The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Acrobat

vulnerability bulletin CVE-2017-11240 CVE-2017-11250 CVE-2017-11253

Adobe Acrobat/Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Impacted products: Acrobat, Acrobat DC Classic, Acrobat DC Continuous.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 68.
Creation date: 15/11/2017.
Revisions dates: 26/02/2018, 28/02/2018.
Identifiers: APSB17-36, CERTFR-2017-AVI-414, CVE-2017-11240, CVE-2017-11250, CVE-2017-11253, CVE-2017-11293, CVE-2017-11306, CVE-2017-11307, CVE-2017-11308, CVE-2017-16360, CVE-2017-16361, CVE-2017-16362, CVE-2017-16363, CVE-2017-16364, CVE-2017-16365, CVE-2017-16366, CVE-2017-16367, CVE-2017-16368, CVE-2017-16369, CVE-2017-16370, CVE-2017-16371, CVE-2017-16372, CVE-2017-16373, CVE-2017-16374, CVE-2017-16375, CVE-2017-16376, CVE-2017-16377, CVE-2017-16378, CVE-2017-16379, CVE-2017-16380, CVE-2017-16381, CVE-2017-16382, CVE-2017-16383, CVE-2017-16384, CVE-2017-16385, CVE-2017-16386, CVE-2017-16387, CVE-2017-16388, CVE-2017-16389, CVE-2017-16390, CVE-2017-16391, CVE-2017-16392, CVE-2017-16393, CVE-2017-16394, CVE-2017-16395, CVE-2017-16396, CVE-2017-16397, CVE-2017-16398, CVE-2017-16399, CVE-2017-16400, CVE-2017-16401, CVE-2017-16402, CVE-2017-16403, CVE-2017-16404, CVE-2017-16405, CVE-2017-16406, CVE-2017-16407, CVE-2017-16408, CVE-2017-16409, CVE-2017-16410, CVE-2017-16411, CVE-2017-16412, CVE-2017-16413, CVE-2017-16414, CVE-2017-16415, CVE-2017-16416, CVE-2017-16417, CVE-2017-16418, CVE-2017-16419, CVE-2017-16420, VIGILANCE-VUL-24433, ZDI-17-1011, ZDI-17-1012, ZDI-17-899, ZDI-17-900, ZDI-17-901, ZDI-17-902, ZDI-17-903, ZDI-17-904, ZDI-17-905, ZDI-17-906, ZDI-17-907, ZDI-17-908, ZDI-17-909, ZDI-17-910, ZDI-17-927, ZDI-17-941, ZDI-18-157, ZDI-18-177, ZDI-18-197, ZDI-18-198, ZDI-18-200, ZDI-18-201, ZDI-18-202, ZDI-18-203, ZDI-18-204, ZDI-18-205, ZDI-18-217.

Description of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-11209 CVE-2017-11210 CVE-2017-11211

