cvelistv5 - cve-2016-1070

CVE-2016-1070 (GCVE-0-2016-1070)

Vulnerability from cvelistv5

Published

2016-05-11 10:00

Modified

2024-08-05 22:38

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

var-201605-0241

Vulnerability from variot

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107. This vulnerability CVE-2016-1045 , CVE-2016-1046 , CVE-2016-1047 , CVE-2016-1048 , CVE-2016-1049 , CVE-2016-1050 , CVE-2016-1051 , CVE-2016-1052 , CVE-2016-1053 , CVE-2016-1054 , CVE-2016-1055 , CVE-2016-1056 , CVE-2016-1057 , CVE-2016-1058 , CVE-2016-1059 , CVE-2016-1060 , CVE-2016-1061 , CVE-2016-1065 , CVE-2016-1066 , CVE-2016-1067 , CVE-2016-1068 , CVE-2016-1069 , CVE-2016-1075 , CVE-2016-1094 , CVE-2016-1121 , CVE-2016-1122 , CVE-2016-4102 ,and CVE-2016-4107 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the "Share For Comments" feature. In certain conditions the Adobe Acrobat Pro DC "Share For Comments" feature can force a dangling pointer to be reused after it has been freed. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A use-after-free vulnerability exists in several Adobe products

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0241",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "acrobat dc",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "adobe",
        "version": "15.010.20060"
      },
      {
        "model": "reader",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "adobe",
        "version": "11.0.15"
      },
      {
        "model": "acrobat",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "adobe",
        "version": "11.0.15"
      },
      {
        "model": "acrobat reader dc",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "adobe",
        "version": "15.006.30121"
      },
      {
        "model": "acrobat reader dc",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "adobe",
        "version": "15.010.20060"
      },
      {
        "model": "acrobat dc",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "adobe",
        "version": "15.006.30121"
      },
      {
        "model": "acrobat",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "xi desktop  11.0.16   (windows/macintosh)"
      },
      {
        "model": "acrobat dc",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "classic  15.006.30172   (windows/macintosh)"
      },
      {
        "model": "acrobat dc",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "continuous track  15.016.20039   (windows/macintosh)"
      },
      {
        "model": "acrobat reader dc",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "classic  15.006.30172   (windows/macintosh)"
      },
      {
        "model": "acrobat reader dc",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "continuous track  15.016.20039   (windows/macintosh)"
      },
      {
        "model": "reader",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "xi desktop  11.0.16   (windows/macintosh)"
      },
      {
        "model": "acrobat pro dc",
        "scope": null,
        "trust": 0.7,
        "vendor": "adobe",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": null,
        "trust": 0.6,
        "vendor": "apple",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-16-318"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002634"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-269"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1070"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:adobe:acrobat",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:adobe:acrobat_dc",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:adobe:acrobat_reader_dc",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:adobe:acrobat_reader",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002634"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "AbdulAziz Hariri - HPE Zero Day Initiative",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-16-318"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2016-1070",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2016-1070",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2016-1070",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.7,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-89502",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2016-1070",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-1070",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-1070",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "ZDI",
            "id": "CVE-2016-1070",
            "trust": 0.7,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201605-269",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-89502",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-1070",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-16-318"
      },
      {
        "db": "VULHUB",
        "id": "VHN-89502"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1070"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002634"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-269"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1070"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107. This vulnerability CVE-2016-1045 , CVE-2016-1046 , CVE-2016-1047 , CVE-2016-1048 , CVE-2016-1049 , CVE-2016-1050 , CVE-2016-1051 , CVE-2016-1052 , CVE-2016-1053 , CVE-2016-1054 , CVE-2016-1055 , CVE-2016-1056 , CVE-2016-1057 , CVE-2016-1058 , CVE-2016-1059 , CVE-2016-1060 , CVE-2016-1061 , CVE-2016-1065 , CVE-2016-1066 , CVE-2016-1067 , CVE-2016-1068 , CVE-2016-1069 , CVE-2016-1075 , CVE-2016-1094 , CVE-2016-1121 , CVE-2016-1122 , CVE-2016-4102 ,and CVE-2016-4107 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the \"Share For Comments\" feature. In certain conditions the Adobe Acrobat Pro DC \"Share For Comments\" feature can force a dangling pointer to be reused after it has been freed. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A use-after-free vulnerability exists in several Adobe products",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1070"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002634"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-318"
      },
      {
        "db": "BID",
        "id": "90512"
      },
      {
        "db": "VULHUB",
        "id": "VHN-89502"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1070"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-1070",
        "trust": 3.6
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-318",
        "trust": 2.2
      },
      {
        "db": "BID",
        "id": "90512",
        "trust": 1.5
      },
      {
        "db": "SECTRACK",
        "id": "1035828",
        "trust": 1.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002634",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-3534",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-269",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2016.1146",
        "trust": 0.6
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-305",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-306",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-300",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-309",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-303",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-307",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-323",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-302",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-316",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-328",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-359",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-297",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-296",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-299",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-295",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-317",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-298",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-293",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-308",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-313",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-294",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-312",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-315",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-301",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-304",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-89502",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1070",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-16-318"
