SB2016100604 - Multiple vulnerabilities in Adobe Acrobat and Reader
Published: October 6, 2016
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 72 vulnerabilities.
1) Arbitrary code execution (CVE-ID: CVE-2016-6993)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness is due to use-after-free memory error. By tricking the victim to download a specially crafted file attackers can bypass security restrictions and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
2) Arbitrary code execution (CVE-ID: CVE-2016-6994)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness is due to heap buffer overflow. By tricking the victim to download a specially crafted file attackers can bypass security restrictions and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
3) Arbitrary code execution (CVE-ID: CVE-2016-6999)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness is due to integer overflow. By tricking the victim to download a specially crafted file attackers can bypass security restrictions and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
4) Arbitrary code execution (CVE-ID: CVE-2016-6958)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness is due to access control error. By tricking the victim to download a specially crafted file attackers can bypass security restrictions and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
5) Arbitrary code execution (CVE-ID: CVE-2016-6957)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness is due to access control error. By tricking the victim to download a specially crafted file attackers can bypass security restrictions on Javascript API execution and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
6) Arbitrary code execution (CVE-ID: CVE-2016-7019)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
7) Arbitrary code execution (CVE-ID: CVE-2016-7018)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
8) Arbitrary code execution (CVE-ID: CVE-2016-7017)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
9) Arbitrary code execution (CVE-ID: CVE-2016-7016)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
10) Arbitrary code execution (CVE-ID: CVE-2016-7015)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
11) Arbitrary code execution (CVE-ID: CVE-2016-7014)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
12) Arbitrary code execution (CVE-ID: CVE-2016-7013)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
13) Arbitrary code execution (CVE-ID: CVE-2016-7012)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
14) Arbitrary code execution (CVE-ID: CVE-2016-7010)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
15) Arbitrary code execution (CVE-ID: CVE-2016-7011)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
16) Arbitrary code execution (CVE-ID: CVE-2016-7009)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
17) Arbitrary code execution (CVE-ID: CVE-2016-7008)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
18) Arbitrary code execution (CVE-ID: CVE-2016-7007)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
19) Arbitrary code execution (CVE-ID: CVE-2016-7006)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitation of the vulnerability leads to arbitrary code execution on the vulnerable system.
20) Arbitrary code execution (CVE-ID: CVE-2016-7005)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
21) Arbitrary code execution (CVE-ID: CVE-2016-7004)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
22) Arbitrary code execution (CVE-ID: CVE-2016-7003)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
23) Arbitrary code execution (CVE-ID: CVE-2016-7002)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
24) Arbitrary code execution (CVE-ID: CVE-2016-7001)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
25) Arbitrary code execution (CVE-ID: CVE-2016-7000)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
26) Arbitrary code execution (CVE-ID: CVE-2016-6998)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
27) Arbitrary code execution (CVE-ID: CVE-2016-6997)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
28) Arbitrary code execution (CVE-ID: CVE-2016-6996)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
29) Arbitrary code execution (CVE-ID: CVE-2016-6995)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
30) Arbitrary code execution (CVE-ID: CVE-2016-6978)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
31) Arbitrary code execution (CVE-ID: CVE-2016-6977)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
32) Arbitrary code execution (CVE-ID: CVE-2016-6976)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
33) Arbitrary code execution (CVE-ID: CVE-2016-6975)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
34) Arbitrary code execution (CVE-ID: CVE-2016-6974)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
35) Arbitrary code execution (CVE-ID: CVE-2016-6973)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
36) Arbitrary code execution (CVE-ID: CVE-2016-6972)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
37) Arbitrary code execution (CVE-ID: CVE-2016-6971)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
38) Arbitrary code execution (CVE-ID: CVE-2016-6970)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
39) Arbitrary code execution (CVE-ID: CVE-2016-6966)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
40) Arbitrary code execution (CVE-ID: CVE-2016-6960)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to insufficient input validation. By tricking the victim to download a specially crafted .pdf file that may cause a read past the end of an allocated object, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
41) Arbitrary code execution (CVE-ID: CVE-2016-6959)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
42) Arbitrary code execution (CVE-ID: CVE-2016-6956)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
43) Arbitrary code execution (CVE-ID: CVE-2016-6955)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
44) Arbitrary code execution (CVE-ID: CVE-2016-6954)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
45) Arbitrary code execution (CVE-ID: CVE-2016-6951)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
46) Arbitrary code execution (CVE-ID: CVE-2016-6950)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
47) Arbitrary code execution (CVE-ID: CVE-2016-6948)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
48) Arbitrary code execution (CVE-ID: CVE-2016-6947)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
49) Arbitrary code execution (CVE-ID: CVE-2016-6943)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
50) Arbitrary code execution (CVE-ID: CVE-2016-6942)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
