CVE-2015-3071 - Vulnerability Details

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Adobe	Acrobat Acrobat Reader
Apple	Mac Os X
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:adobe:acrobat_reader:10.1.0:::::::*
	cpe:2.3:a:adobe:acrobat_reader:10.1.1:::::::*
	cpe:2.3:a:adobe:acrobat_reader:10.1.2:::::::*
	cpe:2.3:a:adobe:acrobat_reader:10.1.3:::::::*
	cpe:2.3:a:adobe:acrobat_reader:10.1.4:::::::*
	cpe:2.3:a:adobe:acrobat_reader:10.1.5:::::::*
	cpe:2.3:a:adobe:acrobat_reader:10.1.6:::::::*
	cpe:2.3:a:adobe:acrobat_reader:10.1.7:::::::*
	cpe:2.3:a:adobe:acrobat_reader:10.1.8:::::::*
	cpe:2.3:a:adobe:acrobat_reader:10.1.9:::::::*
	cpe:2.3:a:adobe:acrobat_reader:10.1.10:::::::*
	cpe:2.3:a:adobe:acrobat_reader:10.1.11:::::::*
	cpe:2.3:a:adobe:acrobat_reader:10.1.12:::::::*
	cpe:2.3:a:adobe:acrobat_reader:10.1.13:::::::*
	cpe:2.3:a:adobe:acrobat_reader:11.0.0:::::::*
	cpe:2.3:a:adobe:acrobat_reader:11.0.1:::::::*
	cpe:2.3:a:adobe:acrobat_reader:11.0.2:::::::*
	cpe:2.3:a:adobe:acrobat_reader:11.0.3:::::::*
	cpe:2.3:a:adobe:acrobat_reader:11.0.4:::::::*
	cpe:2.3:a:adobe:acrobat_reader:11.0.5:::::::*
	cpe:2.3:a:adobe:acrobat_reader:11.0.6:::::::*
	cpe:2.3:a:adobe:acrobat_reader:11.0.7:::::::*
	cpe:2.3:a:adobe:acrobat_reader:11.0.8:::::::*
	cpe:2.3:a:adobe:acrobat_reader:11.0.9:::::::*
	cpe:2.3:a:adobe:acrobat_reader:11.0.10:::::::*

OR	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:microsoft:windows::::::::

Configuration 2 [-]

AND

OR	cpe:2.3:a:adobe:acrobat:10.1.0:::::::*
	cpe:2.3:a:adobe:acrobat:10.1.1:::::::*
	cpe:2.3:a:adobe:acrobat:10.1.2:::::::*
	cpe:2.3:a:adobe:acrobat:10.1.3:::::::*
	cpe:2.3:a:adobe:acrobat:10.1.4:::::::*
	cpe:2.3:a:adobe:acrobat:10.1.5:::::::*
	cpe:2.3:a:adobe:acrobat:10.1.6:::::::*
	cpe:2.3:a:adobe:acrobat:10.1.7:::::::*
	cpe:2.3:a:adobe:acrobat:10.1.8:::::::*
	cpe:2.3:a:adobe:acrobat:10.1.9:::::::*
	cpe:2.3:a:adobe:acrobat:10.1.10:::::::*
	cpe:2.3:a:adobe:acrobat:10.1.11:::::::*
	cpe:2.3:a:adobe:acrobat:10.1.12:::::::*
	cpe:2.3:a:adobe:acrobat:10.1.13:::::::*
	cpe:2.3:a:adobe:acrobat:11.0.0:::::::*
	cpe:2.3:a:adobe:acrobat:11.0.1:::::::*
	cpe:2.3:a:adobe:acrobat:11.0.2:::::::*
	cpe:2.3:a:adobe:acrobat:11.0.3:::::::*
	cpe:2.3:a:adobe:acrobat:11.0.4:::::::*
	cpe:2.3:a:adobe:acrobat:11.0.5:::::::*
	cpe:2.3:a:adobe:acrobat:11.0.6:::::::*
	cpe:2.3:a:adobe:acrobat:11.0.7:::::::*
	cpe:2.3:a:adobe:acrobat:11.0.8:::::::*
	cpe:2.3:a:adobe:acrobat:11.0.9:::::::*
	cpe:2.3:a:adobe:acrobat:11.0.10:::::::*

OR	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:microsoft:windows::::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/74604
http://www.securitytracker.com/id/1032284
http://www.zerodayinitiative.com/advisories/ZDI-15-195
https://helpx.adobe.com/security/products/reader/apsb15-10.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2015-05-13T10:00:00

Updated: 2024-08-06T05:32:21.612Z

Reserved: 2015-04-09T00:00:00

Link: CVE-2015-3071

Vulnrichment

No data.

NVD

Status : Modified

Published: 2015-05-13T11:00:05.530

Modified: 2024-11-21T02:28:36.540

Link: CVE-2015-3071

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object