CVE-2015-3055Use After Free in Adobe Acrobat

CWE-416Use After Free21 documents5 sources
Severity
10.0CRITICALNVD
NVD7.5
EPSS
2.0%
top 16.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedMay 13
Latest updateMay 17

Description

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3054, CVE-2015-3059, and CVE-2015-3075.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDadobe/acrobat_reader25 versions+24
NVDadobe/acrobat25 versions+24

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

5
GHSA
GHSA-wgc8-2wwh-f797: Use-after-free vulnerability in Adobe Reader and Acrobat 102022-05-17
GHSA
GHSA-hvmw-wvjj-3h3x: Use-after-free vulnerability in Adobe Reader and Acrobat 102022-05-17
GHSA
GHSA-f5qr-chhp-9g8p: Use-after-free vulnerability in Adobe Reader and Acrobat 102022-05-17
GHSA
GHSA-hqh5-x7wr-q63c: Use-after-free vulnerability in Adobe Reader and Acrobat 102022-05-17
GHSA
GHSA-wq8p-3q98-gw6h: Use-after-free vulnerability in Adobe Reader and Acrobat 102022-05-17

💥Exploits & PoCs

1
Exploit-DB
Wireshark - dissct_rsl_ipaccess_msg Static Out-of-Bounds Read2015-12-16

📋Vendor Advisories

9
Citrix
Citrix Security Bulletin CTX200378
Citrix
Citrix Security Bulletin CTX200584
Citrix
Citrix Security Bulletin CTX200861
Citrix
Citrix Security Bulletin CTX206006
Citrix
Citrix Security Bulletin CTX201149

🕵️Threat Intelligence

1
Zscaler
Zscaler detects Flash Player Vulnerabilities | 05-21-2015
CVE-2015-3055 — Use After Free in Adobe Acrobat | cvebase