Adobe Acrobat/Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Impacted products: Acrobat, Acrobat DC Classic, Acrobat DC Continuous.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, data flow, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 67.
Creation date: 09/08/2017.
Identifiers: APSB17-24, CERTFR-2017-AVI-254, CVE-2017-11209, CVE-2017-11210, CVE-2017-11211, CVE-2017-11212, CVE-2017-11214, CVE-2017-11216, CVE-2017-11217, CVE-2017-11218, CVE-2017-11219, CVE-2017-11220, CVE-2017-11221, CVE-2017-11222, CVE-2017-11223, CVE-2017-11224, CVE-2017-11226, CVE-2017-11227, CVE-2017-11228, CVE-2017-11229, CVE-2017-11230, CVE-2017-11231, CVE-2017-11232, CVE-2017-11233, CVE-2017-11234, CVE-2017-11235, CVE-2017-11236, CVE-2017-11237, CVE-2017-11238, CVE-2017-11239, CVE-2017-11241, CVE-2017-11242, CVE-2017-11243, CVE-2017-11244, CVE-2017-11245, CVE-2017-11246, CVE-2017-11248, CVE-2017-11249, CVE-2017-11251, CVE-2017-11252, CVE-2017-11254, CVE-2017-11255, CVE-2017-11256, CVE-2017-11257, CVE-2017-11258, CVE-2017-11259, CVE-2017-11260, CVE-2017-11261, CVE-2017-11262, CVE-2017-11263, CVE-2017-11265, CVE-2017-11267, CVE-2017-11268, CVE-2017-11269, CVE-2017-11270, CVE-2017-11271, CVE-2017-3016, CVE-2017-3038, CVE-2017-3113, CVE-2017-3115, CVE-2017-3116, CVE-2017-3117, CVE-2017-3118, CVE-2017-3119, CVE-2017-3120, CVE-2017-3121, CVE-2017-3122, CVE-2017-3123, CVE-2017-3124, TALOS-2017-0361, VIGILANCE-VUL-23476, ZDI-17-569, ZDI-17-570, ZDI-17-571, ZDI-17-572, ZDI-17-573, ZDI-17-574, ZDI-17-575, ZDI-17-576, ZDI-17-577, ZDI-17-578, ZDI-17-579, ZDI-17-580, ZDI-17-581, ZDI-17-582, ZDI-17-583, ZDI-17-584, ZDI-17-585, ZDI-17-586, ZDI-17-587, ZDI-17-588, ZDI-17-589, ZDI-17-590, ZDI-17-591, ZDI-17-592, ZDI-17-593, ZDI-17-594, ZDI-17-595, ZDI-17-596, ZDI-17-597, ZDI-17-598, ZDI-17-599, ZDI-17-600, ZDI-17-601, ZDI-17-602, ZDI-17-603, ZDI-17-604, ZDI-17-605, ZDI-17-606, ZDI-17-607, ZDI-17-608, ZDI-17-609, ZDI-17-610, ZDI-17-611, ZDI-17-612, ZDI-17-613, ZDI-17-614, ZDI-17-615, ZDI-17-616, ZDI-17-617, ZDI-17-618, ZDI-17-619, ZDI-17-620, ZDI-17-621, ZDI-17-622, ZDI-17-623, ZDI-17-624, ZDI-17-625, ZDI-17-626, ZDI-17-627, ZDI-17-628, ZDI-17-629, ZDI-17-630, ZDI-17-631, ZDI-17-632, ZDI-17-633.

Description of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-3011 CVE-2017-3012 CVE-2017-3013

Adobe Acrobat/Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Impacted products: Acrobat, Acrobat DC Classic, Acrobat DC Continuous.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 47.
Creation date: 12/04/2017.
Revisions dates: 12/04/2017, 15/05/2017.
Identifiers: APSB17-11, CVE-2017-3011, CVE-2017-3012, CVE-2017-3013, CVE-2017-3014, CVE-2017-3015, CVE-2017-3017, CVE-2017-3018, CVE-2017-3019, CVE-2017-3020, CVE-2017-3021, CVE-2017-3022, CVE-2017-3023, CVE-2017-3024, CVE-2017-3025, CVE-2017-3026, CVE-2017-3027, CVE-2017-3028, CVE-2017-3029, CVE-2017-3030, CVE-2017-3031, CVE-2017-3032, CVE-2017-3033, CVE-2017-3034, CVE-2017-3035, CVE-2017-3036, CVE-2017-3037, CVE-2017-3038, CVE-2017-3039, CVE-2017-3040, CVE-2017-3041, CVE-2017-3042, CVE-2017-3043, CVE-2017-3044, CVE-2017-3045, CVE-2017-3046, CVE-2017-3047, CVE-2017-3048, CVE-2017-3049, CVE-2017-3050, CVE-2017-3051, CVE-2017-3052, CVE-2017-3053, CVE-2017-3054, CVE-2017-3055, CVE-2017-3056, CVE-2017-3057, CVE-2017-3065, VIGILANCE-VUL-22421, ZDI-17-249, ZDI-17-250, ZDI-17-251, ZDI-17-252, ZDI-17-253, ZDI-17-254, ZDI-17-255, ZDI-17-256, ZDI-17-257, ZDI-17-258, ZDI-17-259, ZDI-17-260, ZDI-17-261, ZDI-17-262, ZDI-17-263, ZDI-17-264, ZDI-17-265, ZDI-17-266, ZDI-17-267, ZDI-17-268, ZDI-17-269, ZDI-17-270, ZDI-17-271, ZDI-17-272, ZDI-17-273, ZDI-17-274, ZDI-17-275, ZDI-17-276, ZDI-17-277, ZDI-17-280, ZDI-17-281, ZDI-17-282, ZDI-17-335.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Acrobat/Reader.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-2939 CVE-2017-2940 CVE-2017-2941

