ID
VAR-201605-0235
CVE
CVE-2016-1075
TITLE
Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution
Trust: 0.8
DESCRIPTION
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107. This vulnerability CVE-2016-1045 , CVE-2016-1046 , CVE-2016-1047 , CVE-2016-1048 , CVE-2016-1049 , CVE-2016-1050 , CVE-2016-1051 , CVE-2016-1052 , CVE-2016-1053 , CVE-2016-1054 , CVE-2016-1055 , CVE-2016-1056 , CVE-2016-1057 , CVE-2016-1058 , CVE-2016-1059 , CVE-2016-1060 , CVE-2016-1061 , CVE-2016-1065 , CVE-2016-1066 , CVE-2016-1067 , CVE-2016-1068 , CVE-2016-1069 , CVE-2016-1070 , CVE-2016-1094 , CVE-2016-1121 , CVE-2016-1122 , CVE-2016-4102 ,and CVE-2016-4107 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of XObject images. A specially crafted XObject image embedded in a PDF file can force a dangling pointer to be reused after it has been freed. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A use-after-free vulnerability exists in several Adobe products
Trust: 2.61
AFFECTED PRODUCTS
| vendor: | adobe | model: | acrobat dc | scope: | lte | version: | 15.006.30121 | Trust: 1.0 |
| vendor: | adobe | model: | acrobat xi | scope: | lte | version: | 11.0.15 | Trust: 1.0 |
| vendor: | adobe | model: | acrobat reader dc | scope: | lte | version: | 15.006.30121 | Trust: 1.0 |
| vendor: | adobe | model: | acrobat dc | scope: | lte | version: | 15.010.20060 | Trust: 1.0 |
| vendor: | adobe | model: | reader xi | scope: | lte | version: | 11.0.15 | Trust: 1.0 |
| vendor: | adobe | model: | acrobat reader dc | scope: | lte | version: | 15.010.20060 | Trust: 1.0 |
| vendor: | adobe | model: | acrobat | scope: | lt | version: | xi desktop 11.0.16 (windows/macintosh) | Trust: 0.8 |
| vendor: | adobe | model: | acrobat dc | scope: | lt | version: | classic 15.006.30172 (windows/macintosh) | Trust: 0.8 |
| vendor: | adobe | model: | acrobat dc | scope: | lt | version: | continuous track 15.016.20039 (windows/macintosh) | Trust: 0.8 |
| vendor: | adobe | model: | acrobat reader dc | scope: | lt | version: | classic 15.006.30172 (windows/macintosh) | Trust: 0.8 |
| vendor: | adobe | model: | acrobat reader dc | scope: | lt | version: | continuous track 15.016.20039 (windows/macintosh) | Trust: 0.8 |
| vendor: | adobe | model: | reader | scope: | lt | version: | xi desktop 11.0.16 (windows/macintosh) | Trust: 0.8 |
| vendor: | adobe | model: | acrobat reader dc | scope: | - | version: | - | Trust: 0.7 |
| vendor: | apple | model: | mac os x | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
| problemtype: | CWE-Other | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
other
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | APSB16-14 | url: | https://helpx.adobe.com/security/products/acrobat/apsb16-14.html | Trust: 1.5 |
| title: | APSB16-14 | url: | https://helpx.adobe.com/jp/security/products/reader/apsb16-14.html | Trust: 0.8 |
| title: | アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ | url: | http://www.fmworld.net/biz/common/adobe/20160512.html | Trust: 0.8 |
| title: | Multiple Adobe Remediation measures for reusing vulnerabilities after product release | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61592 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2016-1075 | Trust: 3.5 |
| db: | ZDI | id: | ZDI-16-323 | Trust: 2.1 |
| db: | BID | id: | 90512 | Trust: 1.4 |
| db: | SECTRACK | id: | 1035828 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2016-002639 | Trust: 0.8 |
| db: | ZDI_CAN | id: | ZDI-CAN-3520 | Trust: 0.7 |
| db: | CNNVD | id: | CNNVD-201605-274 | Trust: 0.7 |
| db: | AUSCERT | id: | ESB-2016.1146 | Trust: 0.6 |
| db: | ZDI | id: | ZDI-16-305 | Trust: 0.3 |
| db: | ZDI | id: | ZDI-16-306 | Trust: 0.3 |
| db: | ZDI | id: | ZDI-16-300 | Trust: 0.3 |
| db: | ZDI | id: | ZDI-16-318 | Trust: 0.3 |
| db: | ZDI | id: | ZDI-16-309 | Trust: 0.3 |
| db: | ZDI | id: | ZDI-16-303 | Trust: 0.3 |
| db: | ZDI | id: | ZDI-16-307 | Trust: 0.3 |
| db: | ZDI | id: | ZDI-16-302 | Trust: 0.3 |
| db: | ZDI | id: | ZDI-16-316 | Trust: 0.3 |
| db: | ZDI | id: | ZDI-16-328 | Trust: 0.3 |
| db: | ZDI | id: | ZDI-16-359 | Trust: 0.3 |
| db: | ZDI | id: | ZDI-16-297 | Trust: 0.3 |
| db: | ZDI | id: | ZDI-16-296 | Trust: 0.3 |
| db: | ZDI | id: | ZDI-16-299 | Trust: 0.3 |
| db: | ZDI | id: | ZDI-16-295 | Trust: 0.3 |
| db: | ZDI | id: | ZDI-16-317 | Trust: 0.3 |
