Details of VAR-201510-0363

ID

VAR-201510-0363

CVE

CVE-2015-6692

TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2015-005249

DESCRIPTION

Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information via unspecified vectors. Adobe Acrobat and Reader are prone to an unspecified buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Attackers can exploit this issue to disclose sensitive information or cause a denial-of-service condition. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A buffer overflow vulnerability exists in several Adobe products. 30060 and earlier, Acrobat XI Desktop 11.0.12 and earlier, Reader XI Desktop 11.0.12 and earlier, Acrobat X Desktop 10.1.15 and earlier, Reader X Desktop 10.1.15 and earlier

Trust: 1.98

sources: NVD: CVE-2015-6692 // JVNDB: JVNDB-2015-005249 // BID: 77066 // VULHUB: VHN-84653

AFFECTED PRODUCTS

vendor:	adobe	model:	acrobat dc	scope:	gte	version:	15.006.30060	Trust: 1.0
vendor:	adobe	model:	acrobat dc	scope:	gte	version:	15.008.20082	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	lte	version:	10.1.15	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	gte	version:	10.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	lte	version:	10.1.15	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	gte	version:	10.0	Trust: 1.0
vendor:	adobe	model:	acrobat dc	scope:	lt	version:	15.006.30094	Trust: 1.0
vendor:	adobe	model:	acrobat reader dc	scope:	lt	version:	15.009.20069	Trust: 1.0
vendor:	adobe	model:	acrobat reader dc	scope:	gte	version:	15.006.30060	Trust: 1.0
vendor:	adobe	model:	acrobat dc	scope:	lt	version:	15.009.20069	Trust: 1.0
vendor:	adobe	model:	acrobat reader dc	scope:	gte	version:	15.008.20082	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	lte	version:	11.0.12	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	lte	version:	11.0.12	Trust: 1.0
vendor:	adobe	model:	acrobat reader dc	scope:	lt	version:	15.006.30094	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	gte	version:	11.0.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	gte	version:	11.0.0	Trust: 1.0
vendor:	adobe	model:	acrobat dc	scope:	lt	version:	(windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat reader dc	scope:	lt	version:	(windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat reader dc	scope:	eq	version:	classic 2015.006.30094	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	11.x (windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	xi desktop 11.0.13	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	11.x (windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat dc	scope:	eq	version:	continuous 2015.009.20069	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	10.x (windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	xi desktop 11.0.13	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	x desktop 10.1.16	Trust: 0.8
vendor:	adobe	model:	acrobat dc	scope:	eq	version:	classic 2015.006.30094	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	10.x (windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat reader dc	scope:	eq	version:	continuous 2015.009.20069	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	x desktop 10.1.16	Trust: 0.8
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.8	Trust: 0.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.6	Trust: 0.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.5	Trust: 0.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.7	Trust: 0.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.8	Trust: 0.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.2	Trust: 0.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.1	Trust: 0.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.4	Trust: 0.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.0	Trust: 0.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.3	Trust: 0.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.14	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.9	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.13	Trust: 0.3
vendor:	adobe	model:	acrobat reader dc	scope:	eq	version:	2015.8.20082	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.10	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	adobe	model:	acrobat dc	scope:	ne	version:	2015.006.30094	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.15	Trust: 0.3
vendor:	adobe	model:	acrobat reader dc	scope:	eq	version:	2015.6.30060	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.10	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.3	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.13	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.6	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	ne	version:	11.0.13	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0	Trust: 0.3
vendor:	adobe	model:	acrobat reader dc	scope:	ne	version:	2015.006.30094	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.10	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.4	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.3	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	ne	version:	10.1.16	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.11	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.4	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.6	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.11	Trust: 0.3
vendor:	adobe	model:	reader	scope:	ne	version:	11.0.13	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.7	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.14	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	ne	version:	10.1.16	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.5	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0	Trust: 0.3
vendor:	adobe	model:	acrobat dc	scope:	eq	version:	2015.007.20033	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.12	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.13	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.4	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.8	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.11	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.2	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.12	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.08	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.9	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.7	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.6	Trust: 0.3
vendor:	adobe	model:	acrobat dc	scope:	eq	version:	2015.006.30060	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.05	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.10	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.3	Trust: 0.3
vendor:	adobe	model:	acrobat dc	scope:	ne	version:	2015.009.20069	Trust: 0.3
vendor:	adobe	model:	acrobat dc	scope:	eq	version:	2015.006.30033	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.12	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.1	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.4	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.9	Trust: 0.3
vendor:	adobe	model:	acrobat reader dc	scope:	ne	version:	2015.009.20069	Trust: 0.3
vendor:	adobe	model:	acrobat reader dc	scope:	eq	version:	2015.006.30033	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.12	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.08	Trust: 0.3
vendor:	adobe	model:	acrobat dc	scope:	eq	version:	2015.008.20082	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.7	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	adobe	model:	acrobat reader dc	scope:	eq	version:	2015.007.20033	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.09	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.11	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.15	Trust: 0.3

