CIS Logo
tagline: Confidence in the Connected World
HomeResourcesAdvisoriesMultiple Vulnerabilities in Adobe Acrobat and Adobe Reader Could Allow for Remote Code Execution (APSB16-14)

Multiple Vulnerabilities in Adobe Acrobat and Adobe Reader Could Allow for Remote Code Execution (APSB16-14)

MS-ISAC ADVISORY NUMBER:

2016-071

DATE(S) ISSUED:

05/10/2016

OVERVIEW:

Multiple vulnerabilities in Adobe Acrobat and Adobe Reader could allow for remote code execution. Adobe Acrobat and Reader allow a user to view, create, manipulate, print and manage files in Portable Document Format (PDF). Successful exploitation could potentially allow an attacker to take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full system rights.

THREAT INTELLIGENCE:

There are no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • Adobe Acrobat DC version 15.010.20060 and earlier for Windows and Macintosh
  • Acrobat Reader DC version 15.010.20060 and earlier for Windows and Macintosh

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: MEDIUM
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: MEDIUM
Home Users:
LOW

TECHNICAL SUMMARY:

Adobe Acrobat and Reader are prone to multiple vulnerabilities, the most severe of which could allow for remote code execution. These vulnerabilities are as follows:

Multiple use-after-free vulnerabilities which could lead to remote code execution (CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, CVE-2016-4107)
Heap based buffer overflow vulnerabilities which could lead to remote code execution (CVE-2016-4091, CVE-2016-4092)
Multiple memory corruption vulnerabilities which could lead to remote code execution (CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, CVE-2016-4105)
An integer overflow vulnerability which could lead to remote code execution. (CVE-2016-1043)
Memory Leak Vulnerabilities (CVE-2016-1079, CVE-2016-1092)
Information Disclosure Vulnerability (CVE-2016-1112)
Multiple vulnerabilities that allow various methods to bypass restrictions on JavaScript APE execution. (CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062, CVE-2016-1117)
Multiple vulnerabilities in the directory search path used to find resources that could lead to code execution. (CVE-2016-1087, CVE-2016-1090, CVE-2016-4106)
"Multiple memory corruption vulnerabilities which could lead to remote code execution (CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, CVE-2016-4105, CVE-2016-4119)

Successful exploitation could potentially allow an attacker to take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full system rights.

RECOMENDATIONS:

We recommend the following actions be taken:
Install the updates provided by Adobe immediately after appropriate testing.

Remind users not to visit websites or follow links provided by unknown or untrusted sources.

Limit user account privileges to those required only.

Do not open email attachments from unknown or untrusted sources.

REFERENCES:

CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1037 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1038 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1039 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1040 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1041 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1042 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1043 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1044 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1045 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1046 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1047 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1048 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1049 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1050 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1051 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1052 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1053 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1054 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1055 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1056 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1057 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1058 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1059 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1060 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1061 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1062 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1063 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1064 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1065 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1066 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1067 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1068 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1069 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1070 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1071 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1072 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1073 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1074 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1075 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1076 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1077 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1078 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1079 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1080 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1081 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1082 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1083 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1084 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1085 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1086 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1087 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1088 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1090 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1092 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1093 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1094 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1095 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1112 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1116 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1117 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1118 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1119 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1120 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1121 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1122 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1123 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1124 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1125 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1126 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1127 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1128 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1129 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1130 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4088 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4089 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4090 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4091 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4092 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4093 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4094 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4096 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4097 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4098 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4099 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4100 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4101 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4102 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4103 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4104 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4105 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4106 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4107

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Protect Your Systems from Cyber Threats Like This

CIS Control That Helps Avoid This Issue Arrow CIS Control 3: Continuous Vulnerability Assessment and Remediation