var-201605-0380
Vulnerability from variot
Integer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of XFA FormCalc. A specially crafted replace call can trigger an integer overflow condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Adobe Reader and Acrobat are prone to an integer-overflow vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. Note: This issue was previously titled 'Adobe Reader and Acrobat CVE-2016-1043 Unspecified Integer Overflow Vulnerability'. The title has been changed to better reflect the vulnerability information. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0380",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "acrobat dc",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "15.010.20060"
},
{
"model": "reader",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.0.15"
},
{
"model": "acrobat",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.0.15"
},
{
"model": "acrobat reader dc",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "15.006.30121"
},
{
"model": "acrobat reader dc",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "15.010.20060"
},
{
"model": "acrobat dc",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "15.006.30121"
},
{
"model": "acrobat",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "xi desktop 11.0.16 (windows/macintosh)"
},
{
"model": "acrobat dc",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "classic 15.006.30172 (windows/macintosh)"
},
{
"model": "acrobat dc",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous track 15.016.20039 (windows/macintosh)"
},
{
"model": "acrobat reader dc",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "classic 15.006.30172 (windows/macintosh)"
},
{
"model": "acrobat reader dc",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous track 15.016.20039 (windows/macintosh)"
},
{
"model": "reader",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "xi desktop 11.0.16 (windows/macintosh)"
},
{
"model": "acrobat reader dc",
"scope": null,
"trust": 0.7,
"vendor": "adobe",
"version": null
},
{
"model": "windows",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-286"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002602"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-242"
},
{
"db": "NVD",
"id": "CVE-2016-1043"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:adobe:acrobat",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:acrobat_dc",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:acrobat_reader_dc",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:acrobat_reader",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002602"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous working with Trend Micro\u0027s Zero Day Initiative",
"sources": [
{
"db": "BID",
"id": "90516"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-242"
}
],
"trust": 0.9
},
"cve": "CVE-2016-1043",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-1043",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-1043",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-89205",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1043",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1043",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-1043",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2016-1043",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-242",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-89205",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-1043",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-286"
},
{
"db": "VULHUB",
"id": "VHN-89205"
},
{
"db": "VULMON",
"id": "CVE-2016-1043"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002602"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-242"
},
{
"db": "NVD",
"id": "CVE-2016-1043"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of XFA FormCalc. A specially crafted replace call can trigger an integer overflow condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Adobe Reader and Acrobat are prone to an integer-overflow vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. \nNote: This issue was previously titled \u0027Adobe Reader and Acrobat CVE-2016-1043 Unspecified Integer Overflow Vulnerability\u0027. The title has been changed to better reflect the vulnerability information. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1043"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002602"
},
{
"db": "ZDI",
"id": "ZDI-16-286"
},
{
"db": "BID",
"id": "90516"
},
{
"db": "VULHUB",
"id": "VHN-89205"
},
{
"db": "VULMON",
"id": "CVE-2016-1043"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1043",
"trust": 3.6
},
{
"db": "ZDI",
"id": "ZDI-16-286",
"trust": 2.2
},
{
"db": "BID",
"id": "90516",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1035828",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002602",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3414",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201605-242",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2016.1146",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-89205",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-1043",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-286"
},
{
"db": "VULHUB",
"id": "VHN-89205"
},
{
"db": "VULMON",
"id": "CVE-2016-1043"
},
{
"db": "BID",
"id": "90516"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002602"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-242"
},
{
"db": "NVD",
"id": "CVE-2016-1043"
}
]
},
"id": "VAR-201605-0380",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-89205"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:43:05.015000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-14",
"trust": 1.5,
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html"
},
{
"title": "APSB16-14",
"trust": 0.8,
"url": "https://helpx.adobe.com/jp/security/products/reader/apsb16-14.html"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Reader \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20160512.html"
},
{
"title": "Multiple Adobe Product Integer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61560"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-286"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002602"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-242"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89205"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002602"
},
{
"db": "NVD",
"id": "CVE-2016-1043"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html"
},
{
"trust": 1.5,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-286"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/90516"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1035828"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1043"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160511-adobereader.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2016/at160023.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1043"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=18377"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/render.html?it=34330"
},
{
"trust": 0.3,
"url": "http://www.adobe.com/products/acrobat.html"
},
{
"trust": 0.3,
"url": "http://www.adobe.com"
},
{
"trust": 0.3,
"url": "http://get.adobe.com/reader/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=46348"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-286"
},
{
"db": "VULHUB",
"id": "VHN-89205"
},
{
"db": "VULMON",
"id": "CVE-2016-1043"
},
{
"db": "BID",
"id": "90516"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002602"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-242"
},
{
"db": "NVD",
"id": "CVE-2016-1043"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-16-286"
},
{
"db": "VULHUB",
"id": "VHN-89205"
},
{
"db": "VULMON",
"id": "CVE-2016-1043"
},
{
"db": "BID",
"id": "90516"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002602"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-242"
},
{
"db": "NVD",
"id": "CVE-2016-1043"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-10T00:00:00",
"db": "ZDI",
"id": "ZDI-16-286"
},
{
"date": "2016-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-89205"
},
{
"date": "2016-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1043"
},
{
"date": "2016-05-10T00:00:00",
"db": "BID",
"id": "90516"
},
{
"date": "2016-05-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002602"
},
{
"date": "2016-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-242"
},
{
"date": "2016-05-11T10:59:07.537000",
"db": "NVD",
"id": "CVE-2016-1043"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-10T00:00:00",
"db": "ZDI",
"id": "ZDI-16-286"
},
{
"date": "2016-12-01T00:00:00",
"db": "VULHUB",
"id": "VHN-89205"
},
{
"date": "2016-12-01T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1043"
},
{
"date": "2016-07-06T14:39:00",
"db": "BID",
"id": "90516"
},
{
"date": "2016-05-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002602"
},
{
"date": "2016-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-242"
},
{
"date": "2024-11-21T02:45:39.550000",
"db": "NVD",
"id": "CVE-2016-1043"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-242"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Windows and Mac OS X Run on Adobe Reader and Acrobat Integer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002602"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-242"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…