Sign-up

ID

VAR-201603-0202


CVE

CVE-2016-1007


TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2016-001698

DESCRIPTION

Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1009. This vulnerability CVE-2016-1009 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of annotation gestures. The issue lies in the failure to properly initialize the gestures property prior to using it, leading to memory corruption. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A security vulnerability exists in several Adobe products due to the program not properly initializing gesture properties

Trust: 2.43

sources: NVD: CVE-2016-1007 // JVNDB: JVNDB-2016-001698 // ZDI: ZDI-16-189 // VULHUB: VHN-88809 // VULMON: CVE-2016-1007

AFFECTED PRODUCTS

vendor:adobemodel:acrobatscope:lteversion:11.0.14

Trust: 1.0

vendor:adobemodel:acrobat readerscope:lteversion:11.0.14

Trust: 1.0

vendor:adobemodel:acrobat dcscope:lteversion:15.010.20059

Trust: 1.0

vendor:adobemodel:acrobat dcscope:lteversion:15.006.30119

Trust: 1.0

vendor:adobemodel:acrobat reader dcscope:lteversion:15.006.30119

Trust: 1.0

vendor:adobemodel:acrobat reader dcscope:lteversion:15.010.20059

Trust: 1.0

vendor:adobemodel:acrobatscope:ltversion:xi desktop 11.0.15 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:acrobat dcscope:ltversion:classic 15.006.30121 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:acrobat dcscope:ltversion:continuous track 15.010.20060 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:acrobat reader dcscope:ltversion:classic 15.006.30121 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:acrobat reader dcscope:ltversion:continuous track 15.010.20060 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:readerscope:ltversion:xi desktop 11.0.15 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:acrobat reader dcscope: - version: -

Trust: 0.7

vendor:adobemodel:acrobatscope:eqversion:11.0.14

Trust: 0.6

vendor:adobemodel:acrobat reader dcscope:eqversion:15.010.20059

Trust: 0.6

vendor:adobemodel:acrobat dcscope:eqversion:15.010.20059

Trust: 0.6

vendor:adobemodel:acrobat reader dcscope:eqversion:15.006.30119

Trust: 0.6

vendor:adobemodel:acrobat dcscope:eqversion:15.006.30119

Trust: 0.6

vendor:adobemodel:acrobat readerscope:eqversion:11.0.14

Trust: 0.6

sources: ZDI: ZDI-16-189 // JVNDB: JVNDB-2016-001698 // CNNVD: CNNVD-201603-077 // NVD: CVE-2016-1007

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1007
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-1007
value: HIGH

Trust: 0.8

ZDI: CVE-2016-1007
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-201603-077
value: CRITICAL

Trust: 0.6

VULHUB: VHN-88809
value: HIGH

Trust: 0.1

VULMON: CVE-2016-1007
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-1007
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

ZDI: CVE-2016-1007
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-88809
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1007
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: ZDI: ZDI-16-189 // VULHUB: VHN-88809 // VULMON: CVE-2016-1007 // JVNDB: JVNDB-2016-001698 // CNNVD: CNNVD-201603-077 // NVD: CVE-2016-1007

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-88809 // JVNDB: JVNDB-2016-001698 // NVD: CVE-2016-1007

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201603-077

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201603-077

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001698

PATCH
title:APSB16-09url:https://helpx.adobe.com/security/products/acrobat/apsb16-09.html
Trust: 1.5
title:APSB16-09url:https://helpx.adobe.com/jp/security/products/acrobat/apsb16-09.html
Trust: 0.8
title:Multiple Adobe Fixes for product arbitrary code execution vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60437
Trust: 0.6
title: - url:https://threatpost.com/adobe-patches-reader-and-acrobat-teases-upcoming-flash-update/116662/
Trust: 0.1
sources:
            
            
            ZDI: ZDI-16-189 // 
            
            
            
            VULMON: CVE-2016-1007 // 
            
            
            
            JVNDB: JVNDB-2016-001698 // 
            
            
            
            CNNVD: CNNVD-201603-077

EXTERNAL IDS
db:NVDid:CVE-2016-1007
Trust: 3.3
db:ZDIid:ZDI-16-189
Trust: 1.8
db:BIDid:84215
Trust: 1.1
db:SECTRACKid:1035199
Trust: 1.1
db:JVNDBid:JVNDB-2016-001698
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-3022
Trust: 0.7
db:CNNVDid:CNNVD-201603-077
Trust: 0.7
db:VULHUBid:VHN-88809
Trust: 0.1
db:VULMONid:CVE-2016-1007
Trust: 0.1
sources:
            
            
            ZDI: ZDI-16-189 // 
            
            
            
            VULHUB: VHN-88809 // 
            
            
            
            VULMON: CVE-2016-1007 // 
            
            
            
            JVNDB: JVNDB-2016-001698 // 
            
            
            
            CNNVD: CNNVD-201603-077 // 
            
            
            
            NVD: CVE-2016-1007

REFERENCES
url:https://helpx.adobe.com/security/products/acrobat/apsb16-09.html
Trust: 2.4
url:http://www.securityfocus.com/bid/84215
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-16-189
Trust: 1.1
url:http://www.securitytracker.com/id/1035199
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1007
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1007
Trust: 0.8
sources:
            
            
            ZDI: ZDI-16-189 // 
            
            
            
            VULHUB: VHN-88809 // 
            
            
            
            JVNDB: JVNDB-2016-001698 // 
            
            
            
            CNNVD: CNNVD-201603-077 // 
            
            
            
            NVD: CVE-2016-1007

CREDITS
AbdulAziz Hariri - HP Zero Day Initiative
Trust: 1.3
sources:
            
            
            ZDI: ZDI-16-189 // 
            
            
            
            CNNVD: CNNVD-201603-077

SOURCES
db:ZDIid:ZDI-16-189
db:VULHUBid:VHN-88809
db:VULMONid:CVE-2016-1007
db:JVNDBid:JVNDB-2016-001698
db:CNNVDid:CNNVD-201603-077
db:NVDid:CVE-2016-1007

LAST UPDATE DATE
2024-11-23T22:27:02.729000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-16-189date:2016-03-08T00:00:00
db:VULHUBid:VHN-88809date:2016-12-03T00:00:00
db:VULMONid:CVE-2016-1007date:2016-12-03T00:00:00
db:JVNDBid:JVNDB-2016-001698date:2016-03-15T00:00:00
db:CNNVDid:CNNVD-201603-077date:2016-03-09T00:00:00
db:NVDid:CVE-2016-1007date:2024-11-21T02:45:34.793

SOURCES RELEASE DATE
db:ZDIid:ZDI-16-189date:2016-03-08T00:00:00
db:VULHUBid:VHN-88809date:2016-03-09T00:00:00
db:VULMONid:CVE-2016-1007date:2016-03-09T00:00:00
db:JVNDBid:JVNDB-2016-001698date:2016-03-15T00:00:00
db:CNNVDid:CNNVD-201603-077date:2016-03-09T00:00:00
db:NVDid:CVE-2016-1007date:2016-03-09T11:59:37.500