      },
      {
        "db": "VULHUB",
        "id": "VHN-89502"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1070"
      },
      {
        "db": "BID",
        "id": "90512"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002634"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-269"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1070"
      }
    ]
  },
  "id": "VAR-201605-0241",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-89502"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T21:43:06.298000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APSB16-14",
        "trust": 1.5,
        "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html"
      },
      {
        "title": "APSB16-14",
        "trust": 0.8,
        "url": "https://helpx.adobe.com/jp/security/products/reader/apsb16-14.html"
      },
      {
        "title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Reader \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
        "trust": 0.8,
        "url": "http://www.fmworld.net/biz/common/adobe/20160512.html"
      },
      {
        "title": "Multiple Adobe Remediation measures for reusing vulnerabilities after product release",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61587"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-16-318"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002634"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-269"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002634"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1070"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html"
      },
      {
        "trust": 1.5,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-318"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/90512"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id/1035828"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1070"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20160511-adobereader.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2016/at160023.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1070"
      },
      {
        "trust": 0.8,
        "url": "http://www.npa.go.jp/cyberpolice/topics/?seq=18377"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/render.html?it=34330"
      },
      {
        "trust": 0.3,
        "url": "http://www.adobe.com/products/acrobat.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.adobe.com"
      },
      {
        "trust": 0.3,
        "url": "http://get.adobe.com/reader/"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-293"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-294"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-295"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-296"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-297"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-298"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-299"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-300"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-301"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-302"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-303"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-304"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-305"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-306"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-307"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-308"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-309"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-312"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-313"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-315"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-316"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-317"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-323"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-328"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-359/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=46431"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-16-318"
      },
      {
        "db": "VULHUB",
        "id": "VHN-89502"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1070"
      },
      {
        "db": "BID",
        "id": "90512"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002634"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-269"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1070"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-16-318"
      },
      {
        "db": "VULHUB",
        "id": "VHN-89502"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1070"
      },
      {
        "db": "BID",
        "id": "90512"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002634"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-269"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1070"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-10T00:00:00",
        "db": "ZDI",
        "id": "ZDI-16-318"
      },
      {
        "date": "2016-05-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-89502"
      },
      {
        "date": "2016-05-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-1070"
      },
      {
        "date": "2016-05-10T00:00:00",
        "db": "BID",
        "id": "90512"
      },
      {
        "date": "2016-05-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002634"
      },
      {
        "date": "2016-05-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-269"
      },
      {
        "date": "2016-05-11T10:59:38.470000",
        "db": "NVD",
        "id": "CVE-2016-1070"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-10T00:00:00",
        "db": "ZDI",
        "id": "ZDI-16-318"
      },
      {
        "date": "2016-12-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-89502"
      },
      {
        "date": "2016-12-01T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-1070"
      },
      {
        "date": "2016-07-06T14:40:00",
        "db": "BID",
        "id": "90512"
      },
      {
        "date": "2016-05-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002634"
      },
      {
        "date": "2016-05-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-269"
      },
      {
        "date": "2024-11-21T02:45:42.610000",
        "db": "NVD",
        "id": "CVE-2016-1070"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-269"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Windows and  Mac OS X Run on  Adobe Reader and  Acrobat Vulnerable to arbitrary code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002634"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-269"
      }
    ],
    "trust": 0.6
  }
}

ghsa-pg85-gq42-6gf9

Vulnerability from github

Published

2022-05-17 03:36

Modified

2022-05-17 03:36

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-1070"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-05-11T10:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",
  "id": "GHSA-pg85-gq42-6gf9",
  "modified": "2022-05-17T03:36:44Z",
  "published": "2022-05-17T03:36:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1070"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/90512"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1035828"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-318"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2016-1070

