The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Adobe Reader

computer vulnerability alert CVE-2016-1089 CVE-2016-1091 CVE-2016-4095

Adobe Acrobat/Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Impacted products: Acrobat, Acrobat DC Classic, Acrobat DC Continuous.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 75.
Creation date: 12/10/2016.
Identifiers: APSB16-33, CVE-2016-1089, CVE-2016-1091, CVE-2016-4095, CVE-2016-6939, CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6947, CVE-2016-6948, CVE-2016-6949, CVE-2016-6950, CVE-2016-6951, CVE-2016-6952, CVE-2016-6953, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6957, CVE-2016-6958, CVE-2016-6959, CVE-2016-6960, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6966, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6970, CVE-2016-6971, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6979, CVE-2016-6988, CVE-2016-6993, CVE-2016-6994, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-6999, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019, CVE-2016-7852, CVE-2016-7853, CVE-2016-7854, VIGILANCE-VUL-20826, ZDI-16-536, ZDI-16-537, ZDI-16-538, ZDI-16-539, ZDI-16-540, ZDI-16-541, ZDI-16-542, ZDI-16-543, ZDI-16-544, ZDI-16-545, ZDI-16-546, ZDI-16-547, ZDI-16-548, ZDI-16-549, ZDI-16-550, ZDI-16-551, ZDI-16-552, ZDI-16-553, ZDI-16-554, ZDI-16-555, ZDI-16-556, ZDI-16-557, ZDI-16-558, ZDI-16-559, ZDI-16-560, ZDI-16-561, ZDI-16-562, ZDI-16-563, ZDI-16-564, ZDI-16-565, ZDI-16-566, ZDI-16-567, ZDI-16-573.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Acrobat/Reader.

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1089]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1091]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6944, ZDI-16-536]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6945, ZDI-16-537]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6946, ZDI-16-554]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6949]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6952, ZDI-16-559]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6953, ZDI-16-560]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6961, ZDI-16-545]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6962, ZDI-16-546]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6963, ZDI-16-547]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6964, ZDI-16-548]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6965, ZDI-16-549]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6967, ZDI-16-551]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6968, ZDI-16-552]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6969, ZDI-16-563]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6971, ZDI-16-561]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6979, ZDI-16-544]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6988, ZDI-16-556]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6993]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6939]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6994]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6940, ZDI-16-564]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6941, ZDI-16-565]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6942, ZDI-16-553]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6943]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6947, ZDI-16-555]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6948]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6950, ZDI-16-557]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6951, ZDI-16-558]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6954]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6955]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6956]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6959, ZDI-16-539]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6960, ZDI-16-540]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6966, ZDI-16-550]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6970]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6972, ZDI-16-566]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6973, ZDI-16-562]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6974, ZDI-16-541]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6975, ZDI-16-567]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6976, ZDI-16-542]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6977, ZDI-16-543]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6978, ZDI-16-538]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6995]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6996]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6997]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6998]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7000]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7001]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7002]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7003]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7004]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7005]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7006]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7007]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7008]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7009]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7010]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7011]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7012]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7013]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7014]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7015]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7016]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7017]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7018]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7019]

An attacker can bypass security features via Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2016-6957]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-6958]

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6999]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7852]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7853]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7854, ZDI-16-573]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4095]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-4191 CVE-2016-4192 CVE-2016-4193

Adobe Acrobat/Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Impacted products: Acrobat, Acrobat DC Classic, Acrobat DC Continuous.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 38.
Creation date: 12/07/2016.
Revision date: 19/09/2016.
Identifiers: APSB16-26, CERTFR-2016-AVI-233, COSIG-2016-24, COSIG-2016-25, COSIG-2016-26, COSIG-2016-27, COSIG-2016-28, COSIG-2016-29, COSIG-2016-30, CVE-2016-4189-ERROR, CVE-2016-4190-ERROR, CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4209, CVE-2016-4210, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4215, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4255, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, CVE-2016-4269, CVE-2016-4270, CVE-2016-6937, CVE-2016-6938, VIGILANCE-VUL-20078, ZDI-16-414, ZDI-16-415, ZDI-16-416, ZDI-16-417, ZDI-16-418, ZDI-16-419, ZDI-16-420, ZDI-16-421, ZDI-16-422, ZDI-16-423, ZDI-16-488, ZDI-16-489, ZDI-16-490, ZDI-16-491, ZDI-16-492, ZDI-16-493, ZDI-16-574, ZDI-16-591.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Acrobat/Reader.

