CVE-2016-4091
Published on: 05/11/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:26:58 PM UTC
Certain versions of Acrobat from Adobe contain the following vulnerability:
Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4092.
- CVE-2016-4091 has been assigned by
[email protected] to track the vulnerability - currently rated as - currently rated as CRITICAL severity.
CVSS3 Score: 9.8 - CRITICAL
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | LOW | NONE | NONE | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 10 - HIGH
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
COMPLETE | COMPLETE | COMPLETE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Adobe Security Bulletin | Patch Vendor Advisory helpx.adobe.com text/html |
![]() |
Adobe Acrobat and Reader APSB16-14 Multiple Unspecified Heap Buffer Overflow Vulnerabilities | Third Party Advisory VDB Entry cve.report (archive) text/html |
![]() |
Adobe Acrobat/Reader Multiple Flaws Let Remote Users Execute Arbitrary Code Bypass Security Restrictions, and Obtain Potentially Sensitive Information - SecurityTracker | Third Party Advisory VDB Entry www.securitytracker.com text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Adobe | Acrobat | All | All | All | All |
Application | Adobe | Acrobat Dc | All | All | All | All |
Application | Adobe | Acrobat Dc | All | All | All | All |
Application | Adobe | Acrobat Reader Dc | All | All | All | All |
Application | Adobe | Acrobat Reader Dc | All | All | All | All |
Application | Adobe | Reader | All | All | All | All |
Operating System | Apple | Mac Os X | All | All | All | All |
Operating System | Apple | Mac Os X | All | All | All | All |
Operating System | Microsoft | Windows | All | All | All | All |
Operating System | Microsoft | Windows | All | All | All | All |
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*:
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*:
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*:
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*:
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*:
- cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*:
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*:
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE