Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-4106

Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows local users to gain privileges via a Trojan horse resource in an unspecified directory, a different vulnerability than CVE-2016-1087 and CVE-2016-1090.

Published

2016-05-11T11:00:59.387

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	apple	mac_os_x	*	No
Operating System	microsoft	windows	*	No
Application	adobe	acrobat	≤ 11.0.15	Yes
Application	adobe	acrobat_dc	≤ 15.006.30121	Yes
Application	adobe	acrobat_dc	≤ 15.010.20060	Yes
Application	adobe	acrobat_reader_dc	≤ 15.006.30121	Yes
Application	adobe	acrobat_reader_dc	≤ 15.010.20060	Yes
Application	adobe	reader	≤ 11.0.15	Yes

References

http://www.securityfocus.com/bid/90513 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1035828 Third Party Advisory, VDB Entry ([email protected])
https://helpx.adobe.com/security/products/acrobat/apsb16-14.html Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/90513 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1035828 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://helpx.adobe.com/security/products/acrobat/apsb16-14.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)