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4210]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4190-ERROR, CVE-2016-4255, ZDI-16-420]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4209]

An attacker can bypass security features via Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2016-4215]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4189-ERROR, CVE-2016-4254]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4191, ZDI-16-423]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4192]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4193]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4194]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4195, ZDI-16-418]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4196, ZDI-16-416]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4197, ZDI-16-415]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4198, ZDI-16-422]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4199, ZDI-16-417]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4200, ZDI-16-419]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; COSIG-2016-24, CVE-2016-4201]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4202, ZDI-16-414]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; COSIG-2016-28, CVE-2016-4203]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; COSIG-2016-29, CVE-2016-4204]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; COSIG-2016-30, CVE-2016-4205]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; COSIG-2016-25, CVE-2016-4206]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; COSIG-2016-26, CVE-2016-4207]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; COSIG-2016-27, CVE-2016-4208]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4211]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4212]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4213]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4214]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4250]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4251, ZDI-16-421]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4252]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4265, ZDI-16-488]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4266, ZDI-16-489]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4267, ZDI-16-490]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4268, ZDI-16-491]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4269, ZDI-16-492]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4270, ZDI-16-493]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6937, ZDI-16-574]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-6938, ZDI-16-591]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2014-8452 CVE-2014-9160 CVE-2014-9161

Adobe Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Reader.
Impacted products: Acrobat.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 34.
Creation date: 12/05/2015.
Revision date: 07/06/2016.
Identifiers: 258, APSB15-10, CERTFR-2015-AVI-227, CVE-2014-8452, CVE-2014-9160, CVE-2014-9161, CVE-2015-3046, CVE-2015-3047, CVE-2015-3048, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, CVE-2015-3056, CVE-2015-3057, CVE-2015-3058, CVE-2015-3059, CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3070, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, CVE-2015-3074, CVE-2015-3075, CVE-2015-3076, VIGILANCE-VUL-16882, ZDI-15-195, ZDI-15-196, ZDI-15-197, ZDI-15-198, ZDI-15-199, ZDI-15-200, ZDI-15-201, ZDI-15-202, ZDI-15-203, ZDI-15-204, ZDI-15-205, ZDI-15-206, ZDI-15-207, ZDI-15-208, ZDI-15-209, ZDI-15-210, ZDI-15-211, ZDI-15-212, ZDI-15-213, ZDI-15-214, ZDI-15-215.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Reader.

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3053, ZDI-15-215]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3054, ZDI-15-214]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3055, ZDI-15-213]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3059, ZDI-15-212]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3075]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9160]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3048]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9161, ZDI-15-199]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3046]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3049]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3050]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3051]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3052]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3056, ZDI-15-209]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3057, ZDI-15-210]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3070]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3076]

An attacker can read a memory fragment, in order to obtain sensitive information. [severity:1/4; CVE-2015-3058, ZDI-15-211]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3060, ZDI-15-208]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3061, ZDI-15-206]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3062, ZDI-15-207]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3063, ZDI-15-203]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3064, ZDI-15-204]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3065]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3066, ZDI-15-200]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3067, ZDI-15-201]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3068, ZDI-15-202]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3069, ZDI-15-205]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3071, ZDI-15-195]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3072, ZDI-15-196]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3073, ZDI-15-197]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3074, ZDI-15-198]

An attacker can force a NULL pointer to be dereferenced, in order to trigger a denial of service. [severity:2/4; CVE-2015-3047]

An attacker can transmit malicious XML data, in order to read a file, scan sites, or trigger a denial of service. [severity:2/4; CVE-2014-8452]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-1037 CVE-2016-1038 CVE-2016-1039