Adobe Acrobat/Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Impacted products: Acrobat, Acrobat DC Classic, Acrobat DC Continuous.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 34.
Creation date: 10/01/2017.
Identifiers: APSB17-01, CERTFR-2017-AVI-005, CVE-2017-2939, CVE-2017-2940, CVE-2017-2941, CVE-2017-2942, CVE-2017-2943, CVE-2017-2944, CVE-2017-2945, CVE-2017-2946, CVE-2017-2947, CVE-2017-2948, CVE-2017-2949, CVE-2017-2950, CVE-2017-2951, CVE-2017-2952, CVE-2017-2953, CVE-2017-2954, CVE-2017-2955, CVE-2017-2956, CVE-2017-2957, CVE-2017-2958, CVE-2017-2959, CVE-2017-2960, CVE-2017-2961, CVE-2017-2962, CVE-2017-2963, CVE-2017-2964, CVE-2017-2965, CVE-2017-2966, CVE-2017-2967, CVE-2017-2970, CVE-2017-2971, CVE-2017-2972, CVE-2017-3009, CVE-2017-3010, TALOS-2016-0259, VIGILANCE-VUL-21539, ZDI-17-002, ZDI-17-003, ZDI-17-004, ZDI-17-005, ZDI-17-006, ZDI-17-007, ZDI-17-008, ZDI-17-009, ZDI-17-010, ZDI-17-011, ZDI-17-012, ZDI-17-013, ZDI-17-014, ZDI-17-015, ZDI-17-016, ZDI-17-017, ZDI-17-018, ZDI-17-019, ZDI-17-020, ZDI-17-021, ZDI-17-022, ZDI-17-023, ZDI-17-024, ZDI-17-025, ZDI-17-026, ZDI-17-027, ZDI-17-028, ZDI-17-029, ZDI-17-030, ZDI-17-031, ZDI-17-045, ZDI-17-111, ZDI-17-242.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Acrobat/Reader.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2962, ZDI-17-026]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2950, ZDI-17-021]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2951, ZDI-17-022]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2955]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2956]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2957]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2958]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2961, ZDI-17-025]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2942]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2945]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2946, ZDI-17-003, ZDI-17-004]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2949, ZDI-17-005, ZDI-17-006, ZDI-17-007, ZDI-17-008, ZDI-17-009, ZDI-17-011, ZDI-17-012, ZDI-17-013, ZDI-17-015, ZDI-17-016, ZDI-17-017, ZDI-17-018, ZDI-17-019, ZDI-17-020, ZDI-17-028, ZDI-17-029]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2959, ZDI-17-023]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2966, ZDI-17-030]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2948]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2952]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2939, ZDI-17-111]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2940]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2941, ZDI-17-002]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2943]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2944]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2953]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2954]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2960, ZDI-17-024]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2963, ZDI-17-027]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2964, ZDI-17-014]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2965, ZDI-17-010]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2967, ZDI-17-031]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2017-2947]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2970, ZDI-17-045]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2971, TALOS-2016-0259]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2972]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2017-3009, ZDI-17-242]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-3010]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-1089 CVE-2016-1091 CVE-2016-4095

Adobe Acrobat/Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Impacted products: Acrobat, Acrobat DC Classic, Acrobat DC Continuous.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 75.
Creation date: 12/10/2016.
Identifiers: APSB16-33, CVE-2016-1089, CVE-2016-1091, CVE-2016-4095, CVE-2016-6939, CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6947, CVE-2016-6948, CVE-2016-6949, CVE-2016-6950, CVE-2016-6951, CVE-2016-6952, CVE-2016-6953, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6957, CVE-2016-6958, CVE-2016-6959, CVE-2016-6960, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6966, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6970, CVE-2016-6971, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6979, CVE-2016-6988, CVE-2016-6993, CVE-2016-6994, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-6999, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019, CVE-2016-7852, CVE-2016-7853, CVE-2016-7854, VIGILANCE-VUL-20826, ZDI-16-536, ZDI-16-537, ZDI-16-538, ZDI-16-539, ZDI-16-540, ZDI-16-541, ZDI-16-542, ZDI-16-543, ZDI-16-544, ZDI-16-545, ZDI-16-546, ZDI-16-547, ZDI-16-548, ZDI-16-549, ZDI-16-550, ZDI-16-551, ZDI-16-552, ZDI-16-553, ZDI-16-554, ZDI-16-555, ZDI-16-556, ZDI-16-557, ZDI-16-558, ZDI-16-559, ZDI-16-560, ZDI-16-561, ZDI-16-562, ZDI-16-563, ZDI-16-564, ZDI-16-565, ZDI-16-566, ZDI-16-567, ZDI-16-573.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Acrobat/Reader.

