The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Acrobat DC Continuous

computer vulnerability announce CVE-2018-15979

Adobe Acrobat/Reader: privilege escalation via NTLM SSO Hash Theft

Synthesis of the vulnerability

An attacker can bypass restrictions via NTLM SSO Hash Theft of Adobe Acrobat/Reader, in order to escalate his privileges.
Impacted products: Acrobat DC Classic, Acrobat DC Continuous.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: internet server.
Creation date: 14/11/2018.
Identifiers: APSB18-40, CERTFR-2018-AVI-545, CVE-2018-15979, VIGILANCE-VUL-27767.

Description of the vulnerability

An attacker can bypass restrictions via NTLM SSO Hash Theft of Adobe Acrobat/Reader, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-12799 CVE-2018-12808

Adobe Acrobat/Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Impacted products: Acrobat DC Classic, Acrobat DC Continuous.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 16/08/2018.
Identifiers: APSB18-29, CERTFR-2018-AVI-389, CVE-2018-12799, CVE-2018-12808, VIGILANCE-VUL-26983, ZDI-18-958.

Description of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-12754 CVE-2018-12755 CVE-2018-12756

Adobe Acrobat/Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Impacted products: Acrobat DC Classic, Acrobat DC Continuous.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 105.
Creation date: 11/07/2018.
Identifiers: APSB18-21, CERTFR-2018-AVI-331, CVE-2018-12754, CVE-2018-12755, CVE-2018-12756, CVE-2018-12757, CVE-2018-12758, CVE-2018-12760, CVE-2018-12761, CVE-2018-12762, CVE-2018-12763, CVE-2018-12764, CVE-2018-12765, CVE-2018-12766, CVE-2018-12767, CVE-2018-12768, CVE-2018-12770, CVE-2018-12771, CVE-2018-12772, CVE-2018-12773, CVE-2018-12774, CVE-2018-12776, CVE-2018-12777, CVE-2018-12779, CVE-2018-12780, CVE-2018-12781, CVE-2018-12782, CVE-2018-12783, CVE-2018-12784, CVE-2018-12785, CVE-2018-12786, CVE-2018-12787, CVE-2018-12788, CVE-2018-12789, CVE-2018-12790, CVE-2018-12791, CVE-2018-12792, CVE-2018-12793, CVE-2018-12794, CVE-2018-12795, CVE-2018-12796, CVE-2018-12797, CVE-2018-12798, CVE-2018-12802, CVE-2018-12803, CVE-2018-12815, CVE-2018-5009, CVE-2018-5010, CVE-2018-5011, CVE-2018-5012, CVE-2018-5014, CVE-2018-5015, CVE-2018-5016, CVE-2018-5017, CVE-2018-5018, CVE-2018-5019, CVE-2018-5020, CVE-2018-5021, CVE-2018-5022, CVE-2018-5023, CVE-2018-5024, CVE-2018-5025, CVE-2018-5026, CVE-2018-5027, CVE-2018-5028, CVE-2018-5029, CVE-2018-5030, CVE-2018-5031, CVE-2018-5032, CVE-2018-5033, CVE-2018-5034, CVE-2018-5035, CVE-2018-5036, CVE-2018-5037, CVE-2018-5038, CVE-2018-5039, CVE-2018-5040, CVE-2018-5041, CVE-2018-5042, CVE-2018-5043, CVE-2018-5044, CVE-2018-5045, CVE-2018-5046, CVE-2018-5047, CVE-2018-5048, CVE-2018-5049, CVE-2018-5050, CVE-2018-5051, CVE-2018-5052, CVE-2018-5053, CVE-2018-5054, CVE-2018-5055, CVE-2018-5056, CVE-2018-5057, CVE-2018-5058, CVE-2018-5059, CVE-2018-5060, CVE-2018-5061, CVE-2018-5062, CVE-2018-5063, CVE-2018-5064, CVE-2018-5065, CVE-2018-5066, CVE-2018-5067, CVE-2018-5068, CVE-2018-5069, CVE-2018-5070, TALOS-2018-0569, TALOS-2018-0590, TALOS-2018-0592, VIGILANCE-VUL-26675, ZDI-18-1008, ZDI-18-1061, ZDI-18-617, ZDI-18-618, ZDI-18-619, ZDI-18-620, ZDI-18-621, ZDI-18-622, ZDI-18-623, ZDI-18-624, ZDI-18-625, ZDI-18-626, ZDI-18-627, ZDI-18-628, ZDI-18-629, ZDI-18-630, ZDI-18-633, ZDI-18-634, ZDI-18-635, ZDI-18-636, ZDI-18-637, ZDI-18-638, ZDI-18-639, ZDI-18-640, ZDI-18-641, ZDI-18-642, ZDI-18-643, ZDI-18-644, ZDI-18-645, ZDI-18-646, ZDI-18-647, ZDI-18-648, ZDI-18-649, ZDI-18-650, ZDI-18-651, ZDI-18-652, ZDI-18-653, ZDI-18-654, ZDI-18-655, ZDI-18-656, ZDI-18-657, ZDI-18-658, ZDI-18-659, ZDI-18-660, ZDI-18-661, ZDI-18-662, ZDI-18-663, ZDI-18-664, ZDI-18-665, ZDI-18-666, ZDI-18-667, ZDI-18-668, ZDI-18-669, ZDI-18-670, ZDI-18-671, ZDI-18-672, ZDI-18-673, ZDI-18-674, ZDI-18-675, ZDI-18-676, ZDI-18-677, ZDI-18-678, ZDI-18-679, ZDI-18-680, ZDI-18-681, ZDI-18-682, ZDI-18-683, ZDI-18-693, ZDI-18-959.

