CVE-2016-0940 — Adobe Acrobat vulnerability

12 documents4 sources

Severity

9.8CRITICALNVD

NVD8.8

EPSS

3.9%

top 11.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat Adobe Acrobat DC Adobe Acrobat Reader +1 more

Timeline

PublishedJan 14

Latest updateMay 17

Description

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0932, CVE-2016-0934, CVE-2016-0937, and CVE-2016-0941.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDadobe/acrobat_reader11.0.13+13

▶NVDadobe/acrobat_reader_dc15.006.30097+1

▶NVDadobe/acrobat11.0.13+13

▶NVDadobe/acrobat_dc15.006.30097+1

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-f5c2-rx2m-x7qg: Use-after-free vulnerability in the Search object implementation in Adobe Reader and Acrobat before 11↗2022-05-17

▶

GHSA

GHSA-fg4m-3vxx-22qr: Use-after-free vulnerability in Adobe Reader and Acrobat before 11↗2022-05-17

▶

GHSA

GHSA-p789-xgx3-wp3h: Use-after-free vulnerability in the OCG object implementation in Adobe Reader and Acrobat before 11↗2022-05-17

▶

GHSA

GHSA-pxwh-wx9r-w948: Use-after-free vulnerability in AGM↗2022-05-17

▶

GHSA

GHSA-fcrv-wg5q-8xmq: Use-after-free vulnerability in the Doc object implementation in Adobe Reader and Acrobat before 11↗2022-05-17

▶

🕵️Threat Intelligence

Krebs

Flash, Windows Users: It’s Time to Patch↗2018-03-13

▶

Zscaler

Zscaler detects Acrobat Reader Vulnerabilities | 01-19-2016↗

▶