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1089]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1091]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6944, ZDI-16-536]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6945, ZDI-16-537]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6946, ZDI-16-554]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6949]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6952, ZDI-16-559]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6953, ZDI-16-560]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6961, ZDI-16-545]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6962, ZDI-16-546]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6963, ZDI-16-547]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6964, ZDI-16-548]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6965, ZDI-16-549]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6967, ZDI-16-551]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6968, ZDI-16-552]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6969, ZDI-16-563]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6971, ZDI-16-561]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6979, ZDI-16-544]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6988, ZDI-16-556]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6993]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6939]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6994]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6940, ZDI-16-564]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6941, ZDI-16-565]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6942, ZDI-16-553]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6943]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6947, ZDI-16-555]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6948]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6950, ZDI-16-557]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6951, ZDI-16-558]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6954]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6955]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6956]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6959, ZDI-16-539]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6960, ZDI-16-540]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6966, ZDI-16-550]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6970]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6972, ZDI-16-566]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6973, ZDI-16-562]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6974, ZDI-16-541]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6975, ZDI-16-567]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6976, ZDI-16-542]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6977, ZDI-16-543]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6978, ZDI-16-538]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6995]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6996]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6997]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6998]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7000]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7001]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7002]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7003]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7004]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7005]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7006]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7007]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7008]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7009]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7010]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7011]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7012]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7013]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7014]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7015]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7016]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7017]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7018]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7019]

An attacker can bypass security features via Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2016-6957]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-6958]

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6999]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7852]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7853]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7854, ZDI-16-573]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4095]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-4191 CVE-2016-4192 CVE-2016-4193

Adobe Acrobat/Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Impacted products: Acrobat, Acrobat DC Classic, Acrobat DC Continuous.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 38.
Creation date: 12/07/2016.
Revision date: 19/09/2016.
Identifiers: APSB16-26, CERTFR-2016-AVI-233, COSIG-2016-24, COSIG-2016-25, COSIG-2016-26, COSIG-2016-27, COSIG-2016-28, COSIG-2016-29, COSIG-2016-30, CVE-2016-4189-ERROR, CVE-2016-4190-ERROR, CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4209, CVE-2016-4210, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4215, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4255, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, CVE-2016-4269, CVE-2016-4270, CVE-2016-6937, CVE-2016-6938, VIGILANCE-VUL-20078, ZDI-16-414, ZDI-16-415, ZDI-16-416, ZDI-16-417, ZDI-16-418, ZDI-16-419, ZDI-16-420, ZDI-16-421, ZDI-16-422, ZDI-16-423, ZDI-16-488, ZDI-16-489, ZDI-16-490, ZDI-16-491, ZDI-16-492, ZDI-16-493, ZDI-16-574, ZDI-16-591.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Acrobat/Reader.

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4210]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4190-ERROR, CVE-2016-4255, ZDI-16-420]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4209]

An attacker can bypass security features via Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2016-4215]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4189-ERROR, CVE-2016-4254]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4191, ZDI-16-423]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4192]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4193]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4194]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4195, ZDI-16-418]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4196, ZDI-16-416]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4197, ZDI-16-415]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4198, ZDI-16-422]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4199, ZDI-16-417]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4200, ZDI-16-419]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; COSIG-2016-24, CVE-2016-4201]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4202, ZDI-16-414]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; COSIG-2016-28, CVE-2016-4203]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; COSIG-2016-29, CVE-2016-4204]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; COSIG-2016-30, CVE-2016-4205]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; COSIG-2016-25, CVE-2016-4206]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; COSIG-2016-26, CVE-2016-4207]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; COSIG-2016-27, CVE-2016-4208]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4211]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4212]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4213]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4214]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4250]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4251, ZDI-16-421]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4252]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4265, ZDI-16-488]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4266, ZDI-16-489]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4267, ZDI-16-490]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4268, ZDI-16-491]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4269, ZDI-16-492]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4270, ZDI-16-493]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6937, ZDI-16-574]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6938, ZDI-16-591]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2014-8452 CVE-2014-9160 CVE-2014-9161

