var-201605-0094
Vulnerability from variot
Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows local users to gain privileges via a Trojan horse resource in an unspecified directory, a different vulnerability than CVE-2016-1087 and CVE-2016-1090. This vulnerability CVE-2016-1087 and CVE-2016-1090 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlA local user may be able to obtain permissions through Trojan horse resources in unspecified directories. Adobe Reader and Acrobat are prone to multiple remote code-execution vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0094",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "acrobat dc",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "15.010.20060"
},
{
"model": "reader",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.0.15"
},
{
"model": "acrobat",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.0.15"
},
{
"model": "acrobat reader dc",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "15.006.30121"
},
{
"model": "acrobat reader dc",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "15.010.20060"
},
{
"model": "acrobat dc",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "15.006.30121"
},
{
"model": "acrobat",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "xi desktop 11.0.16 (windows/macintosh)"
},
{
"model": "acrobat dc",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "classic 15.006.30172 (windows/macintosh)"
},
{
"model": "acrobat dc",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous track 15.016.20039 (windows/macintosh)"
},
{
"model": "acrobat reader dc",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "classic 15.006.30172 (windows/macintosh)"
},
{
"model": "acrobat reader dc",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous track 15.016.20039 (windows/macintosh)"
},
{
"model": "reader",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "xi desktop 11.0.16 (windows/macintosh)"
},
{
"model": "windows",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002691"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-326"
},
{
"db": "NVD",
"id": "CVE-2016-4106"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:adobe:acrobat",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:acrobat_dc",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:acrobat_reader_dc",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:acrobat_reader",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002691"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ke Liu of Tencent\u0027s Xuanwu LAB",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-326"
}
],
"trust": 0.6
},
"cve": "CVE-2016-4106",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-4106",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-92925",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2016-4106",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4106",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-4106",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-326",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-92925",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92925"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002691"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-326"
},
{
"db": "NVD",
"id": "CVE-2016-4106"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows local users to gain privileges via a Trojan horse resource in an unspecified directory, a different vulnerability than CVE-2016-1087 and CVE-2016-1090. This vulnerability CVE-2016-1087 and CVE-2016-1090 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlA local user may be able to obtain permissions through Trojan horse resources in unspecified directories. Adobe Reader and Acrobat are prone to multiple remote code-execution vulnerabilities. \nAn attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4106"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002691"
},
{
"db": "BID",
"id": "90513"
},
{
"db": "VULHUB",
"id": "VHN-92925"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4106",
"trust": 2.8
},
{
"db": "BID",
"id": "90513",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1035828",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002691",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2016.1146",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201605-326",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-92925",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92925"
},
{
"db": "BID",
"id": "90513"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002691"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-326"
},
{
"db": "NVD",
"id": "CVE-2016-4106"
}
]
},
"id": "VAR-201605-0094",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-92925"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:43:03.780000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-14",
"trust": 0.8,
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html"
},
{
"title": "APSB16-14",
"trust": 0.8,
"url": "https://helpx.adobe.com/jp/security/products/reader/apsb16-14.html"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Reader \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20160512.html"
},
{
"title": "Multiple Adobe Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61644"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002691"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-326"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002691"
},
{
"db": "NVD",
"id": "CVE-2016-4106"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/90513"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035828"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4106"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160511-adobereader.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2016/at160023.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4106"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=18377"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/render.html?it=34330"
},
{
"trust": 0.3,
"url": "http://www.adobe.com"
},
{
"trust": 0.3,
"url": "http://get.adobe.com/reader/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92925"
},
{
"db": "BID",
"id": "90513"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002691"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-326"
},
{
"db": "NVD",
"id": "CVE-2016-4106"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-92925"
},
{
"db": "BID",
"id": "90513"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002691"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-326"
},
{
"db": "NVD",
"id": "CVE-2016-4106"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-92925"
},
{
"date": "2016-05-10T00:00:00",
"db": "BID",
"id": "90513"
},
{
"date": "2016-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002691"
},
{
"date": "2016-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-326"
},
{
"date": "2016-05-11T11:00:59.387000",
"db": "NVD",
"id": "CVE-2016-4106"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-02T00:00:00",
"db": "VULHUB",
"id": "VHN-92925"
},
{
"date": "2016-05-10T00:00:00",
"db": "BID",
"id": "90513"
},
{
"date": "2016-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002691"
},
{
"date": "2016-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-326"
},
{
"date": "2024-11-21T02:51:22.713000",
"db": "NVD",
"id": "CVE-2016-4106"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-326"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002691"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-326"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…