CVE-2015-6685

EUVD-2015-6623

14.10.2015, 23:59

Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) by using the Format action for unspecified fields, a different vulnerability than CVE-2015-6686, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, and CVE-2015-7622.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.8 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 74%

Affected Products (NVD)

Vendor	Product	Version
adobe	acrobat	10.0 ≤ 𝑥 ≤ 10.1.15
adobe	acrobat	11.0.0 ≤ 𝑥 ≤ 11.0.12
adobe	acrobat_dc	15.006.30060 ≤ 𝑥 < 15.006.30094
adobe	acrobat_dc	15.008.20082 ≤ 𝑥 < 15.009.20069
adobe	acrobat_reader	10.0 ≤ 𝑥 ≤ 10.1.15
adobe	acrobat_reader	11.0.0 ≤ 𝑥 ≤ 11.0.12
adobe	acrobat_reader_dc	15.006.30060 ≤ 𝑥 < 15.006.30094
adobe	acrobat_reader_dc	15.008.20082 ≤ 𝑥 < 15.009.20069

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://www.securitytracker.com/id/1033796

http://www.zerodayinitiative.com/advisories/ZDI-15-467

https://helpx.adobe.com/security/products/acrobat/apsb15-24.html

http://www.securitytracker.com/id/1033796

http://www.zerodayinitiative.com/advisories/ZDI-15-467

https://helpx.adobe.com/security/products/acrobat/apsb15-24.html