Adobe Acrobat/Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Impacted products: Acrobat, Acrobat DC Classic, Acrobat DC Continuous.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 93.
Creation date: 10/05/2016.
Identifiers: APSB16-14, CVE-2016-1037, CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1043, CVE-2016-1044, CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1062, CVE-2016-1063, CVE-2016-1064, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1075, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1079, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1087, CVE-2016-1088, CVE-2016-1090, CVE-2016-1092, CVE-2016-1093, CVE-2016-1094, CVE-2016-1095, CVE-2016-1112, CVE-2016-1116, CVE-2016-1117, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1121, CVE-2016-1122, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4091, CVE-2016-4092, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4102, CVE-2016-4103, CVE-2016-4104, CVE-2016-4105, CVE-2016-4106, CVE-2016-4107, CVE-2016-4119, Version PDF, VIGILANCE-VUL-19573, ZDI-16-285, ZDI-16-286, ZDI-16-287, ZDI-16-288, ZDI-16-289, ZDI-16-290, ZDI-16-291, ZDI-16-292, ZDI-16-293, ZDI-16-294, ZDI-16-295, ZDI-16-296, ZDI-16-297, ZDI-16-298, ZDI-16-299, ZDI-16-300, ZDI-16-301, ZDI-16-302, ZDI-16-303, ZDI-16-304, ZDI-16-305, ZDI-16-306, ZDI-16-307, ZDI-16-308, ZDI-16-309, ZDI-16-310, ZDI-16-311, ZDI-16-312, ZDI-16-313, ZDI-16-315, ZDI-16-316, ZDI-16-317, ZDI-16-318, ZDI-16-319, ZDI-16-320, ZDI-16-321, ZDI-16-322, ZDI-16-323, ZDI-16-324, ZDI-16-325, ZDI-16-326, ZDI-16-327, ZDI-16-328, ZDI-16-329, ZDI-16-359.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Acrobat/Reader.

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1045, ZDI-16-293]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1046, ZDI-16-294]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1047, ZDI-16-295]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1048, ZDI-16-296]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1049, ZDI-16-297]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1050, ZDI-16-298]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1051, ZDI-16-299]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1052, ZDI-16-300]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1053, ZDI-16-301]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1054, ZDI-16-302]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1055, ZDI-16-303]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1056, ZDI-16-304]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1057, ZDI-16-305]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1058, ZDI-16-306]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1059, ZDI-16-307]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1060, ZDI-16-308]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1061, ZDI-16-309]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1065, ZDI-16-312]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1066, ZDI-16-313]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1067, ZDI-16-315]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1068, ZDI-16-316]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1069, ZDI-16-317]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1070, ZDI-16-318]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1075, ZDI-16-323]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1094, ZDI-16-328, ZDI-16-359]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1121]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1122]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4102]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4107]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4091]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4092]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1037]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1063, ZDI-16-311]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1064]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1071, ZDI-16-319]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1072, ZDI-16-320]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1073, ZDI-16-321]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1074, ZDI-16-322]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1076, ZDI-16-324]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1077]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1078, ZDI-16-325]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1080, ZDI-16-327]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1081]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1082]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1083]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1084]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1085]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1086]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1088]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1093]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1095, ZDI-16-329]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1116]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1118]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1119]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1120]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1123]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1124]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1125]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1126]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1127]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1128]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1129]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1130]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4088]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4089]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4090]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4093]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4094]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4096]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4097]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4098]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4099]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4100]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4101]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4103]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4104]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4105]

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1043, ZDI-16-286]

An attacker can create a memory leak, in order to trigger a denial of service. [severity:2/4; CVE-2016-1079, ZDI-16-326]

An attacker can create a memory leak, in order to trigger a denial of service. [severity:2/4; CVE-2016-1092]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-1112]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2016-1038, ZDI-16-292]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2016-1039, ZDI-16-290]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2016-1040, ZDI-16-289]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2016-1041, ZDI-16-288]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2016-1042, ZDI-16-287]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2016-1044, ZDI-16-291]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2016-1062, ZDI-16-310]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2016-1117, ZDI-16-285]

An attacker can use a vulnerability in Directory Search Path, in order to run code. [severity:3/4; CVE-2016-1087]

An attacker can use a vulnerability in Directory Search Path, in order to run code. [severity:3/4; CVE-2016-1090]

An attacker can use a vulnerability in Directory Search Path, in order to run code. [severity:3/4; CVE-2016-4106]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4119]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-1007 CVE-2016-1008 CVE-2016-1009

Adobe Reader/Acrobat: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Reader/Acrobat.
Impacted products: Acrobat, Acrobat DC Classic, Acrobat DC Continuous.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 08/03/2016.
Identifiers: APSB16-09, CERTFR-2016-AVI-085, CVE-2016-1007, CVE-2016-1008, CVE-2016-1009, VIGILANCE-VUL-19120, ZDI-16-189, ZDI-16-190, ZDI-16-191.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Reader/Acrobat.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1007, ZDI-16-189]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1009, ZDI-16-191]