Description of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-12812 CVE-2018-4946 CVE-2018-4947

Adobe Acrobat/Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Impacted products: Acrobat DC Classic, Acrobat DC Continuous.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 50.
Creation date: 15/05/2018.
Identifiers: APSB18-09, CERTFR-2018-AVI-233, CVE-2018-12812, CVE-2018-4946, CVE-2018-4947, CVE-2018-4948, CVE-2018-4949, CVE-2018-4950, CVE-2018-4951, CVE-2018-4952, CVE-2018-4953, CVE-2018-4954, CVE-2018-4955, CVE-2018-4956, CVE-2018-4957, CVE-2018-4958, CVE-2018-4959, CVE-2018-4960, CVE-2018-4961, CVE-2018-4962, CVE-2018-4963, CVE-2018-4964, CVE-2018-4965, CVE-2018-4966, CVE-2018-4967, CVE-2018-4968, CVE-2018-4969, CVE-2018-4970, CVE-2018-4971, CVE-2018-4972, CVE-2018-4973, CVE-2018-4974, CVE-2018-4975, CVE-2018-4976, CVE-2018-4977, CVE-2018-4978, CVE-2018-4979, CVE-2018-4980, CVE-2018-4981, CVE-2018-4982, CVE-2018-4983, CVE-2018-4984, CVE-2018-4985, CVE-2018-4986, CVE-2018-4987, CVE-2018-4988, CVE-2018-4989, CVE-2018-4990, CVE-2018-4993, CVE-2018-4994, CVE-2018-4995, CVE-2018-4996, TALOS-2018-0517, TALOS-2018-0518, VIGILANCE-VUL-26126, ZDI-18-1092, ZDI-18-574, ZDI-18-575, ZDI-18-576, ZDI-18-594, ZDI-18-595, ZDI-18-597, ZDI-18-598, ZDI-18-599.

Description of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-11240 CVE-2017-11250 CVE-2017-11253

