CVE-2016-0938

EUVD-2016-0949
The AcroForm plugin in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
adobeacrobat_reader
𝑥
≤ 11.0.13
adobeacrobat_reader
11.0.0
adobeacrobat_reader
11.0.1
adobeacrobat_reader
11.0.2
adobeacrobat_reader
11.0.3
adobeacrobat_reader
11.0.4
adobeacrobat_reader
11.0.5
adobeacrobat_reader
11.0.6
adobeacrobat_reader
11.0.7
adobeacrobat_reader
11.0.8
adobeacrobat_reader
11.0.9
adobeacrobat_reader
11.0.10
adobeacrobat_reader
11.0.11
adobeacrobat_reader
11.0.12
adobeacrobat_dc
𝑥
≤ 15.006.30097
adobeacrobat_dc
𝑥
≤ 15.009.20077
adobeacrobat_reader_dc
𝑥
≤ 15.006.30097
adobeacrobat_reader_dc
𝑥
≤ 15.009.20077
adobeacrobat
𝑥
≤ 11.0.13
adobeacrobat
11.0.0
adobeacrobat
11.0.1
adobeacrobat
11.0.2
adobeacrobat
11.0.3
adobeacrobat
11.0.4
adobeacrobat
11.0.5
adobeacrobat
11.0.6
adobeacrobat
11.0.7
adobeacrobat
11.0.8
adobeacrobat
11.0.9
adobeacrobat
11.0.10
adobeacrobat
11.0.11
adobeacrobat
11.0.12
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securitytracker.com/id/1034646
http://zerodayinitiative.com/advisories/ZDI-16-013
https://helpx.adobe.com/security/products/acrobat/apsb16-02.html
http://www.securitytracker.com/id/1034646
http://zerodayinitiative.com/advisories/ZDI-16-013
https://helpx.adobe.com/security/products/acrobat/apsb16-02.html