Adobe Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Reader.
Impacted products: Acrobat.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 34.
Creation date: 12/05/2015.
Revision date: 07/06/2016.
Identifiers: 258, APSB15-10, CERTFR-2015-AVI-227, CVE-2014-8452, CVE-2014-9160, CVE-2014-9161, CVE-2015-3046, CVE-2015-3047, CVE-2015-3048, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, CVE-2015-3056, CVE-2015-3057, CVE-2015-3058, CVE-2015-3059, CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3070, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, CVE-2015-3074, CVE-2015-3075, CVE-2015-3076, VIGILANCE-VUL-16882, ZDI-15-195, ZDI-15-196, ZDI-15-197, ZDI-15-198, ZDI-15-199, ZDI-15-200, ZDI-15-201, ZDI-15-202, ZDI-15-203, ZDI-15-204, ZDI-15-205, ZDI-15-206, ZDI-15-207, ZDI-15-208, ZDI-15-209, ZDI-15-210, ZDI-15-211, ZDI-15-212, ZDI-15-213, ZDI-15-214, ZDI-15-215.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Reader.

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3053, ZDI-15-215]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3054, ZDI-15-214]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3055, ZDI-15-213]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3059, ZDI-15-212]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3075]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9160]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3048]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9161, ZDI-15-199]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3046]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3049]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3050]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3051]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3052]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3056, ZDI-15-209]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3057, ZDI-15-210]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3070]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3076]

An attacker can read a memory fragment, in order to obtain sensitive information. [severity:1/4; CVE-2015-3058, ZDI-15-211]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3060, ZDI-15-208]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3061, ZDI-15-206]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3062, ZDI-15-207]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3063, ZDI-15-203]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3064, ZDI-15-204]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3065]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3066, ZDI-15-200]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3067, ZDI-15-201]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3068, ZDI-15-202]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3069, ZDI-15-205]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3071, ZDI-15-195]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3072, ZDI-15-196]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3073, ZDI-15-197]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3074, ZDI-15-198]

An attacker can force a NULL pointer to be dereferenced, in order to trigger a denial of service. [severity:2/4; CVE-2015-3047]

An attacker can transmit malicious XML data, in order to read a file, scan sites, or trigger a denial of service. [severity:2/4; CVE-2014-8452]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-1037 CVE-2016-1038 CVE-2016-1039

Adobe Acrobat/Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Impacted products: Acrobat, Acrobat DC Classic, Acrobat DC Continuous.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 93.
Creation date: 10/05/2016.
Identifiers: APSB16-14, CVE-2016-1037, CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1043, CVE-2016-1044, CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1062, CVE-2016-1063, CVE-2016-1064, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1075, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1079, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1087, CVE-2016-1088, CVE-2016-1090, CVE-2016-1092, CVE-2016-1093, CVE-2016-1094, CVE-2016-1095, CVE-2016-1112, CVE-2016-1116, CVE-2016-1117, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1121, CVE-2016-1122, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4091, CVE-2016-4092, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4102, CVE-2016-4103, CVE-2016-4104, CVE-2016-4105, CVE-2016-4106, CVE-2016-4107, CVE-2016-4119, Version PDF, VIGILANCE-VUL-19573, ZDI-16-285, ZDI-16-286, ZDI-16-287, ZDI-16-288, ZDI-16-289, ZDI-16-290, ZDI-16-291, ZDI-16-292, ZDI-16-293, ZDI-16-294, ZDI-16-295, ZDI-16-296, ZDI-16-297, ZDI-16-298, ZDI-16-299, ZDI-16-300, ZDI-16-301, ZDI-16-302, ZDI-16-303, ZDI-16-304, ZDI-16-305, ZDI-16-306, ZDI-16-307, ZDI-16-308, ZDI-16-309, ZDI-16-310, ZDI-16-311, ZDI-16-312, ZDI-16-313, ZDI-16-315, ZDI-16-316, ZDI-16-317, ZDI-16-318, ZDI-16-319, ZDI-16-320, ZDI-16-321, ZDI-16-322, ZDI-16-323, ZDI-16-324, ZDI-16-325, ZDI-16-326, ZDI-16-327, ZDI-16-328, ZDI-16-329, ZDI-16-359.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Acrobat/Reader.