An attacker can use a vulnerability, in order to run code. [severity:3/4; CVE-2016-1008, ZDI-16-190]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-0931 CVE-2016-0932 CVE-2016-0933

Adobe Acrobat/Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Impacted products: Acrobat, Acrobat DC Classic, Acrobat DC Continuous.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 18.
Creation date: 12/01/2016.
Identifiers: APSB16-02, CERTFR-2016-AVI-019, CVE-2016-0931, CVE-2016-0932, CVE-2016-0933, CVE-2016-0934, CVE-2016-0935, CVE-2016-0936, CVE-2016-0937, CVE-2016-0938, CVE-2016-0939, CVE-2016-0940, CVE-2016-0941, CVE-2016-0942, CVE-2016-0943, CVE-2016-0944, CVE-2016-0945, CVE-2016-0946, CVE-2016-0947, CVE-2016-1111, VIGILANCE-VUL-18696, ZDI-16-008, ZDI-16-009, ZDI-16-010, ZDI-16-011, ZDI-16-012, ZDI-16-013, ZDI-16-014, ZDI-16-015, ZDI-16-016, ZDI-16-017, ZDI-16-273.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Acrobat/Reader.

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0932, ZDI-16-008]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0934, ZDI-16-016]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0937, ZDI-16-011]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0940]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0941, ZDI-16-010]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0935, ZDI-16-017]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0931, ZDI-16-009]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0933]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0936, ZDI-16-014]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0938, ZDI-16-013]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0939, ZDI-16-015]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0942]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0944]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0945]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0946]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2016-0943, ZDI-16-012]

An attacker can use a vulnerability in Adobe Download Manager, in order to run code. [severity:3/4; CVE-2016-0947]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1111, ZDI-16-273]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-5583 CVE-2015-5586 CVE-2015-6683

Adobe Acrobat, Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat, Reader.
Impacted products: Acrobat, Acrobat DC Classic, Acrobat DC Continuous.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 59.
Creation date: 13/10/2015.
Identifiers: APSB15-24, CERTFR-2015-AVI-427, COSIG-2015-001, CVE-2015-5583, CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6685, CVE-2015-6686, CVE-2015-6687, CVE-2015-6688, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-6692, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, CVE-2015-6696, CVE-2015-6697, CVE-2015-6698, CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703, CVE-2015-6704, CVE-2015-6705, CVE-2015-6706, CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7615, CVE-2015-7616, CVE-2015-7617, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, CVE-2015-7621, CVE-2015-7622, CVE-2015-7623, CVE-2015-7624, CVE-2015-7650, CVE-2015-7829, CVE-2015-8458, VIGILANCE-VUL-18083, ZDI-15-465, ZDI-15-466, ZDI-15-467, ZDI-15-468, ZDI-15-469, ZDI-15-470, ZDI-15-471, ZDI-15-472, ZDI-15-473, ZDI-15-474, ZDI-15-475, ZDI-15-476, ZDI-15-477, ZDI-15-478, ZDI-15-479, ZDI-15-480, ZDI-15-481, ZDI-15-482, ZDI-15-483, ZDI-15-484, ZDI-15-485, ZDI-15-486, ZDI-15-487, ZDI-15-488, ZDI-15-489, ZDI-15-490, ZDI-15-491, ZDI-15-492, ZDI-15-493, ZDI-15-494, ZDI-15-495, ZDI-15-496, ZDI-15-497, ZDI-15-498, ZDI-15-499, ZDI-15-500, ZDI-15-501, ZDI-15-502, ZDI-15-503, ZDI-15-504, ZDI-15-505, ZDI-15-506, ZDI-15-507, ZDI-15-508, ZDI-15-509, ZDI-15-510, ZDI-15-534, ZDI-15-569, ZDI-15-637.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Acrobat, Reader.

