Detections
Analytics
Adobe Reader < 15.006.30172 / 15.016.20039 Multiple Vulnerabilities (APSB16-14)
critical Nessus Plugin ID 91097
Language:
Synopsis
The version of Adobe Reader installed on the remote Windows host is affected by multiple vulnerabilities.Description
The version of Adobe Reader installed on the remote Windows host is a version prior to 15.006.30172 or 15.016.20039. It is, therefore, affected by multiple vulnerabilities.- Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, and CVE-2016-1062. (CVE-2016-1117)
- Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, and CVE-2016-1117. (CVE-2016-1062)
- Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1062, and CVE-2016-1117. (CVE-2016-1044)
- Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1044, CVE-2016-1062, and CVE-2016-1117. (CVE-2016-1042)
- Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062, and CVE-2016-1117. (CVE-2016-1041)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Adobe Reader version 15.006.30172 / 15.016.20039 or later.See Also
https://helpx.adobe.com/security/products/acrobat/apsb16-14.html
Plugin Details
Severity: Critical
ID: 91097
File Name: adobe_reader_apsb16-14.nasl
Version: 1.13
Type: local
Agent: windows
Family: Windows
Published: 5/12/2016
Updated: 11/21/2024
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.9
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2016-4119
CVSS v3
Risk Factor: Critical
Base Score: 10
Temporal Score: 9.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
CVSS Score Source: CVE-2016-1044
Vulnerability Information
CPE: cpe:/a:adobe:acrobat_reader
Required KB Items: SMB/Registry/Enumerated, installed_sw/Adobe Reader
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/10/2016
Vulnerability Publication Date: 5/10/2016
Reference Information
CVE: CVE-2016-1037, CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1043, CVE-2016-1044, CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1062, CVE-2016-1063, CVE-2016-1064, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1075, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1079, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1087, CVE-2016-1088, CVE-2016-1090, CVE-2016-1092, CVE-2016-1093, CVE-2016-1094, CVE-2016-1095, CVE-2016-1112, CVE-2016-1116, CVE-2016-1117, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1121, CVE-2016-1122, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4091, CVE-2016-4092, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4102, CVE-2016-4103, CVE-2016-4104, CVE-2016-4105, CVE-2016-4106, CVE-2016-4107, CVE-2016-4119
BID: 90517
ZDI: ZDI-16-285, ZDI-16-286, ZDI-16-287, ZDI-16-288, ZDI-16-289, ZDI-16-290, ZDI-16-291, ZDI-16-292, ZDI-16-293, ZDI-16-294, ZDI-16-295, ZDI-16-296, ZDI-16-297, ZDI-16-298, ZDI-16-299, ZDI-16-300, ZDI-16-301, ZDI-16-302, ZDI-16-303, ZDI-16-304, ZDI-16-305, ZDI-16-306, ZDI-16-307, ZDI-16-308, ZDI-16-309, ZDI-16-310, ZDI-16-311, ZDI-16-312, ZDI-16-313, ZDI-16-315, ZDI-16-316, ZDI-16-317, ZDI-16-318, ZDI-16-319, ZDI-16-320, ZDI-16-321, ZDI-16-322, ZDI-16-323, ZDI-16-324, ZDI-16-325, ZDI-16-326, ZDI-16-327, ZDI-16-328, ZDI-16-329