Adobe Acrobat/Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Impacted products: Acrobat, Acrobat DC Classic, Acrobat DC Continuous.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 68.
Creation date: 15/11/2017.
Revisions dates: 26/02/2018, 28/02/2018.
Identifiers: APSB17-36, CERTFR-2017-AVI-414, CVE-2017-11240, CVE-2017-11250, CVE-2017-11253, CVE-2017-11293, CVE-2017-11306, CVE-2017-11307, CVE-2017-11308, CVE-2017-16360, CVE-2017-16361, CVE-2017-16362, CVE-2017-16363, CVE-2017-16364, CVE-2017-16365, CVE-2017-16366, CVE-2017-16367, CVE-2017-16368, CVE-2017-16369, CVE-2017-16370, CVE-2017-16371, CVE-2017-16372, CVE-2017-16373, CVE-2017-16374, CVE-2017-16375, CVE-2017-16376, CVE-2017-16377, CVE-2017-16378, CVE-2017-16379, CVE-2017-16380, CVE-2017-16381, CVE-2017-16382, CVE-2017-16383, CVE-2017-16384, CVE-2017-16385, CVE-2017-16386, CVE-2017-16387, CVE-2017-16388, CVE-2017-16389, CVE-2017-16390, CVE-2017-16391, CVE-2017-16392, CVE-2017-16393, CVE-2017-16394, CVE-2017-16395, CVE-2017-16396, CVE-2017-16397, CVE-2017-16398, CVE-2017-16399, CVE-2017-16400, CVE-2017-16401, CVE-2017-16402, CVE-2017-16403, CVE-2017-16404, CVE-2017-16405, CVE-2017-16406, CVE-2017-16407, CVE-2017-16408, CVE-2017-16409, CVE-2017-16410, CVE-2017-16411, CVE-2017-16412, CVE-2017-16413, CVE-2017-16414, CVE-2017-16415, CVE-2017-16416, CVE-2017-16417, CVE-2017-16418, CVE-2017-16419, CVE-2017-16420, VIGILANCE-VUL-24433, ZDI-17-1011, ZDI-17-1012, ZDI-17-899, ZDI-17-900, ZDI-17-901, ZDI-17-902, ZDI-17-903, ZDI-17-904, ZDI-17-905, ZDI-17-906, ZDI-17-907, ZDI-17-908, ZDI-17-909, ZDI-17-910, ZDI-17-927, ZDI-17-941, ZDI-18-157, ZDI-18-177, ZDI-18-197, ZDI-18-198, ZDI-18-200, ZDI-18-201, ZDI-18-202, ZDI-18-203, ZDI-18-204, ZDI-18-205, ZDI-18-217.

Description of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-4872 CVE-2018-4879 CVE-2018-4880

Adobe Acrobat/Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Impacted products: Acrobat DC Classic, Acrobat DC Continuous.
Severity: 3/4.
Consequences: privileged access/rights, client access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 44.
Creation date: 14/02/2018.
Revisions dates: 22/02/2018, 26/02/2018, 28/02/2018.
Identifiers: APSB18-02, CERTFR-2018-AVI-082, CVE-2018-4872, CVE-2018-4879, CVE-2018-4880, CVE-2018-4881, CVE-2018-4882, CVE-2018-4883, CVE-2018-4884, CVE-2018-4885, CVE-2018-4886, CVE-2018-4887, CVE-2018-4888, CVE-2018-4889, CVE-2018-4890, CVE-2018-4891, CVE-2018-4892, CVE-2018-4893, CVE-2018-4894, CVE-2018-4895, CVE-2018-4896, CVE-2018-4897, CVE-2018-4898, CVE-2018-4899, CVE-2018-4900, CVE-2018-4901, CVE-2018-4902, CVE-2018-4903, CVE-2018-4904, CVE-2018-4905, CVE-2018-4906, CVE-2018-4907, CVE-2018-4908, CVE-2018-4909, CVE-2018-4910, CVE-2018-4911, CVE-2018-4912, CVE-2018-4913, CVE-2018-4914, CVE-2018-4915, CVE-2018-4916, CVE-2018-4917, CVE-2018-4918, CVE-2018-4997, CVE-2018-4998, CVE-2018-4999, TALOS-2017-0505, VIGILANCE-VUL-25291, ZDI-18-168, ZDI-18-169, ZDI-18-170, ZDI-18-171, ZDI-18-172, ZDI-18-173, ZDI-18-174, ZDI-18-175, ZDI-18-176, ZDI-18-179, ZDI-18-180, ZDI-18-181, ZDI-18-182, ZDI-18-183, ZDI-18-184, ZDI-18-185, ZDI-18-186, ZDI-18-187, ZDI-18-188, ZDI-18-189, ZDI-18-190, ZDI-18-191, ZDI-18-192, ZDI-18-193, ZDI-18-194, ZDI-18-199, ZDI-18-206, ZDI-18-207, ZDI-18-208, ZDI-18-209, ZDI-18-210, ZDI-18-211, ZDI-18-212, ZDI-18-213, ZDI-18-262, ZDI-18-529, ZDI-18-530, ZDI-18-531, ZDI-18-600, ZDI-18-610.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Acrobat/Reader.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-11209 CVE-2017-11210 CVE-2017-11211

