cnvd-2016-00271
Vulnerability from cnvd
Title
Adobe Download Manager可疑搜索路径漏洞
Description
Adobe Download Manager直接与Adobe服务器配合工作, 可帮助控制Adobe Reader、Adobe Acrobat及其他Adobe文件的下载过程。 Adobe Download Manager存在可疑搜索路径漏洞,恶意攻击者构建恶意文件,诱使用户解析,提升权限。
Severity
Patch Name
Adobe Download Manager可疑搜索路径漏洞的补丁
Patch Description
Adobe Download Manager直接与Adobe服务器配合工作, 可帮助控制Adobe Reader、Adobe Acrobat及其他Adobe文件的下载过程。 Adobe Download Manager存在可疑搜索路径漏洞,恶意攻击者构建恶意文件,诱使用户解析,提升权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞: https://helpx.adobe.com/security/products/acrobat/apsb16-02.html

Reference
https://helpx.adobe.com/security/products/acrobat/apsb16-02.html
Impacted products
Name
['Adobe Reader/Acrobat <11.0.14', 'Adobe Acrobat/Acrobat Reader DC Classic <15.006.30119', 'Adobe Acrobat/Acrobat Reader DC Continuous(on Windows/OS X) <15.010.20056']
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-0947"
    }
  },
  "description": "Adobe Download Manager\u76f4\u63a5\u4e0eAdobe\u670d\u52a1\u5668\u914d\u5408\u5de5\u4f5c, \u53ef\u5e2e\u52a9\u63a7\u5236Adobe Reader\u3001Adobe Acrobat\u53ca\u5176\u4ed6Adobe\u6587\u4ef6\u7684\u4e0b\u8f7d\u8fc7\u7a0b\u3002\r\n\r\nAdobe Download Manager\u5b58\u5728\u53ef\u7591\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\uff0c\u6076\u610f\u653b\u51fb\u8005\u6784\u5efa\u6076\u610f\u6587\u4ef6\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u63d0\u5347\u6743\u9650\u3002",
  "discovererName": "Independently reported by Vladimir Dubrovin, Eric Lawrence, and KeLiu of Tencent\u0027s Xuanwu LAB",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://helpx.adobe.com/security/products/acrobat/apsb16-02.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-00271",
  "openTime": "2016-01-19",
  "patchDescription": "Adobe Download Manager\u76f4\u63a5\u4e0eAdobe\u670d\u52a1\u5668\u914d\u5408\u5de5\u4f5c, \u53ef\u5e2e\u52a9\u63a7\u5236Adobe Reader\u3001Adobe Acrobat\u53ca\u5176\u4ed6Adobe\u6587\u4ef6\u7684\u4e0b\u8f7d\u8fc7\u7a0b\u3002\r\n\r\nAdobe Download Manager\u5b58\u5728\u53ef\u7591\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\uff0c\u6076\u610f\u653b\u51fb\u8005\u6784\u5efa\u6076\u610f\u6587\u4ef6\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Download Manager\u53ef\u7591\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Adobe Reader/Acrobat \u003c11.0.14",
      "Adobe Acrobat/Acrobat Reader DC Classic \u003c15.006.30119",
      "Adobe Acrobat/Acrobat Reader DC Continuous(on Windows/OS X) \u003c15.010.20056"
    ]
  },
  "referenceLink": "https://helpx.adobe.com/security/products/acrobat/apsb16-02.html",
  "serverity": "\u9ad8",
  "submitTime": "2016-01-16",
  "title": "Adobe Download Manager\u53ef\u7591\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.