Vulnerability Name: | CVE-2015-3067 (CCN-103187) |
Assigned: | 2015-05-12 |
Published: | 2015-05-12 |
Updated: | 2017-01-05 |
Summary: | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074.
|
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): None Integrity (I): Low Availibility (A): None |
|
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None | Impact Metrics: | Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete | 4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
| Impact Metrics: | Confidentiality (C): None Integrity (I): Partial Availibility (A): None |
|
Vulnerability Type: | CWE-284
|
Vulnerability Consequences: | Bypass Security |
References: | Source: MITRE Type: CNA CVE-2015-3067
Source: BID Type: Third Party Advisory, VDB Entry 74604
Source: CCN Type: BID-74604 Adobe Reader and Acrobat Multiple Security Bypass Vulnerabilities
Source: SECTRACK Type: Third Party Advisory, VDB Entry 1032284
Source: MISC Type: Third Party Advisory, VDB Entry http://www.zerodayinitiative.com/advisories/ZDI-15-201
Source: XF Type: UNKNOWN adobe-reader-cve20153067-sec-bypass(103187)
Source: CCN Type: Adobe Security Bulletin APSB15-10 Security Updates available for Adobe Reader and Acrobat
Source: CONFIRM Type: Patch, Vendor Advisory https://helpx.adobe.com/security/products/reader/apsb15-10.html
Source: CCN Type: ZDI-15-201 Adobe Acrobat Reader DynamicAnnotStore enumerate Javascript API Restrictions Bypass Vulnerability
|
Vulnerable Configuration: | Configuration 1: cpe:/a:adobe:acrobat:10.1.0:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat:10.1.1:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat:10.1.2:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat:10.1.3:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat:10.1.4:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat:10.1.5:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat:10.1.6:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat:10.1.7:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat:10.1.8:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat:10.1.9:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat:10.1.10:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat:10.1.11:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat:10.1.12:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat:10.1.13:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat:11.0.0:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat:11.0.1:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat:11.0.2:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat:11.0.3:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat:11.0.4:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat:11.0.5:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat:11.0.6:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat:11.0.7:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat:11.0.8:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat:11.0.9:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat:11.0.10:*:*:*:*:*:*:*AND cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows:*:*:*:*:*:*:*:* Configuration 2: cpe:/a:adobe:acrobat_reader:10.1.0:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat_reader:10.1.1:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat_reader:10.1.2:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat_reader:10.1.3:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat_reader:10.1.4:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat_reader:10.1.5:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat_reader:10.1.6:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat_reader:10.1.7:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat_reader:10.1.8:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat_reader:10.1.9:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat_reader:10.1.10:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat_reader:10.1.11:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat_reader:10.1.12:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat_reader:10.1.13:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat_reader:11.0.0:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat_reader:11.0.1:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat_reader:11.0.2:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat_reader:11.0.3:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat_reader:11.0.4:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat_reader:11.0.5:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat_reader:11.0.6:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat_reader:11.0.7:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat_reader:11.0.8:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat_reader:11.0.9:*:*:*:*:*:*:*OR cpe:/a:adobe:acrobat_reader:11.0.10:*:*:*:*:*:*:*AND cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows:*:*:*:*:*:*:*:* Denotes that component is vulnerable |
BACK |
adobe acrobat 10.1.0
adobe acrobat 10.1.1
adobe acrobat 10.1.2
adobe acrobat 10.1.3
adobe acrobat 10.1.4
adobe acrobat 10.1.5
adobe acrobat 10.1.6
adobe acrobat 10.1.7
adobe acrobat 10.1.8
adobe acrobat 10.1.9
adobe acrobat 10.1.10
adobe acrobat 10.1.11
adobe acrobat 10.1.12
adobe acrobat 10.1.13
adobe acrobat 11.0.0
adobe acrobat 11.0.1
adobe acrobat 11.0.2
adobe acrobat 11.0.3
adobe acrobat 11.0.4
adobe acrobat 11.0.5
adobe acrobat 11.0.6
adobe acrobat 11.0.7
adobe acrobat 11.0.8
adobe acrobat 11.0.9
adobe acrobat 11.0.10
apple mac os x *
microsoft windows *
adobe acrobat reader 10.1.0
adobe acrobat reader 10.1.1
adobe acrobat reader 10.1.2
adobe acrobat reader 10.1.3
adobe acrobat reader 10.1.4
adobe acrobat reader 10.1.5
adobe acrobat reader 10.1.6
adobe acrobat reader 10.1.7
adobe acrobat reader 10.1.8
adobe acrobat reader 10.1.9
adobe acrobat reader 10.1.10
adobe acrobat reader 10.1.11
adobe acrobat reader 10.1.12
adobe acrobat reader 10.1.13
adobe acrobat reader 11.0.0
adobe acrobat reader 11.0.1
adobe acrobat reader 11.0.2
adobe acrobat reader 11.0.3
adobe acrobat reader 11.0.4
adobe acrobat reader 11.0.5
adobe acrobat reader 11.0.6
adobe acrobat reader 11.0.7
adobe acrobat reader 11.0.8
adobe acrobat reader 11.0.9
adobe acrobat reader 11.0.10
apple mac os x *
microsoft windows *