CVE-2015-3073
published 2015-05-13CVE-2015-3073: Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API…
PriorityP263critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
25.47%
97.7th percentile
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, and CVE-2015-3074.
Affected
50 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for the creation or presence of 'updaternotifications.dll' in the same directory as the Acrobat executable or the directory of a PDF being opened, as this is the DLL hijacking/sideloading vector used by the exploit. ↗
- →Inspect PDF files for embedded JavaScript invoking the 'AFParseDate' API function, which is the specific JavaScript API abused to bypass restrictions in this CVE. ↗
- →Look for PDF attachments with a '.txt' extension that are actually DLL payloads, used to evade attachment security restrictions in Adobe Reader/Acrobat. ↗
- →Flag Adobe Reader/Acrobat processes spawning child processes or loading unexpected DLLs from the document's directory, indicative of successful exploitation via DLL sideloading. ↗
- ·Exploitation requires user interaction — the target must open a malicious PDF file or visit a malicious page; drive-by exploitation without user action is not possible. ↗
- ·Affected versions are Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on both Windows and OS X; detections should be scoped to these version ranges. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cf9h-6v77-3345: Adobe Reader and Acrobat 10
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2015-3061 [CRITICAL] CWE-284 GHSA-cf9h-6v77-3345: Adobe Reader and Acrobat 10
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074.
GHSA
GHSA-fpq5-qvqr-5pw9: Adobe Reader and Acrobat 10
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2015-3066 [CRITICAL] CWE-284 GHSA-fpq5-qvqr-5pw9: Adobe Reader and Acrobat 10
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074.
GHSA
GHSA-37x6-phq8-3rmq: Adobe Reader and Acrobat 10
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2015-3062 [CRITICAL] CWE-284 GHSA-37x6-phq8-3rmq: Adobe Reader and Acrobat 10
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074.
GHSA
GHSA-6fp3-r4pr-85gr: Adobe Reader and Acrobat 10
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2015-3072 [CRITICAL] CWE-284 GHSA-6fp3-r4pr-85gr: Adobe Reader and Acrobat 10
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3073, and CVE-2015-3074.
GHSA
GHSA-p77r-p748-87qx: Adobe Reader and Acrobat 10
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2015-3064 [CRITICAL] CWE-284 GHSA-p77r-p748-87qx: Adobe Reader and Acrobat 10
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074.
GHSA
GHSA-28f5-mg2c-r34c: Adobe Reader and Acrobat 10
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2015-3073 [CRITICAL] CWE-284 GHSA-28f5-mg2c-r34c: Adobe Reader and Acrobat 10
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, and CVE-2015-3074.
GHSA
GHSA-mm83-hc7p-5mw5: Adobe Reader and Acrobat 10
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2015-3069 [CRITICAL] CWE-284 GHSA-mm83-hc7p-5mw5: Adobe Reader and Acrobat 10
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074.
GHSA
GHSA-2wm5-c3g6-vrfw: Adobe Reader and Acrobat 10
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2015-3068 [CRITICAL] CWE-284 GHSA-2wm5-c3g6-vrfw: Adobe Reader and Acrobat 10
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074.
GHSA
GHSA-64q2-rq62-qq2m: Adobe Reader and Acrobat 10
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2015-3060 [CRITICAL] CWE-284 GHSA-64q2-rq62-qq2m: Adobe Reader and Acrobat 10
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074.
GHSA
GHSA-gmr5-mjx8-3c9q: Adobe Reader and Acrobat 10
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2015-3063 [CRITICAL] CWE-284 GHSA-gmr5-mjx8-3c9q: Adobe Reader and Acrobat 10
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074.
GHSA
GHSA-gq5v-9p2w-97m2: Adobe Reader and Acrobat 10
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2015-3067 [CRITICAL] CWE-284 GHSA-gq5v-9p2w-97m2: Adobe Reader and Acrobat 10
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074.
GHSA
GHSA-62jc-v45x-88m6: Adobe Reader and Acrobat 10
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2015-3065 [CRITICAL] CWE-284 GHSA-62jc-v45x-88m6: Adobe Reader and Acrobat 10
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074.
GHSA
GHSA-3cq9-9wpc-c893: Adobe Reader and Acrobat 10
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2015-3074 [CRITICAL] CWE-284 GHSA-3cq9-9wpc-c893: Adobe Reader and Acrobat 10
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, and CVE-2015-3073.
GHSA
GHSA-j43x-5546-gfgm: Adobe Reader and Acrobat 10
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2015-3071 [CRITICAL] CWE-284 GHSA-j43x-5546-gfgm: Adobe Reader and Acrobat 10
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074.
No detection rules found.
http://www.securityfocus.com/bid/74604http://www.securitytracker.com/id/1032284http://www.zerodayinitiative.com/advisories/ZDI-15-197https://helpx.adobe.com/security/products/reader/apsb15-10.htmlhttps://www.exploit-db.com/exploits/38344/http://www.securityfocus.com/bid/74604http://www.securitytracker.com/id/1032284http://www.zerodayinitiative.com/advisories/ZDI-15-197https://helpx.adobe.com/security/products/reader/apsb15-10.htmlhttps://www.exploit-db.com/exploits/38344/
2015-05-13
Published