51) Arbitrary code execution (CVE-ID: CVE-2016-6941)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
52) Arbitrary code execution (CVE-ID: CVE-2016-6940)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to memory corruption error. By tricking the victim to download a specially crafted .pdf file, attackers can bypass security restrictions and to execute arbitrary code.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
53) Arbitrary code execution (CVE-ID: CVE-2016-6939)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness is due to heap buffer overflow. By tricking the victim to download a specially crafted file attackers can bypass security restrictions and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
54) Arbitrary code execution (CVE-ID: CVE-2016-6979)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness is due to use-after-free memory error. By tricking the victim to download a specially crafted file attackers can bypass security restrictions and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
55) Arbitrary code execution (CVE-ID: CVE-2016-6969)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness is due to use-after-free memory error. By tricking the victim to download a specially crafted file attackers can bypass security restrictions and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
56) Arbitrary code execution (CVE-ID: CVE-2016-6971)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness is due to use-after-free memory error. By tricking the victim to download a specially crafted file attackers can bypass security restrictions and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
57) Arbitrary code execution (CVE-ID: CVE-2016-6968)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness is due to use-after-free memory error. By tricking the victim to download a specially crafted file attackers can bypass security restrictions and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
58) Arbitrary code execution (CVE-ID: CVE-2016-6967)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness is due to use-after-free memory error. By tricking the victim to download a specially crafted file attackers can bypass security restrictions and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
59) Arbitrary code execution (CVE-ID: CVE-2016-6966)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness is due to use-after-free memory error. By tricking the victim to download a specially crafted file attackers can bypass security restrictions and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
60) Arbitrary code execution (CVE-ID: CVE-2016-6965)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness is due to use-after-free memory error. By tricking the victim to download a specially crafted file attackers can bypass security restrictions and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
61) Arbitrary code execution (CVE-ID: CVE-2016-6964)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness is due to use-after-free memory error within the AXSLE library. By tricking the victim to download a specially crafted file attackers can bypass security restrictions and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
62) Arbitrary code execution (CVE-ID: CVE-2016-6963)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness is due to use-after-free memory error within the AXSLE library. By tricking the victim to download a specially crafted file attackers can bypass security restrictions and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
63) Arbitrary code execution (CVE-ID: CVE-2016-6962)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness is due to use-after-free memory error. By tricking the victim to download a specially crafted file attackers can bypass security restrictions and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
64) Arbitrary code execution (CVE-ID: CVE-2016-6961)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness is due to use-after-free memory error. By tricking the victim to download a specially crafted file attackers can bypass security restrictions and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
65) Arbitrary code execution (CVE-ID: CVE-2016-6953)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness is due to use-after-free memory error. By tricking the victim to download a specially crafted file attackers can bypass security restrictions and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
66) Arbitrary code execution (CVE-ID: CVE-2016-6952)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness is due to use-after-free memory error. By tricking the victim to download a specially crafted file attackers can bypass security restrictions and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
67) Arbitrary code execution (CVE-ID: CVE-2016-6949)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness is due to use-after-free memory error. By tricking the victim to download a specially crafted file attackers can bypass security restrictions and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
68) Arbitrary code execution (CVE-ID: CVE-2016-6946)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness is due to use-after-free memory error. By tricking the victim to download a specially crafted file attackers can bypass security restrictions and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
69) Arbitrary code execution (CVE-ID: CVE-2016-6945)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness is due to use-after-free memory error. By tricking the victim to download a specially crafted file attackers can bypass security restrictions and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
70) Arbitrary code execution (CVE-ID: CVE-2016-6944)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness is due to use-after-free memory error. By tricking the victim to download a specially crafted file attackers can bypass security restrictions and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
71) Arbitrary code execution (CVE-ID: CVE-2016-1091)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness is due to use-after-free memory error. By tricking the victim to download a specially crafted file attackers can bypass security restrictions and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
72) Arbitrary code execution (CVE-ID: CVE-2016-1089)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness is due to use-after-free memory error. By tricking the victim to download a specially crafted file attackers can bypass security restrictions and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
Remediation
Install update from vendor's website.