code
sectracker_causeAccess control errorAccess control errorAccess control error
nessus_id940749407494074
nessus_nameAdobe Reader < 11.0.18 / 15.006.30243 / 15.020.20039 Multiple Vulnerabilities (APSB16-33) (macOS)Adobe Reader < 11.0.18 / 15.006.30243 / 15.020.20039 Multiple Vulnerabilities (APSB16-33) (macOS)Adobe Reader < 11.0.18 / 15.006.30243 / 15.020.20039 Multiple Vulnerabilities (APSB16-33) (macOS)
nessus_filenamemacosx_adobe_reader_apsb16-33.naslmacosx_adobe_reader_apsb16-33.naslmacosx_adobe_reader_apsb16-33.nasl
nessus_familyMacOS X Local Security ChecksMacOS X Local Security ChecksMacOS X Local Security Checks
openvas_id861284861284861284
openvas_filenamegb_adobe_acrobat_apsb16-33_macosx.naslgb_adobe_acrobat_apsb16-33_macosx.naslgb_adobe_acrobat_apsb16-33_macosx.nasl
openvas_titleAdobe Acrobat Security Updates(apsb16-33)-MAC OS XAdobe Acrobat Security Updates(apsb16-33)-MAC OS XAdobe Acrobat Security Updates(apsb16-33)-MAC OS X
openvas_familyGeneralGeneralGeneral
seealso92615 92616 92617 92618 92619 92620 92621 92622 92623 92624 92625 92626 92627 92628 92629 92630 92631 92633 92634 92635 92636 92637 92638 92639 92640 92641 92642 92643 92644 9264592615 92616 92617 92618 92619 92620 92621 92622 92623 92624 92625 92626 92627 92628 92629 92630 92631 92633 92634 92635 92636 92637 92638 92639 92640 92641 92642 92643 92644 9264592615 92616 92617 92618 92619 92620 92621 92622 92623 92624 92625 92626 92627 92628 92629 92630 92631 92633 92634 92635 92636 92637 92638 92639 92640 92641 92642 92643 92644 92645
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
cvss3_nvd_basescore9.89.89.8
typeDocument Reader SoftwareDocument Reader SoftwareDocument Reader Software
vendorAdobeAdobeAdobe
nameAcrobat ReaderAcrobat ReaderAcrobat Reader
version<=11.0.17/15.006.30201/15.017.20053<=11.0.17/15.006.30201/15.017.20053<=11.0.17/15.006.30201/15.017.20053
cwe416 (use after free)416 (use after free)416 (use after free)
risk222
historic000
cvss2_vuldb_basescore6.86.86.8
cvss2_vuldb_tempscore5.95.95.9
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciCCC
cvss2_nvd_iiCCC
cvss2_nvd_aiCCC
cvss3_meta_basescore8.08.08.0
cvss3_meta_tempscore7.77.97.9
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore6.06.06.0
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
person_nameAbdulAziz HaririAbdulAziz HaririAbdulAziz Hariri
company_nameZero Day InitiativeZero Day InitiativeZero Day Initiative
confirm_urlhttps://helpx.adobe.com/security/products/acrobat/apsb16-33.htmlhttps://helpx.adobe.com/security/products/acrobat/apsb16-33.htmlhttps://helpx.adobe.com/security/products/acrobat/apsb16-33.html
cve_assigned1471910400 (08/23/2016)1471910400 (08/23/2016)1471910400 (08/23/2016)
securityfocus934919349193491
securityfocus_date1476144000 (10/11/2016)1476144000 (10/11/2016)1476144000 (10/11/2016)
securityfocus_classUnknownUnknownUnknown
cvss3_nvd_avNNN
cve_nvd_summaryUse-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6988, and CVE-2016-6993.Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6988, and CVE-2016-6993.
cvss2_nvd_basescore10.010.0
nessus_riskCritical

Do you know our Splunk app?

Download it now for free!