Multiple vulnerabilities in Adobe Acrobat and Adobe Reader could allow for arbitrary code execution. Adobe Acrobat and Reader allow a user to view, create, manipulate, print and manage files in Portable Document Format (PDF). If the current user is logged on with administrative user rights, an attacker could take control of an affected system. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Failed attacks may cause a denial-of-service condition.
Acrobat Reader DC for Windows and Macintosh versions prior to 15.020.20039
Acrobat DC for Windows and Macintosh versions prior to 15.006.30243
Adobe Acrobat Reader DC for Windows and Macintosh versions prior to 15.006.30243
Adobe Acrobat XI for Windows and Macintosh versions prior to 11.0.18
Adobe Reader XI for Windows and Macintosh versions prior to 11.0.18
Adobe Acrobat and Reader are prone to multiple vulnerabilities, the most severe of which could allow for arbitrary code execution. The vulnerabilities are as follows:
- Multiple use-after-free vulnerabilities that could lead to code execution (CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, CVE-2016-6993).
- Multiple heap buffer overflow vulnerabilities that could lead to code execution (CVE-2016-6939, CVE-2016-6994).
- Multiple memory corruption vulnerabilities that could lead to code execution (CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019).
- A security bypass vulnerability (CVE-2016-6958).
- An integer overflow vulnerability that could lead to code execution (CVE-2016-6999).
- After appropriate testing, immediately install the updates provided by Adobe.
- Remind users not to visit websites or follow links provided by unknown or untrusted sources.
- Limit user account privileges to those required only.
- Do not open email attachments from unknown or untrusted sources.