Vulnerability Name: CVE-2016-0936 (CCN-109571) Assigned: 2015-12-22 Published: 2016-01-12 Updated: 2016-12-07 Summary: Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JPEG 2000 data, a different vulnerability than CVE-2016-0931 , CVE-2016-0933 , CVE-2016-0938 , CVE-2016-0939 , CVE-2016-0942 , CVE-2016-0944 , CVE-2016-0945 , and CVE-2016-0946 . CVSS v3 Severity: 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H )7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H )6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C )Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-119 Vulnerability Consequences: Gain Access References: Source: MITRE Type: CNACVE-2016-0936 Source: SECTRACK Type: Third Party Advisory, VDB Entry1034646 Source: MISC Type: Third Party Advisory, VDB Entryhttp://zerodayinitiative.com/advisories/ZDI-16-014 Source: XF Type: UNKNOWNadobe-cve20160936-code-exec(109571) Source: CCN Type: Adobe Security Bulletin APSB16-02Security Updates Available for Adobe Acrobat and Reader Source: CONFIRM Type: Patch, Vendor Advisoryhttps://helpx.adobe.com/security/products/acrobat/apsb16-02.html Source: CCN Type: ZDI-16-014Adobe Reader JPEG2000 Out-Of-Bounds Indexing Remote Code Execution Vulnerability Vulnerable Configuration: Configuration 1 :cpe:/a:adobe:acrobat_reader:11.0.0:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader:11.0.1:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader:11.0.2:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader:11.0.3:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader:11.0.4:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader:11.0.5:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader:11.0.6:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader:11.0.7:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader:11.0.8:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader:11.0.9:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader:11.0.10:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader:11.0.11:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader:11.0.12:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader:*:*:*:*:*:*:*:* (Version <= 11.0.13) AND cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows:*:*:*:*:*:*:*:* Configuration 2 :cpe:/a:adobe:acrobat:11.0.0:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat:11.0.1:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat:11.0.2:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat:11.0.3:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat:11.0.4:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat:11.0.5:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat:11.0.6:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat:11.0.7:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat:11.0.8:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat:11.0.9:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat:11.0.10:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat:11.0.11:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat:11.0.12:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat:*:*:*:*:*:*:*:* (Version <= 11.0.13) AND cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows:*:*:*:*:*:*:*:* Configuration 3 :cpe:/a:adobe:acrobat_dc:*:*:*:*:classic:*:*:* (Version <= 15.006.30097)OR cpe:/a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:* (Version <= 15.009.20077) OR cpe:/a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:* (Version <= 15.006.30097) OR cpe:/a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:* (Version <= 15.009.20077) AND cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows:*:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:adobe:acrobat_dc:15.009.20077:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_dc:15.006.30097:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader_dc:15.009.20077:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader_dc:15.006.30097:*:*:*:*:*:*:* Denotes that component is vulnerable BACK
adobe acrobat reader 11.0.0
adobe acrobat reader 11.0.1
adobe acrobat reader 11.0.2
adobe acrobat reader 11.0.3
adobe acrobat reader 11.0.4
adobe acrobat reader 11.0.5
adobe acrobat reader 11.0.6
adobe acrobat reader 11.0.7
adobe acrobat reader 11.0.8
adobe acrobat reader 11.0.9
adobe acrobat reader 11.0.10
adobe acrobat reader 11.0.11
adobe acrobat reader 11.0.12
adobe acrobat reader *
apple mac os x *
microsoft windows *
adobe acrobat 11.0.0
adobe acrobat 11.0.1
adobe acrobat 11.0.2
adobe acrobat 11.0.3
adobe acrobat 11.0.4
adobe acrobat 11.0.5
adobe acrobat 11.0.6
adobe acrobat 11.0.7
adobe acrobat 11.0.8
adobe acrobat 11.0.9
adobe acrobat 11.0.10
adobe acrobat 11.0.11
adobe acrobat 11.0.12
adobe acrobat *
apple mac os x *
microsoft windows *
adobe acrobat dc *
adobe acrobat dc *
adobe acrobat reader dc *
adobe acrobat reader dc *
apple mac os x *
microsoft windows *
adobe acrobat dc 15.009.20077
adobe acrobat dc 15.006.30097
adobe acrobat reader dc 15.009.20077
adobe acrobat reader dc 15.006.30097