Adobe Acrobat/Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Impacted products: Acrobat, Acrobat DC Classic, Acrobat DC Continuous.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, data flow, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 67.
Creation date: 09/08/2017.
Identifiers: APSB17-24, CERTFR-2017-AVI-254, CVE-2017-11209, CVE-2017-11210, CVE-2017-11211, CVE-2017-11212, CVE-2017-11214, CVE-2017-11216, CVE-2017-11217, CVE-2017-11218, CVE-2017-11219, CVE-2017-11220, CVE-2017-11221, CVE-2017-11222, CVE-2017-11223, CVE-2017-11224, CVE-2017-11226, CVE-2017-11227, CVE-2017-11228, CVE-2017-11229, CVE-2017-11230, CVE-2017-11231, CVE-2017-11232, CVE-2017-11233, CVE-2017-11234, CVE-2017-11235, CVE-2017-11236, CVE-2017-11237, CVE-2017-11238, CVE-2017-11239, CVE-2017-11241, CVE-2017-11242, CVE-2017-11243, CVE-2017-11244, CVE-2017-11245, CVE-2017-11246, CVE-2017-11248, CVE-2017-11249, CVE-2017-11251, CVE-2017-11252, CVE-2017-11254, CVE-2017-11255, CVE-2017-11256, CVE-2017-11257, CVE-2017-11258, CVE-2017-11259, CVE-2017-11260, CVE-2017-11261, CVE-2017-11262, CVE-2017-11263, CVE-2017-11265, CVE-2017-11267, CVE-2017-11268, CVE-2017-11269, CVE-2017-11270, CVE-2017-11271, CVE-2017-3016, CVE-2017-3038, CVE-2017-3113, CVE-2017-3115, CVE-2017-3116, CVE-2017-3117, CVE-2017-3118, CVE-2017-3119, CVE-2017-3120, CVE-2017-3121, CVE-2017-3122, CVE-2017-3123, CVE-2017-3124, TALOS-2017-0361, VIGILANCE-VUL-23476, ZDI-17-569, ZDI-17-570, ZDI-17-571, ZDI-17-572, ZDI-17-573, ZDI-17-574, ZDI-17-575, ZDI-17-576, ZDI-17-577, ZDI-17-578, ZDI-17-579, ZDI-17-580, ZDI-17-581, ZDI-17-582, ZDI-17-583, ZDI-17-584, ZDI-17-585, ZDI-17-586, ZDI-17-587, ZDI-17-588, ZDI-17-589, ZDI-17-590, ZDI-17-591, ZDI-17-592, ZDI-17-593, ZDI-17-594, ZDI-17-595, ZDI-17-596, ZDI-17-597, ZDI-17-598, ZDI-17-599, ZDI-17-600, ZDI-17-601, ZDI-17-602, ZDI-17-603, ZDI-17-604, ZDI-17-605, ZDI-17-606, ZDI-17-607, ZDI-17-608, ZDI-17-609, ZDI-17-610, ZDI-17-611, ZDI-17-612, ZDI-17-613, ZDI-17-614, ZDI-17-615, ZDI-17-616, ZDI-17-617, ZDI-17-618, ZDI-17-619, ZDI-17-620, ZDI-17-621, ZDI-17-622, ZDI-17-623, ZDI-17-624, ZDI-17-625, ZDI-17-626, ZDI-17-627, ZDI-17-628, ZDI-17-629, ZDI-17-630, ZDI-17-631, ZDI-17-632, ZDI-17-633.

