Vulnerability Name: CVE-2016-0938 (CCN-109572) Assigned: 2015-12-22 Published: 2016-01-12 Updated: 2016-12-07 Summary: The AcroForm plugin in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931 , CVE-2016-0933 , CVE-2016-0936 , CVE-2016-0939 , CVE-2016-0942 , CVE-2016-0944 , CVE-2016-0945 , and CVE-2016-0946 . CVSS v3 Severity: 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-119 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2016-0938 1034646 http://zerodayinitiative.com/advisories/ZDI-16-013 adobe-cve20160938-code-exec(109572) Security Updates Available for Adobe Acrobat and Reader https://helpx.adobe.com/security/products/acrobat/apsb16-02.html Adobe Reader DC Forms Out-Of-Bounds Read Remote Code Execution Vulnerability Vulnerable Configuration: Configuration 1 :cpe:/a:adobe:acrobat_reader:11.0.0:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader:11.0.1:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader:11.0.2:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader:11.0.3:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader:11.0.4:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader:11.0.5:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader:11.0.6:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader:11.0.7:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader:11.0.8:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader:11.0.9:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader:11.0.10:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader:11.0.11:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader:11.0.12:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader:*:*:*:*:*:*:*:* (Version <= 11.0.13) AND cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows:*:*:*:*:*:*:*:* Configuration 2 :cpe:/a:adobe:acrobat_dc:*:*:*:*:classic:*:*:* (Version <= 15.006.30097)OR cpe:/a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:* (Version <= 15.009.20077) OR cpe:/a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:* (Version <= 15.006.30097) OR cpe:/a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:* (Version <= 15.009.20077) AND cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows:*:*:*:*:*:*:*:* Configuration 3 :cpe:/a:adobe:acrobat:11.0.0:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat:11.0.1:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat:11.0.2:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat:11.0.3:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat:11.0.4:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat:11.0.5:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat:11.0.6:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat:11.0.7:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat:11.0.8:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat:11.0.9:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat:11.0.10:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat:11.0.11:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat:11.0.12:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat:*:*:*:*:*:*:*:* (Version <= 11.0.13) AND cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows:*:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:adobe:acrobat_dc:15.009.20077:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_dc:15.006.30097:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader_dc:15.009.20077:*:*:*:*:*:*:* OR cpe:/a:adobe:acrobat_reader_dc:15.006.30097:*:*:*:*:*:*:* BACK
adobe acrobat reader 11.0.0
adobe acrobat reader 11.0.1
adobe acrobat reader 11.0.2
adobe acrobat reader 11.0.3
adobe acrobat reader 11.0.4
adobe acrobat reader 11.0.5
adobe acrobat reader 11.0.6
adobe acrobat reader 11.0.7
adobe acrobat reader 11.0.8
adobe acrobat reader 11.0.9
adobe acrobat reader 11.0.10
adobe acrobat reader 11.0.11
adobe acrobat reader 11.0.12
adobe acrobat reader *
apple mac os x *
microsoft windows *
adobe acrobat dc *
adobe acrobat dc *
adobe acrobat reader dc *
adobe acrobat reader dc *
apple mac os x *
microsoft windows *
adobe acrobat 11.0.0
adobe acrobat 11.0.1
adobe acrobat 11.0.2
adobe acrobat 11.0.3
adobe acrobat 11.0.4
adobe acrobat 11.0.5
adobe acrobat 11.0.6
adobe acrobat 11.0.7
adobe acrobat 11.0.8
adobe acrobat 11.0.9
adobe acrobat 11.0.10
adobe acrobat 11.0.11
adobe acrobat 11.0.12
adobe acrobat *
apple mac os x *
microsoft windows *
adobe acrobat dc 15.009.20077
adobe acrobat dc 15.006.30097
adobe acrobat reader dc 15.009.20077
adobe acrobat reader dc 15.006.30097
Denotes that component is vulnerable