Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-4091


Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4092.


Published

2016-05-11T11:00:42.997

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

10.0

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-119

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System apple mac_os_x * No
Operating System microsoft windows * No
Application adobe acrobat ≤ 11.0.15 Yes
Application adobe acrobat_dc ≤ 15.006.30121 Yes
Application adobe acrobat_dc ≤ 15.010.20060 Yes
Application adobe acrobat_reader_dc ≤ 15.006.30121 Yes
Application adobe acrobat_reader_dc ≤ 15.010.20060 Yes
Application adobe reader ≤ 11.0.15 Yes

References