Security Alert (A16-05-03): Multiple Vulnerabilities in Adobe Acrobat/Reader


 

Published on: 11 May 2016

  
  

Description:

Security updates are released for Adobe Acrobat/Reader to address multiple vulnerabilities caused by heap buffer overflow, integer overflow, memory corruption, memory leakage, use-after free errors, security restrictions bypass and a directory search path issue. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted PDF file.


Affected Systems:

  • Adobe Acrobat DC/Acrobat Reader DC Continuous 15.010.20060 and earlier versions
  • Adobe Acrobat DC/Acrobat Reader DC Classic 15.006.30121 and earlier versions
  • Adobe Reader/Acrobat XI 11.0.15 and earlier versions

 

Impact:

Successful exploitation could lead to arbitrary code execution or potentially take control the affected system.


Recommendation:

Upgrade Adobe Acrobat/Reader to the following versions to address the issues. The upgrade can be obtained by using the auto-update mechanism or by downloading at the following URLs:

  • Adobe Acrobat DC Continuous 15.016.20039, Classic 15.006.30172, Acrobat XI 11.0.16
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows  
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh

  • Adobe Acrobat Reader DC Classic 15.006.30172, Reader XI 11.0.16
    http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
    http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh

  • Adobe Acrobat Reader DC Continuous 15.016.20039
    http://get.adobe.com/reader/


More Information:

https://helpx.adobe.com/security/products/acrobat/apsb16-14.html
https://helpx.adobe.com/security/products/flash-player/apsa16-02.html
https://www.hkcert.org/my_url/en/alert/16051116
https://www.us-cert.gov/ncas/current-activity/2016/05/10/Adobe-Releases-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1037 (to CVE-2016-1088)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1092 (to CVE-2016-1095)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1116 (to CVE-2016-1130)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4088 (to CVE-2016-4094)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4096 (to CVE-2016-4107)



Tag: Adobe , Acrobat , Acrobat Reader
Tags