| db: | ZDI | id: | ZDI-16-298 | Trust: 0.3 |
| db: | ZDI | id: | ZDI-16-293 | Trust: 0.3 |
| db: | ZDI | id: | ZDI-16-308 | Trust: 0.3 |
| db: | ZDI | id: | ZDI-16-313 | Trust: 0.3 |
| db: | ZDI | id: | ZDI-16-294 | Trust: 0.3 |
| db: | ZDI | id: | ZDI-16-312 | Trust: 0.3 |
| db: | ZDI | id: | ZDI-16-315 | Trust: 0.3 |
| db: | ZDI | id: | ZDI-16-301 | Trust: 0.3 |
| db: | ZDI | id: | ZDI-16-304 | Trust: 0.3 |
| db: | VULHUB | id: | VHN-89557 | Trust: 0.1 |
REFERENCES
| url: | https://helpx.adobe.com/security/products/acrobat/apsb16-14.html | Trust: 2.7 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-16-323 | Trust: 1.4 |
| url: | http://www.securityfocus.com/bid/90512 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id/1035828 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1075 | Trust: 0.8 |
| url: | https://www.ipa.go.jp/security/ciadr/vul/20160511-adobereader.html | Trust: 0.8 |
| url: | https://www.jpcert.or.jp/at/2016/at160023.html | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1075 | Trust: 0.8 |
| url: | http://www.npa.go.jp/cyberpolice/topics/?seq=18377 | Trust: 0.8 |
| url: | https://www.auscert.org.au/render.html?it=34330 | Trust: 0.6 |
| url: | http://www.adobe.com/products/acrobat.html | Trust: 0.3 |
| url: | http://www.adobe.com | Trust: 0.3 |
| url: | http://get.adobe.com/reader/ | Trust: 0.3 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-16-293 | Trust: 0.3 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-16-294 | Trust: 0.3 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-16-295 | Trust: 0.3 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-16-296 | Trust: 0.3 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-16-297 | Trust: 0.3 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-16-298 | Trust: 0.3 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-16-299 | Trust: 0.3 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-16-300 | Trust: 0.3 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-16-301 | Trust: 0.3 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-16-302 | Trust: 0.3 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-16-303 | Trust: 0.3 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-16-304 | Trust: 0.3 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-16-305 | Trust: 0.3 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-16-306 | Trust: 0.3 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-16-307 | Trust: 0.3 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-16-308 | Trust: 0.3 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-16-309 | Trust: 0.3 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-16-312 | Trust: 0.3 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-16-313 | Trust: 0.3 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-16-315 | Trust: 0.3 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-16-316 | Trust: 0.3 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-16-317 | Trust: 0.3 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-16-318 | Trust: 0.3 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-16-328 | Trust: 0.3 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-16-359/ | Trust: 0.3 |
CREDITS
kdot
Trust: 0.7
SOURCES
| db: | ZDI | id: | ZDI-16-323 |
| db: | VULHUB | id: | VHN-89557 |
| db: | BID | id: | 90512 |
| db: | JVNDB | id: | JVNDB-2016-002639 |
| db: | CNNVD | id: | CNNVD-201605-274 |
| db: | NVD | id: | CVE-2016-1075 |
LAST UPDATE DATE
2025-04-13T23:03:04.859000+00:00
SOURCES UPDATE DATE
| db: | ZDI | id: | ZDI-16-323 | date: | 2016-05-10T00:00:00 |
| db: | VULHUB | id: | VHN-89557 | date: | 2016-12-01T00:00:00 |
| db: | BID | id: | 90512 | date: | 2016-07-06T14:40:00 |
| db: | JVNDB | id: | JVNDB-2016-002639 | date: | 2016-05-17T00:00:00 |
| db: | CNNVD | id: | CNNVD-201605-274 | date: | 2016-05-11T00:00:00 |
| db: | NVD | id: | CVE-2016-1075 | date: | 2025-04-12T10:46:40.837 |
SOURCES RELEASE DATE
| db: | ZDI | id: | ZDI-16-323 | date: | 2016-05-10T00:00:00 |
| db: | VULHUB | id: | VHN-89557 | date: | 2016-05-11T00:00:00 |
| db: | BID | id: | 90512 | date: | 2016-05-10T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-002639 | date: | 2016-05-17T00:00:00 |
| db: | CNNVD | id: | CNNVD-201605-274 | date: | 2016-05-11T00:00:00 |
| db: | NVD | id: | CVE-2016-1075 | date: | 2016-05-11T10:59:44.923 |