cbcvebase.
CVE-2015-3073
published 2015-05-13

CVE-2015-3073: Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API…

PriorityP263critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
25.47%
97.7th percentile
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, and CVE-2015-3074.

Affected

50 ranges· showing 25
VendorProductVersion rangeFixed in
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat

Detection & IOCsextracted from sources · hover to see the quote

filenameexploit.txt
filenameupdaternotifications.dll
  • Monitor for the creation or presence of 'updaternotifications.dll' in the same directory as the Acrobat executable or the directory of a PDF being opened, as this is the DLL hijacking/sideloading vector used by the exploit.
  • Inspect PDF files for embedded JavaScript invoking the 'AFParseDate' API function, which is the specific JavaScript API abused to bypass restrictions in this CVE.
  • Look for PDF attachments with a '.txt' extension that are actually DLL payloads, used to evade attachment security restrictions in Adobe Reader/Acrobat.
  • Flag Adobe Reader/Acrobat processes spawning child processes or loading unexpected DLLs from the document's directory, indicative of successful exploitation via DLL sideloading.
  • ·Exploitation requires user interaction — the target must open a malicious PDF file or visit a malicious page; drive-by exploitation without user action is not possible.
  • ·Affected versions are Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on both Windows and OS X; detections should be scoped to these version ranges.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.