Sign-up

ID

VAR-201603-0204


CVE

CVE-2016-1009


TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2016-001700

DESCRIPTION

Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1007. This vulnerability CVE-2016-1007 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of PDFs. The issue lies in the failure to ensure that indexes are within the bounds of an allocated buffer. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A security vulnerability exists in several Adobe products due to the program not properly initializing gesture properties

Trust: 2.43

sources: NVD: CVE-2016-1009 // JVNDB: JVNDB-2016-001700 // ZDI: ZDI-16-191 // VULHUB: VHN-88831 // VULMON: CVE-2016-1009

AFFECTED PRODUCTS

vendor:adobemodel:acrobatscope:lteversion:11.0.14

Trust: 1.0

vendor:adobemodel:acrobat readerscope:lteversion:11.0.14

Trust: 1.0

vendor:adobemodel:acrobat dcscope:lteversion:15.010.20059

Trust: 1.0

vendor:adobemodel:acrobat dcscope:lteversion:15.006.30119

Trust: 1.0

vendor:adobemodel:acrobat reader dcscope:lteversion:15.006.30119

Trust: 1.0

vendor:adobemodel:acrobat reader dcscope:lteversion:15.010.20059

Trust: 1.0

vendor:adobemodel:acrobatscope:ltversion:xi desktop 11.0.15 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:acrobat dcscope:ltversion:classic 15.006.30121 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:acrobat dcscope:ltversion:continuous track 15.010.20060 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:acrobat reader dcscope:ltversion:classic 15.006.30121 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:acrobat reader dcscope:ltversion:continuous track 15.010.20060 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:readerscope:ltversion:xi desktop 11.0.15 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:acrobat reader dcscope: - version: -

Trust: 0.7

vendor:adobemodel:acrobatscope:eqversion:11.0.14

Trust: 0.6

vendor:adobemodel:acrobat reader dcscope:eqversion:15.010.20059

Trust: 0.6

vendor:adobemodel:acrobat dcscope:eqversion:15.010.20059

Trust: 0.6

vendor:adobemodel:acrobat reader dcscope:eqversion:15.006.30119

Trust: 0.6

vendor:adobemodel:acrobat dcscope:eqversion:15.006.30119

Trust: 0.6

vendor:adobemodel:acrobat readerscope:eqversion:11.0.14

Trust: 0.6

sources: ZDI: ZDI-16-191 // JVNDB: JVNDB-2016-001700 // CNNVD: CNNVD-201603-079 // NVD: CVE-2016-1009

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1009
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-1009
value: HIGH

Trust: 0.8

ZDI: CVE-2016-1009
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-201603-079
value: CRITICAL

Trust: 0.6

VULHUB: VHN-88831
value: HIGH

Trust: 0.1

VULMON: CVE-2016-1009
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-1009
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

ZDI: CVE-2016-1009
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-88831
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1009
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: ZDI: ZDI-16-191 // VULHUB: VHN-88831 // VULMON: CVE-2016-1009 // JVNDB: JVNDB-2016-001700 // CNNVD: CNNVD-201603-079 // NVD: CVE-2016-1009

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-88831 // JVNDB: JVNDB-2016-001700 // NVD: CVE-2016-1009

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201603-079

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201603-079

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001700

PATCH
title:APSB16-09url:https://helpx.adobe.com/security/products/acrobat/apsb16-09.html
Trust: 1.5
title:APSB16-09url:https://helpx.adobe.com/jp/security/products/acrobat/apsb16-09.html
Trust: 0.8
title:Multiple Adobe Fixes for product arbitrary code execution vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60439
Trust: 0.6
title: - url:https://threatpost.com/adobe-patches-reader-and-acrobat-teases-upcoming-flash-update/116662/
Trust: 0.1
sources:
            
            
            ZDI: ZDI-16-191 // 
            
            
            
            VULMON: CVE-2016-1009 // 
            
            
            
            JVNDB: JVNDB-2016-001700 // 
            
            
            
            CNNVD: CNNVD-201603-079

EXTERNAL IDS
db:NVDid:CVE-2016-1009
Trust: 3.3
db:ZDIid:ZDI-16-191
Trust: 1.8
db:BIDid:84215
Trust: 1.1
db:SECTRACKid:1035199
Trust: 1.1
db:JVNDBid:JVNDB-2016-001700
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-3253
Trust: 0.7
db:CNNVDid:CNNVD-201603-079
Trust: 0.7
db:VULHUBid:VHN-88831
Trust: 0.1
db:VULMONid:CVE-2016-1009
Trust: 0.1
sources:
            
            
            ZDI: ZDI-16-191 // 
            
            
            
            VULHUB: VHN-88831 // 
            
            
            
            VULMON: CVE-2016-1009 // 
            
            
            
            JVNDB: JVNDB-2016-001700 // 
            
            
            
            CNNVD: CNNVD-201603-079 // 
            
            
            
            NVD: CVE-2016-1009

REFERENCES
url:https://helpx.adobe.com/security/products/acrobat/apsb16-09.html
Trust: 2.4
url:http://www.securityfocus.com/bid/84215
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-16-191
Trust: 1.1
url:http://www.securitytracker.com/id/1035199
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1009
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1009
Trust: 0.8
sources:
            
            
            ZDI: ZDI-16-191 // 
            
            
            
            VULHUB: VHN-88831 // 
            
            
            
            JVNDB: JVNDB-2016-001700 // 
            
            
            
            CNNVD: CNNVD-201603-079 // 
            
            
            
            NVD: CVE-2016-1009

CREDITS
Jaanus Kp - Clarified Security
Trust: 1.3
sources:
            
            
            ZDI: ZDI-16-191 // 
            
            
            
            CNNVD: CNNVD-201603-079

SOURCES
db:ZDIid:ZDI-16-191
db:VULHUBid:VHN-88831
db:VULMONid:CVE-2016-1009
db:JVNDBid:JVNDB-2016-001700
db:CNNVDid:CNNVD-201603-079
db:NVDid:CVE-2016-1009

LAST UPDATE DATE
2024-11-23T22:27:02.695000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-16-191date:2016-03-08T00:00:00
db:VULHUBid:VHN-88831date:2016-12-03T00:00:00
db:VULMONid:CVE-2016-1009date:2016-12-03T00:00:00
db:JVNDBid:JVNDB-2016-001700date:2016-03-15T00:00:00
db:CNNVDid:CNNVD-201603-079date:2016-03-09T00:00:00
db:NVDid:CVE-2016-1009date:2024-11-21T02:45:35.070

SOURCES RELEASE DATE
db:ZDIid:ZDI-16-191date:2016-03-08T00:00:00
db:VULHUBid:VHN-88831date:2016-03-09T00:00:00
db:VULMONid:CVE-2016-1009date:2016-03-09T00:00:00
db:JVNDBid:JVNDB-2016-001700date:2016-03-15T00:00:00
db:CNNVDid:CNNVD-201603-079date:2016-03-09T00:00:00
db:NVDid:CVE-2016-1009date:2016-03-09T11:59:39.360