Description of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-3011 CVE-2017-3012 CVE-2017-3013

Adobe Acrobat/Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Impacted products: Acrobat, Acrobat DC Classic, Acrobat DC Continuous.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 47.
Creation date: 12/04/2017.
Revisions dates: 12/04/2017, 15/05/2017.
Identifiers: APSB17-11, CVE-2017-3011, CVE-2017-3012, CVE-2017-3013, CVE-2017-3014, CVE-2017-3015, CVE-2017-3017, CVE-2017-3018, CVE-2017-3019, CVE-2017-3020, CVE-2017-3021, CVE-2017-3022, CVE-2017-3023, CVE-2017-3024, CVE-2017-3025, CVE-2017-3026, CVE-2017-3027, CVE-2017-3028, CVE-2017-3029, CVE-2017-3030, CVE-2017-3031, CVE-2017-3032, CVE-2017-3033, CVE-2017-3034, CVE-2017-3035, CVE-2017-3036, CVE-2017-3037, CVE-2017-3038, CVE-2017-3039, CVE-2017-3040, CVE-2017-3041, CVE-2017-3042, CVE-2017-3043, CVE-2017-3044, CVE-2017-3045, CVE-2017-3046, CVE-2017-3047, CVE-2017-3048, CVE-2017-3049, CVE-2017-3050, CVE-2017-3051, CVE-2017-3052, CVE-2017-3053, CVE-2017-3054, CVE-2017-3055, CVE-2017-3056, CVE-2017-3057, CVE-2017-3065, VIGILANCE-VUL-22421, ZDI-17-249, ZDI-17-250, ZDI-17-251, ZDI-17-252, ZDI-17-253, ZDI-17-254, ZDI-17-255, ZDI-17-256, ZDI-17-257, ZDI-17-258, ZDI-17-259, ZDI-17-260, ZDI-17-261, ZDI-17-262, ZDI-17-263, ZDI-17-264, ZDI-17-265, ZDI-17-266, ZDI-17-267, ZDI-17-268, ZDI-17-269, ZDI-17-270, ZDI-17-271, ZDI-17-272, ZDI-17-273, ZDI-17-274, ZDI-17-275, ZDI-17-276, ZDI-17-277, ZDI-17-280, ZDI-17-281, ZDI-17-282, ZDI-17-335.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Acrobat/Reader.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-2939 CVE-2017-2940 CVE-2017-2941

Adobe Acrobat/Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Impacted products: Acrobat, Acrobat DC Classic, Acrobat DC Continuous.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 34.
Creation date: 10/01/2017.
Identifiers: APSB17-01, CERTFR-2017-AVI-005, CVE-2017-2939, CVE-2017-2940, CVE-2017-2941, CVE-2017-2942, CVE-2017-2943, CVE-2017-2944, CVE-2017-2945, CVE-2017-2946, CVE-2017-2947, CVE-2017-2948, CVE-2017-2949, CVE-2017-2950, CVE-2017-2951, CVE-2017-2952, CVE-2017-2953, CVE-2017-2954, CVE-2017-2955, CVE-2017-2956, CVE-2017-2957, CVE-2017-2958, CVE-2017-2959, CVE-2017-2960, CVE-2017-2961, CVE-2017-2962, CVE-2017-2963, CVE-2017-2964, CVE-2017-2965, CVE-2017-2966, CVE-2017-2967, CVE-2017-2970, CVE-2017-2971, CVE-2017-2972, CVE-2017-3009, CVE-2017-3010, TALOS-2016-0259, VIGILANCE-VUL-21539, ZDI-17-002, ZDI-17-003, ZDI-17-004, ZDI-17-005, ZDI-17-006, ZDI-17-007, ZDI-17-008, ZDI-17-009, ZDI-17-010, ZDI-17-011, ZDI-17-012, ZDI-17-013, ZDI-17-014, ZDI-17-015, ZDI-17-016, ZDI-17-017, ZDI-17-018, ZDI-17-019, ZDI-17-020, ZDI-17-021, ZDI-17-022, ZDI-17-023, ZDI-17-024, ZDI-17-025, ZDI-17-026, ZDI-17-027, ZDI-17-028, ZDI-17-029, ZDI-17-030, ZDI-17-031, ZDI-17-045, ZDI-17-111, ZDI-17-242.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Acrobat/Reader.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2962, ZDI-17-026]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2950, ZDI-17-021]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2951, ZDI-17-022]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2955]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2956]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2957]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2958]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2961, ZDI-17-025]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2942]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2945]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2946, ZDI-17-003, ZDI-17-004]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2949, ZDI-17-005, ZDI-17-006, ZDI-17-007, ZDI-17-008, ZDI-17-009, ZDI-17-011, ZDI-17-012, ZDI-17-013, ZDI-17-015, ZDI-17-016, ZDI-17-017, ZDI-17-018, ZDI-17-019, ZDI-17-020, ZDI-17-028, ZDI-17-029]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2959, ZDI-17-023]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2966, ZDI-17-030]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2948]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2952]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2939, ZDI-17-111]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2940]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2941, ZDI-17-002]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2943]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2944]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2953]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2954]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2960, ZDI-17-024]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2963, ZDI-17-027]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2964, ZDI-17-014]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2965, ZDI-17-010]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2967, ZDI-17-031]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2017-2947]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2970, ZDI-17-045]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2971, TALOS-2016-0259]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-2972]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2017-3009, ZDI-17-242]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-3010]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-1089 CVE-2016-1091 CVE-2016-4095