sources: BID: 77066 // JVNDB: JVNDB-2015-005249 // CNNVD: CNNVD-201510-205 // NVD: CVE-2015-6692

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6692
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-6692
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201510-205
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-84653
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-6692
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-84653
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-84653 // JVNDB: JVNDB-2015-005249 // CNNVD: CNNVD-201510-205 // NVD: CVE-2015-6692

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.1
problemtype:	CWE-119	Trust: 0.9
problemtype:	CWE-200	Trust: 0.9

sources: VULHUB: VHN-84653 // JVNDB: JVNDB-2015-005249 // NVD: CVE-2015-6692

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-205

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201510-205

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005249

PATCH

title:	APSB15-24	url:	https://helpx.adobe.com/security/products/acrobat/apsb15-24.html	Trust: 0.8
title:	APSB15-24	url:	https://helpx.adobe.com/jp/security/products/reader/apsb15-24.html	Trust: 0.8
title:	アドビシステムズ社 Adobe Reader の脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/adobe/20151015.html	Trust: 0.8
title:	Multiple Adobe Product Buffer Overflow Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58054	Trust: 0.6

sources: JVNDB: JVNDB-2015-005249 // CNNVD: CNNVD-201510-205

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6692	Trust: 2.8
db:	SECTRACK	id:	1033796	Trust: 1.7
db:	JVNDB	id:	JVNDB-2015-005249	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-205	Trust: 0.7
db:	BID	id:	77066	Trust: 0.4
db:	VULHUB	id:	VHN-84653	Trust: 0.1

sources: VULHUB: VHN-84653 // BID: 77066 // JVNDB: JVNDB-2015-005249 // CNNVD: CNNVD-201510-205 // NVD: CVE-2015-6692

REFERENCES

url:	https://helpx.adobe.com/security/products/acrobat/apsb15-24.html	Trust: 2.0
url:	http://www.securitytracker.com/id/1033796	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6692	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20151014-adobereader.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2015/at150035.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6692	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=17022	Trust: 0.8
url:	http://www.adobe.com	Trust: 0.3

sources: VULHUB: VHN-84653 // BID: 77066 // JVNDB: JVNDB-2015-005249 // CNNVD: CNNVD-201510-205 // NVD: CVE-2015-6692

CREDITS

Jack Tang of TrendMicro

Trust: 0.3

sources: BID: 77066

SOURCES

db:	VULHUB	id:	VHN-84653
db:	BID	id:	77066
db:	JVNDB	id:	JVNDB-2015-005249
db:	CNNVD	id:	CNNVD-201510-205
db:	NVD	id:	CVE-2015-6692

LAST UPDATE DATE

2024-11-23T21:43:45.949000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-84653	date:	2020-05-18T00:00:00
db:	BID	id:	77066	date:	2015-10-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-005249	date:	2015-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201510-205	date:	2020-05-19T00:00:00
db:	NVD	id:	CVE-2015-6692	date:	2024-11-21T02:35:27.203

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-84653	date:	2015-10-14T00:00:00
db:	BID	id:	77066	date:	2015-10-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-005249	date:	2015-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201510-205	date:	2015-10-15T00:00:00
db:	NVD	id:	CVE-2015-6692	date:	2015-10-14T23:59:14.033