Multiple Vulnerabilities in Adobe Reader and Adobe Acrobat Could Allow Remote Code Execution (APSB15-24)

ITS Advisory Number: 
2015-122
Date(s) Issued: 
Tuesday, October 13, 2015
Subject: 
Multiple Vulnerabilities in Adobe Reader and Adobe Acrobat Could Allow Remote Code Execution (APSB15-24)
Overview: 

Multiple vulnerabilities have been discovered in Adobe Reader and Adobe Acrobat. Adobe Reader and Acrobat are applications for handling PDF files.

Attackers can exploit these issues to execute arbitrary code within the context of the affected application. Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the user running the affected application. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploit attempts will likely cause denial-of-service conditions.

 

Systems Affected: 
  • Acrobat DC Continuous 2015.008.20082 and earlier versions  Windows and Macintosh
  • Acrobat Reader DC Continuous 2015.008.20082 and earlier versions  Windows and Macintosh     
  • Acrobat DC Classic 2015.006.30060 and earlier versions  Windows and Macintosh
  • Acrobat Reader DC Classic 2015.006.30060 and earlier versions  Windows and Macintosh
  • Acrobat XI Desktop 11.0.12 and earlier versions Windows and Macintosh
  • Reader XI Desktop 11.0.12 and earlier versions Windows and Macintosh         
  • Acrobat X Desktop 10.1.15 and earlier versions Windows and Macintosh
  • Reader X Desktop 10.1.15 and earlier versions Windows and Macintosh
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

Adobe Reader and Adobe Acrobat are prone to multiple vulnerabilities. These vulnerabilities are as follows:

  • A buffer overflow vulnerability that could lead to information disclosure (CVE-2015-6692).
  • A use-after-free vulnerabilities that could lead to code execution (CVE-2015-6689, CVE-2015-6688, CVE-2015-6690, CVE-2015-7615, CVE-2015-7617, CVE-2015-6687, CVE-2015-6684, CVE-2015-6691, CVE-2015-7621, CVE-2015-5586, CVE-2015-6683).
  • A heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-6696, CVE-2015-66
  • A memory corruption vulnerabilities that could lead to code execution (CVE-2015-6685, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, CVE-2015-6686, CVE-2015-7622).
  • A memory leak vulnerabilities (CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703, CVE-2015-6704, CVE-2015-6697).
  • A security bypass vulnerabilities that could lead to information disclosure (CVE-2015-5583, CVE-2015-6705, CVE-2015-6706, CVE-2015-7624).
  • Various methods to bypass restrictions on Javascript API execution (CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-7614, CVE-2015-7616, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, CVE-2015-7623, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715).

Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the user running the affected application. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. 

Actions: 
  • Apply appropriate patch provided by Microsoft to vulnerable systems immediately after appropriate testing.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to open email attachments from unknown users or suspicious emails from trusted sources.

 

References: 

Adobe:
https://helpx.adobe.com/security/products/acrobat/apsb15-24.html

CVE:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6692

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6689

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6688

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6690

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7615

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7617

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6687

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6691

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6684

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7621

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5586

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6683

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6696

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6698

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6685

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6693

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6694

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6695

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6686

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7622

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6699

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6700

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6701

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6702

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6703

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6704

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6697

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5583

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6705

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6706

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7624

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6707

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6708

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6709

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6710

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6711

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6712

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7614

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7616

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6716

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6717

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6718

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6719

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6720

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6721

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6722

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6723

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6724

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6725

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7618

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7619

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7620

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7623

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6713

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6714

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6715