CVE-2015-3068 — Improper Access Control in Adobe Acrobat

CWE-284 — Improper Access Control30 documents4 sources

Severity

10.0CRITICALNVD

EPSS

3.6%

top 12.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat Adobe Acrobat Reader

Timeline

PublishedMay 13

Latest updateMay 17

Description

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDadobe/acrobat_reader25 versions+24

▶NVDadobe/acrobat25 versions+24

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-cf9h-6v77-3345: Adobe Reader and Acrobat 10↗2022-05-17

▶

GHSA

GHSA-fpq5-qvqr-5pw9: Adobe Reader and Acrobat 10↗2022-05-17

▶

GHSA

GHSA-37x6-phq8-3rmq: Adobe Reader and Acrobat 10↗2022-05-17

▶

GHSA

GHSA-6fp3-r4pr-85gr: Adobe Reader and Acrobat 10↗2022-05-17

▶

GHSA

GHSA-p77r-p748-87qx: Adobe Reader and Acrobat 10↗2022-05-17

▶

🕵️Threat Intelligence

Zscaler

Zscaler detects Flash Player Vulnerabilities | 05-21-2015↗

▶

💬Community

Bugzilla

CVE-2016-3068 mercurial: command injection via git subrepository urls↗2016-03-21

▶