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2016-1070

Aliases

CVE-2016-1070

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-1070",
    "description": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",
    "id": "GSD-2016-1070"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-1070"
      ],
      "details": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",
      "id": "GSD-2016-1070",
      "modified": "2023-12-13T01:21:24.020491Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2016-1070",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "90512",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/90512"
          },
          {
            "name": "1035828",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1035828"
          },
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-318",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-318"
          },
          {
            "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html",
            "refsource": "CONFIRM",
            "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.010.20060",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.006.30121",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "11.0.15",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "11.0.15",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.010.20060",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.006.30121",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2016-1070"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html"
            },
            {
              "name": "90512",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/90512"
            },
            {
              "name": "1035828",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1035828"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-318",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-318"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2016-12-01T03:04Z",
      "publishedDate": "2016-05-11T10:59Z"
    }
  }
}

fkie_cve-2016-1070

Vulnerability from fkie_nvd

Published

2016-05-11 10:59

Modified

2025-04-12 10:46

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@adobe.com	http://www.securityfocus.com/bid/90512
psirt@adobe.com	http://www.securitytracker.com/id/1035828
psirt@adobe.com	http://www.zerodayinitiative.com/advisories/ZDI-16-318
psirt@adobe.com	https://helpx.adobe.com/security/products/acrobat/apsb16-14.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/90512
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1035828
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-16-318
af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/acrobat/apsb16-14.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
apple	mac_os_x	*
microsoft	windows	*
adobe	acrobat	*
adobe	acrobat_dc	*
adobe	acrobat_dc	*
adobe	acrobat_reader_dc	*
adobe	acrobat_reader_dc	*
adobe	reader	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A70458C-0416-49BD-A371-1CFA85DC6A13",
              "versionEndIncluding": "11.0.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*",
              "matchCriteriaId": "E91D5928-1453-4359-9F35-46D9A3A9CD91",
              "versionEndIncluding": "15.006.30121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
              "matchCriteriaId": "504D35C5-04CB-4FBD-B9FD-4CBA71A5EC1A",
              "versionEndIncluding": "15.010.20060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*",
              "matchCriteriaId": "A63411C3-E8AE-415D-B1B6-1EA6AA20494A",
              "versionEndIncluding": "15.006.30121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
              "matchCriteriaId": "B33BAE59-1F77-4F21-A5C0-B5D9D1D67F1E",
              "versionEndIncluding": "15.010.20060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "15C60A67-A7DE-4B57-BC2B-28D9B546DA3B",
              "versionEndIncluding": "11.0.15",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n de memoria en Adobe Reader y Acrobat en versiones anteriores a 11.0.16, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 15.006.30172 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 15.016.20039 sobre Windows y OS X permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente a CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102 y CVE-2016-4107."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/416.html\"\u003eCWE-416: Use After Free\u003c/a\u003e",
  "id": "CVE-2016-1070",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-05-11T10:59:38.470",
  "references": [
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securityfocus.com/bid/90512"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securitytracker.com/id/1035828"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-318"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/90512"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035828"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-318"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2016-AVI-161

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Adobe Acrobat et Reader. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	Acrobat	Adobe Acrobat Reader DC Classic versions antérieures à 15.006.30172 sur Windows et Macintosh
Adobe	Acrobat	Adobe Acrobat DC Classic versions antérieures à 15.006.30172 sur Windows et Macintosh
Adobe	Acrobat	Adobe Reader XI versions antérieures à 11.0.16 sur Windows et Macintosh
Adobe	Acrobat	Adobe Acrobat DC versions antérieures à 15.016.20039 sur Windows et Macintosh
Adobe	Acrobat	Adobe Acrobat XI versions antérieures à 11.0.16 sur Windows et Macintosh
Adobe	Acrobat	Adobe Acrobat Reader DC versions antérieures à 15.016.20039 sur Windows et Macintosh

References

Title

Publication Time

cnvd-2016-03045

Vulnerability from cnvd

Title

多款Adobe产品内存错误引用漏洞（CNVD-2016-03045）

Description

Adobe Acrobat DC等都是美国奥多比（Adobe）公司的产品。Acrobat DC是一套桌面版PDF解决方案；Acrobat Reader DC是一套用于查看、打印和批注PDF的工具。Classic和Continuous是Acrobat DC和Acrobat Reader DC产品下载中心所提供的两种更新机制。多款Adobe产品中存在内存错误引用漏洞。攻击者可利用该漏洞执行任意代码，控制受影响系统。