Adobe Acrobat/Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Impacted products: Acrobat, Acrobat DC Classic, Acrobat DC Continuous.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 75.
Creation date: 12/10/2016.
Identifiers: APSB16-33, CVE-2016-1089, CVE-2016-1091, CVE-2016-4095, CVE-2016-6939, CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6947, CVE-2016-6948, CVE-2016-6949, CVE-2016-6950, CVE-2016-6951, CVE-2016-6952, CVE-2016-6953, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6957, CVE-2016-6958, CVE-2016-6959, CVE-2016-6960, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6966, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6970, CVE-2016-6971, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6979, CVE-2016-6988, CVE-2016-6993, CVE-2016-6994, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-6999, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019, CVE-2016-7852, CVE-2016-7853, CVE-2016-7854, VIGILANCE-VUL-20826, ZDI-16-536, ZDI-16-537, ZDI-16-538, ZDI-16-539, ZDI-16-540, ZDI-16-541, ZDI-16-542, ZDI-16-543, ZDI-16-544, ZDI-16-545, ZDI-16-546, ZDI-16-547, ZDI-16-548, ZDI-16-549, ZDI-16-550, ZDI-16-551, ZDI-16-552, ZDI-16-553, ZDI-16-554, ZDI-16-555, ZDI-16-556, ZDI-16-557, ZDI-16-558, ZDI-16-559, ZDI-16-560, ZDI-16-561, ZDI-16-562, ZDI-16-563, ZDI-16-564, ZDI-16-565, ZDI-16-566, ZDI-16-567, ZDI-16-573.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Acrobat/Reader.

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1089]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1091]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6944, ZDI-16-536]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6945, ZDI-16-537]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6946, ZDI-16-554]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6949]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6952, ZDI-16-559]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6953, ZDI-16-560]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6961, ZDI-16-545]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6962, ZDI-16-546]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6963, ZDI-16-547]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6964, ZDI-16-548]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6965, ZDI-16-549]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6967, ZDI-16-551]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6968, ZDI-16-552]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6969, ZDI-16-563]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6971, ZDI-16-561]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6979, ZDI-16-544]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6988, ZDI-16-556]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6993]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6939]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6994]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6940, ZDI-16-564]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6941, ZDI-16-565]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6942, ZDI-16-553]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6943]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6947, ZDI-16-555]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6948]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6950, ZDI-16-557]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6951, ZDI-16-558]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6954]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6955]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6956]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6959, ZDI-16-539]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6960, ZDI-16-540]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6966, ZDI-16-550]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6970]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6972, ZDI-16-566]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6973, ZDI-16-562]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6974, ZDI-16-541]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6975, ZDI-16-567]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6976, ZDI-16-542]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6977, ZDI-16-543]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6978, ZDI-16-538]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6995]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6996]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6997]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6998]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7000]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7001]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7002]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7003]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7004]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7005]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7006]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7007]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7008]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7009]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7010]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7011]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7012]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7013]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7014]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7015]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7016]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7017]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7018]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7019]

An attacker can bypass security features via Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2016-6957]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-6958]

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6999]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7852]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7853]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7854, ZDI-16-573]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4095]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Acrobat DC Continuous: