Multiple Vulnerabilities in Adobe Acrobat and Adobe Reader Could Allow for Remote Code Execution (APSB16-26)

ITS Advisory Number: 
2016-118
Date(s) Issued: 
Tuesday, July 12, 2016
Subject: 
Multiple Vulnerabilities in Adobe Acrobat and Adobe Reader Could Allow for Remote Code Execution (APSB16-26)
Overview: 

Multiple vulnerabilities in Adobe Acrobat and Adobe Reader could allow for remote code execution. Adobe Acrobat and Reader allow a user to view, create, manipulate, print and manage files in Portable Document Format (PDF). Successful exploitation could potentially allow an attacker to take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full system rights.

Systems Affected: 
  • Adobe Acrobat DC version prior to 15.016.20045 for Windows and Macintosh

  • Acrobat Reader DC version prior to 15.016.20045 for Windows and Macintosh

  • Acrobat DC version prior to 15.006.30174 for Windows and Macintosh

  • Adobe Acrobat Reader DC version prior to 15.006.30174 for Windows and Macintosh

  • Adobe Acrobat XI version prior to 11.0.16 Windows and Macintosh

  • Adobe Reader XI version prior to 11.0.16 for Windows and Macintosh

RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
Medium
BUSINESS
Large and medium business entities: 
High
Small business entities: 
Medium
Home Users: 
Low
Description: 

Adobe Acrobat and Reader are prone to multiple vulnerabilities, the most severe of which could allow for remote code execution. The vulnerabilities are as follows:

  • Integer overflow vulnerability that could lead to code execution (CVE-2016-4210).

  • Vulnerability that could lead to code execution (CVE-2016-4190).

  • Heap buffer overflow vulnerability that could lead to code execution (CVE-2016-4209).

  • Bypass restrictions on Javascript API execution (CVE-2016-4215).

  • Memory corruption vulnerabilities that could lead to code execution (CVE-2016-4189, CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252).

     

Successful exploitation could potentially allow an attacker to take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full system rights

Actions: 
  • After appropriate testing, install the updates provided by Adobe
  • Remind users not to visit websites or follow links provided by unknown or untrusted sources.

  • Limit user account privileges to those required only.

  • Do not open email attachments from unknown or untrusted sources.

References: 

Adobe:

https://helpx.adobe.com/security/products/acrobat/apsb16-26.html

 

CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4189

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4190

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4191

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4192

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4193

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4194

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4195

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4196

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4197

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4198

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4199

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4200

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4201

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4202

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4203

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4204

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4205

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4206

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4207

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4208

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4209

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4210

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4211

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4212

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4213

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4214

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4215

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4250

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4251

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4252

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4254

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4255

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4189

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4190

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4191

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4192

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4193

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4194

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4195

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4196

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4197

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4198

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4199

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4200

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4201

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4202

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4203

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4204

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4205

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4206

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4207

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4208

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4209

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4210

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4211

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4212

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4213

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4214

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4215

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4250

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4251

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4252

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4254

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4255