Severity

中

Patch Name

多款Adobe产品内存错误引用漏洞（CNVD-2016-03045）的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://helpx.adobe.com/security/products/acrobat/apsb16-14.html

Reference

http://zerodayinitiative.com/advisories/ZDI-16-318/

Impacted products

Name
['Adobe Reader <11.0.16', 'Adobe Acrobat <11.0.16', 'Adobe Acrobat <15.006.30172', 'Adobe Acrobat Reader DC Classic <15.006.30172', 'Adobe Acrobat(on Windows/OS X ) <15.016.20039', 'Adobe Acrobat Reader DC Continuous（on Windows/OS X） <15.016.20039']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1070"
    }
  },
  "description": "Adobe Acrobat DC\u7b49\u90fd\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Acrobat DC\u662f\u4e00\u5957\u684c\u9762\u7248PDF\u89e3\u51b3\u65b9\u6848\uff1bAcrobat Reader DC\u662f\u4e00\u5957\u7528\u4e8e\u67e5\u770b\u3001\u6253\u5370\u548c\u6279\u6ce8PDF\u7684\u5de5\u5177\u3002Classic\u548cContinuous\u662fAcrobat DC\u548cAcrobat Reader DC\u4ea7\u54c1\u4e0b\u8f7d\u4e2d\u5fc3\u6240\u63d0\u4f9b\u7684\u4e24\u79cd\u66f4\u65b0\u673a\u5236\u3002\r\n\r\n\u591a\u6b3eAdobe\u4ea7\u54c1\u4e2d\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u63a7\u5236\u53d7\u5f71\u54cd\u7cfb\u7edf\u3002",
  "discovererName": "AbdulAziz Hariri - HPE Zero Day Initiative",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttps://helpx.adobe.com/security/products/acrobat/apsb16-14.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-03045",
  "openTime": "2016-05-12",
  "patchDescription": "Adobe Acrobat DC\u7b49\u90fd\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Acrobat DC\u662f\u4e00\u5957\u684c\u9762\u7248PDF\u89e3\u51b3\u65b9\u6848\uff1bAcrobat Reader DC\u662f\u4e00\u5957\u7528\u4e8e\u67e5\u770b\u3001\u6253\u5370\u548c\u6279\u6ce8PDF\u7684\u5de5\u5177\u3002Classic\u548cContinuous\u662fAcrobat DC\u548cAcrobat Reader DC\u4ea7\u54c1\u4e0b\u8f7d\u4e2d\u5fc3\u6240\u63d0\u4f9b\u7684\u4e24\u79cd\u66f4\u65b0\u673a\u5236\u3002\r\n\r\n\u591a\u6b3eAdobe\u4ea7\u54c1\u4e2d\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u63a7\u5236\u53d7\u5f71\u54cd\u7cfb\u7edf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eAdobe\u4ea7\u54c1\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff08CNVD-2016-03045\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Adobe Reader \u003c11.0.16",
      "Adobe Acrobat \u003c11.0.16",
      "Adobe Acrobat \u003c15.006.30172",
      "Adobe Acrobat Reader DC Classic \u003c15.006.30172",
      "Adobe Acrobat(on Windows/OS X ) \u003c15.016.20039",
      "Adobe Acrobat Reader DC Continuous\uff08on Windows/OS X\uff09 \u003c15.016.20039"
    ]
  },
  "referenceLink": "http://zerodayinitiative.com/advisories/ZDI-16-318/",
  "serverity": "\u4e2d",
  "submitTime": "2016-05-11",
  "title": "\u591a\u6b3eAdobe\u4ea7\u54c1\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff08CNVD-2016-03045\uff09"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-1070 (GCVE-0-2016-1070)

Vulnerability from cvelistv5

var-201605-0241

Vulnerability from variot

ghsa-pg85-gq42-6gf9

Vulnerability from github

gsd-2016-1070

Vulnerability from gsd

fkie_cve-2016-1070

Vulnerability from fkie_nvd

CERTFR-2016-AVI-161

Vulnerability from certfr_avis

Solution

cnvd-2016-03045

Vulnerability from cnvd

Tags

Sightings

Nomenclature