Published: 13/10/2016 Updated: 30/07/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Use-after-free vulnerability in Adobe Reader and Acrobat prior to 11.0.18, Acrobat and Acrobat Reader DC Classic prior to 15.006.30243, and Acrobat and Acrobat Reader DC Continuous prior to 15.020.20039 on Windows and OS X allows malicious users to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.

Affected Products

Vendor Product Versions
AdobeAcrobat Dc15.006.30201, 15.017.20053
AdobeAcrobat Reader Dc15.006.30201, 15.017.20053

Recent Articles

Adobe releases updates that resolve 84 Security Vulnerabilities
BleepingComputer • Lawrence Abrams • 11 Oct 2016

Today, Adobe released security updates for Adobe Flash Player, Adobe Acrobat and Reader, and Creative Cloud Desktop. When you combine the vulnerabilities patched for the three products, there are 84 exploits fixed, with many of them being labeled as Critical, because they allow code execution.
Code execution is when the vulnerability can be exploited to execute commands on the affected computer.  This allows attackers to create specially crafted code that can be inserted onto web si...