An attacker can force a read at an invalid address, in order to trigger a denial of service, or to read data. [severity:2/4; CVE-2015-6692]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6689, ZDI-15-470]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6688, ZDI-15-469]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6690, ZDI-15-474]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7615, ZDI-15-493]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7617, ZDI-15-492]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6687]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6684]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6691]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7621, ZDI-15-508]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-5586]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6683]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6696, ZDI-15-569]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6698, ZDI-15-476]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6685, ZDI-15-467]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6693, ZDI-15-473]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6694, ZDI-15-471]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6695, ZDI-15-472]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6686, ZDI-15-466]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7622]

An attacker can create a memory leak, in order to trigger a denial of service. [severity:1/4; CVE-2015-6699, ZDI-15-477]

An attacker can create a memory leak, in order to trigger a denial of service. [severity:1/4; CVE-2015-6700, ZDI-15-478]

An attacker can create a memory leak, in order to trigger a denial of service. [severity:1/4; CVE-2015-6701, ZDI-15-479]

An attacker can create a memory leak, in order to trigger a denial of service. [severity:1/4; CVE-2015-6702, ZDI-15-480]

An attacker can create a memory leak, in order to trigger a denial of service. [severity:1/4; CVE-2015-6703, ZDI-15-481]

An attacker can create a memory leak, in order to trigger a denial of service. [severity:1/4; CVE-2015-6704, ZDI-15-482]

An attacker can create a memory leak, in order to trigger a denial of service. [severity:1/4; CVE-2015-6697, ZDI-15-475]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2015-5583, ZDI-15-468]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2015-6705]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2015-6706]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2015-7624]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2015-6707, ZDI-15-483]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2015-6708, ZDI-15-484]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2015-6709, ZDI-15-486]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2015-6710, ZDI-15-487]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2015-6711, ZDI-15-485]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2015-6712, ZDI-15-488]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2015-7614, ZDI-15-509]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2015-7616, ZDI-15-494]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2015-6716, ZDI-15-507]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2015-6717, ZDI-15-499]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2015-6718, ZDI-15-503]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2015-6719, ZDI-15-504]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2015-6720, ZDI-15-506]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2015-6721, ZDI-15-502]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2015-6722, ZDI-15-501]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2015-6723, ZDI-15-497]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2015-6724, ZDI-15-495]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2015-6725, ZDI-15-505]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2015-7618, ZDI-15-498]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2015-7619, ZDI-15-500]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2015-7620, ZDI-15-496]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2015-7623, ZDI-15-510]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2015-6713, ZDI-15-489]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2015-6714, ZDI-15-490]

An attacker can bypass security features in Javascript API, in order to escalate his privileges. [severity:3/4; CVE-2015-6715, ZDI-15-491]

An attacker can delete a file, in order to trigger a denial of service. [severity:2/4; CVE-2015-7829, ZDI-15-465]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7650, ZDI-15-534]

An attacker can generate a buffer overflow in AGM, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-8458, ZDI-15-637]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2014-0566 CVE-2014-8450 CVE-2015-3095

Adobe Acrobat/Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat/Reader.
Impacted products: Acrobat, Acrobat DC Classic, Acrobat DC Continuous.
Severity: 3/4.
Consequences: user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 46.
Creation date: 15/07/2015.
Identifiers: APSB15-15, CVE-2014-0566, CVE-2014-8450, CVE-2015-3095, CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4443, CVE-2015-4444, CVE-2015-4445, CVE-2015-4446, CVE-2015-4447, CVE-2015-4448, CVE-2015-4449, CVE-2015-4450, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, CVE-2015-5086, CVE-2015-5087, CVE-2015-5088, CVE-2015-5089, CVE-2015-5090, CVE-2015-5091, CVE-2015-5092, CVE-2015-5093, CVE-2015-5094, CVE-2015-5095, CVE-2015-5096, CVE-2015-5097, CVE-2015-5098, CVE-2015-5099, CVE-2015-5100, CVE-2015-5101, CVE-2015-5102, CVE-2015-5103, CVE-2015-5104, CVE-2015-5105, CVE-2015-5106, CVE-2015-5107, CVE-2015-5108, CVE-2015-5109, CVE-2015-5110, CVE-2015-5111, CVE-2015-5113, CVE-2015-5114, CVE-2015-5115, VIGILANCE-VUL-17365, ZDI-15-303, ZDI-15-304, ZDI-15-305, ZDI-15-306, ZDI-15-307, ZDI-15-308, ZDI-15-309, ZDI-15-310, ZDI-15-311, ZDI-15-312, ZDI-15-313, ZDI-15-314, ZDI-15-315, ZDI-15-316, ZDI-15-317, ZDI-15-318, ZDI-15-319, ZDI-15-320, ZDI-15-321, ZDI-15-322, ZDI-15-323, ZDI-15-324, ZDI-15-368, ZDI-15-369, ZDI-15-370, ZDI-15-371.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Acrobat/Reader.