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1045, ZDI-16-293]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1046, ZDI-16-294]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1047, ZDI-16-295]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1048, ZDI-16-296]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1049, ZDI-16-297]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1050, ZDI-16-298]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1051, ZDI-16-299]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1052, ZDI-16-300]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1053, ZDI-16-301]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1054, ZDI-16-302]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1055, ZDI-16-303]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1056, ZDI-16-304]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1057, ZDI-16-305]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1058, ZDI-16-306]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1059, ZDI-16-307]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1060, ZDI-16-308]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1061, ZDI-16-309]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1065, ZDI-16-312]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1066, ZDI-16-313]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1067, ZDI-16-315]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1068, ZDI-16-316]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1069, ZDI-16-317]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1070, ZDI-16-318]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1075, ZDI-16-323]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1094, ZDI-16-328, ZDI-16-359]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1121]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1122]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4102]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4107]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4091]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4092]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1037]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1063, ZDI-16-311]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1064]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1071, ZDI-16-319]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1072, ZDI-16-320]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1073, ZDI-16-321]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1074, ZDI-16-322]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1076, ZDI-16-324]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1077]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1078, ZDI-16-325]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1080, ZDI-16-327]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1081]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1082]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1083]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1084]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1085]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1086]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1088]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1093]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1095, ZDI-16-329]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1116]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1118]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1119]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1120]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1123]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1124]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1125]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1126]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1127]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1128]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1129]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1130]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4088]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4089]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4090]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4093]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4094]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4096]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4097]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4098]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4099]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4100]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4101]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4103]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4104]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4105]

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1043, ZDI-16-286]

An attacker can create a memory leak, in order to trigger a denial of service. [severity:2/4; CVE-2016-1079, ZDI-16-326]

An attacker can create a memory leak, in order to trigger a denial of service. [severity:2/4; CVE-2016-1092]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-1112]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2016-1038, ZDI-16-292]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2016-1039, ZDI-16-290]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2016-1040, ZDI-16-289]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2016-1041, ZDI-16-288]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2016-1042, ZDI-16-287]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2016-1044, ZDI-16-291]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2016-1062, ZDI-16-310]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2016-1117, ZDI-16-285]

An attacker can use a vulnerability in Directory Search Path, in order to run code. [severity:3/4; CVE-2016-1087]

An attacker can use a vulnerability in Directory Search Path, in order to run code. [severity:3/4; CVE-2016-1090]

An attacker can use a vulnerability in Directory Search Path, in order to run code. [severity:3/4; CVE-2016-4106]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4119]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-1007 CVE-2016-1008 CVE-2016-1009

Adobe Reader/Acrobat: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Reader/Acrobat.
Impacted products: Acrobat, Acrobat DC Classic, Acrobat DC Continuous.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 08/03/2016.
Identifiers: APSB16-09, CERTFR-2016-AVI-085, CVE-2016-1007, CVE-2016-1008, CVE-2016-1009, VIGILANCE-VUL-19120, ZDI-16-189, ZDI-16-190, ZDI-16-191.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Reader/Acrobat.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1007, ZDI-16-189]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1009, ZDI-16-191]

An attacker can use a vulnerability, in order to run code. [severity:3/4; CVE-2016-1008, ZDI-16-190]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-0931 CVE-2016-0932 CVE-2016-0933

Adobe Acrobat/Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Impacted products: Acrobat, Acrobat DC Classic, Acrobat DC Continuous.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 18.
Creation date: 12/01/2016.
Identifiers: APSB16-02, CERTFR-2016-AVI-019, CVE-2016-0931, CVE-2016-0932, CVE-2016-0933, CVE-2016-0934, CVE-2016-0935, CVE-2016-0936, CVE-2016-0937, CVE-2016-0938, CVE-2016-0939, CVE-2016-0940, CVE-2016-0941, CVE-2016-0942, CVE-2016-0943, CVE-2016-0944, CVE-2016-0945, CVE-2016-0946, CVE-2016-0947, CVE-2016-1111, VIGILANCE-VUL-18696, ZDI-16-008, ZDI-16-009, ZDI-16-010, ZDI-16-011, ZDI-16-012, ZDI-16-013, ZDI-16-014, ZDI-16-015, ZDI-16-016, ZDI-16-017, ZDI-16-273.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Acrobat/Reader.

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0932, ZDI-16-008]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0934, ZDI-16-016]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0937, ZDI-16-011]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0940]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0941, ZDI-16-010]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0935, ZDI-16-017]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0931, ZDI-16-009]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0933]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0936, ZDI-16-014]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0938, ZDI-16-013]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0939, ZDI-16-015]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0942]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0944]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0945]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0946]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2016-0943, ZDI-16-012]

An attacker can use a vulnerability in Adobe Download Manager, in order to run code. [severity:3/4; CVE-2016-0947]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1111, ZDI-16-273]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Acrobat: