Multiple Vulnerabilities in Adobe Reader and Adobe Acrobat Could Allow Remote Code Execution (APSB16-02)

ITS Advisory Number: 
2016-003
Date(s) Issued: 
Tuesday, January 12, 2016
Subject: 
Multiple Vulnerabilities in Adobe Reader and Adobe Acrobat Could Allow Remote Code Execution (APSB16-02)
Overview: 

Multiple vulnerabilities have been discovered in Adobe Reader and Adobe Acrobat. Adobe Reader and Acrobat are applications for handling PDF files.

Attackers can exploit these issues that could potentially allow an attacker to take control of the affected system. Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the user running the affected application. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploit attempts will likely cause denial-of-service conditions.

Systems Affected: 
  • Acrobat DC Continuous 15.009.20077 and earlier versions Windows and Macintosh
  • Acrobat Reader DC Continuous 15.009.20077 and earlier versions  Windows and Macintosh
  • Acrobat DC Classic 15.006.30097 and earlier versions  Windows and Macintosh
  • Acrobat Reader DC Classic 15.006.30097 and earlier versions  Windows and Macintosh
  • Acrobat XI Desktop 11.0.13 and earlier versions Windows and Macintosh
  • Reader XI Desktop 11.0.13 and earlier versions Windows and Macintosh
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

Adobe Reader and Adobe Acrobat are prone to multiple vulnerabilities. These vulnerabilities are as follows:

  • Use-after-free vulnerabilities that could lead to code execution (CVE-2016-0932, CVE-2016-0934, CVE-2016-0937, CVE-2016-0940, CVE-2016-0941).
  • A double-free vulnerability that could lead to code execution (CVE-2016-0935).
  • Memory corruption vulnerabilities that could lead to code execution (CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, CVE-2016-0946).
  • A method to bypass restrictions on Javascript API execution (CVE-2016-0943).
  • A vulnerability in the directory search path used to find resources that could lead to code execution (CVE-2016-0947). 

Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the user running the affected application. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

Actions: 
  • Apply appropriate patch provided by Microsoft to vulnerable systems immediately after appropriate testing.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.