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-5093, ZDI-15-320]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-5096]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-5098]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-5105]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-5087]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-5094, ZDI-15-321]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-5100, ZDI-15-303]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-5102, ZDI-15-307]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-5103, ZDI-15-305]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-5104, ZDI-15-306]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-3095]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-5115, ZDI-15-312]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2014-0566]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2015-5107, ZDI-15-371]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2015-4449]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2015-4450]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2015-5088]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2015-5089]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2015-5092]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2014-8450]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-5110, ZDI-15-368]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-4448]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-5095, ZDI-15-322]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-5099]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-5101, ZDI-15-304]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-5111, ZDI-15-308]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-5113, ZDI-15-323]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-5114, ZDI-15-324]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2015-4446]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2015-5090, ZDI-15-314]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2015-5106, ZDI-15-370]

An attacker can trigger a fatal error, in order to trigger a denial of service. [severity:2/4; CVE-2015-5091, ZDI-15-315]

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-5097]

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-5108]

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-5109, ZDI-15-369]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2015-4435, ZDI-15-316]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2015-4438, ZDI-15-317]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2015-4441, ZDI-15-318]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2015-4445, ZDI-15-313]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2015-4447, ZDI-15-319]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2015-4451]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2015-4452, ZDI-15-309]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2015-5085, ZDI-15-310]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2015-5086, ZDI-15-311]

An attacker can force a NULL pointer to be dereferenced, in order to trigger a denial of service. [severity:1/4; CVE-2015-4443]

An attacker can force a NULL pointer to be dereferenced, in order to trigger a denial of service. [severity:1/4; CVE-2015-4444]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2015-3095

Adobe Reader: unreachable memory reading via CoolType.dll

Synthesis of the vulnerability

An attacker can force a read at an invalid address in CoolType.dll of Adobe Reader, in order to trigger a denial of service.
Impacted products: Acrobat.
Severity: 1/4.
Consequences: denial of service on client.
Provenance: internet client.
Creation date: 13/05/2015.
Identifiers: CVE-2015-3095, VIGILANCE-VUL-16898.

Description of the vulnerability

The Adobe Reader product uses the Type1/CFF CharString interpreter in CoolType.dl to display fonts.

However, it tries to read an unreachable memory area, which triggers a fatal error.

An attacker can therefore force a read at an invalid address in CoolType.dll of Adobe Reader, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2014-8445 CVE-2014-8446 CVE-2014-8447

Adobe Acrobat, Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Acrobat, Reader.
Impacted products: Acrobat.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 22.
Creation date: 09/12/2014.
Identifiers: APSB14-28, CERTFR-2014-AVI-523, CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8448, CVE-2014-8449, CVE-2014-8451, CVE-2014-8452, CVE-2014-8453, CVE-2014-8454, CVE-2014-8455, CVE-2014-8456, CVE-2014-8457, CVE-2014-8458, CVE-2014-8459, CVE-2014-8460, CVE-2014-8461, CVE-2014-9150, CVE-2014-9158, CVE-2014-9159, CVE-2014-9160, CVE-2014-9161, CVE-2014-9165, VIGILANCE-VUL-15762.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Acrobat, Reader.

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-8454]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-8455]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9165]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-8457]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-8460]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9159]

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-8449]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-8445]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-8446]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-8447]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-8456]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-8458]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-8459]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-8461]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9158]

An attacker can bypass access restrictions, in order to alter a file. [severity:2/4; CVE-2014-9150]

An attacker can use Javascript API, in order to obtain sensitive information. [severity:2/4; CVE-2014-8448]

An attacker can use Javascript API, in order to obtain sensitive information. [severity:2/4; CVE-2014-8451]

An attacker can transmit malicious XML data, in order to read a file, scan sites, or trigger a denial of service. [severity:2/4; CVE-2014-8452]

An attacker can bypass the same origin policy, in order to obtain sensitive information. [severity:2/4; CVE-2014-8453]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9160]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9161]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Adobe Reader: