The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability announce CVE-2014-8452 CVE-2014-9160 CVE-2014-9161

Adobe Reader: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Reader.
Impacted software: Acrobat.
Severity of this computer vulnerability: 3/4.
Consequences of a hack: user access/rights, denial of service on client.
Attacker's origin: document.
Number of vulnerabilities in this bulletin: 34.
Creation date: 12/05/2015.
Revision date: 07/06/2016.
Références of this announce: 258, APSB15-10, CERTFR-2015-AVI-227, CVE-2014-8452, CVE-2014-9160, CVE-2014-9161, CVE-2015-3046, CVE-2015-3047, CVE-2015-3048, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, CVE-2015-3056, CVE-2015-3057, CVE-2015-3058, CVE-2015-3059, CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3070, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, CVE-2015-3074, CVE-2015-3075, CVE-2015-3076, VIGILANCE-VUL-16882, ZDI-15-195, ZDI-15-196, ZDI-15-197, ZDI-15-198, ZDI-15-199, ZDI-15-200, ZDI-15-201, ZDI-15-202, ZDI-15-203, ZDI-15-204, ZDI-15-205, ZDI-15-206, ZDI-15-207, ZDI-15-208, ZDI-15-209, ZDI-15-210, ZDI-15-211, ZDI-15-212, ZDI-15-213, ZDI-15-214, ZDI-15-215.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Reader.

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3053, ZDI-15-215]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3054, ZDI-15-214]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3055, ZDI-15-213]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3059, ZDI-15-212]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3075]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9160]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3048]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9161, ZDI-15-199]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3046]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3049]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3050]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3051]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3052]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3056, ZDI-15-209]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3057, ZDI-15-210]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3070]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3076]

An attacker can read a memory fragment, in order to obtain sensitive information. [severity:1/4; CVE-2015-3058, ZDI-15-211]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3060, ZDI-15-208]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3061, ZDI-15-206]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3062, ZDI-15-207]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3063, ZDI-15-203]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3064, ZDI-15-204]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3065]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3066, ZDI-15-200]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3067, ZDI-15-201]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3068, ZDI-15-202]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3069, ZDI-15-205]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3071, ZDI-15-195]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3072, ZDI-15-196]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3073, ZDI-15-197]

An attacker can bypass restrictions of the Javascript API, in order to escalate his privileges. [severity:2/4; CVE-2015-3074, ZDI-15-198]

An attacker can force a NULL pointer to be dereferenced, in order to trigger a denial of service. [severity:2/4; CVE-2015-3047]

An attacker can transmit malicious XML data, in order to read a file, scan sites, or trigger a denial of service. [severity:2/4; CVE-2014-8452]
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a system vulnerability bulletin. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.