CVE-2016-1087

Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows local users to gain privileges via a Trojan horse resource in an unspecified directory, a different vulnerability than CVE-2016-1090 and CVE-2016-4106.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
adobeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
VendorProductVersion
adobeacrobat
𝑥
≤ 11.0.15
adobeacrobat_dc
𝑥
≤ 15.006.30121
adobeacrobat_dc
𝑥
≤ 15.010.20060
adobeacrobat_reader_dc
𝑥
≤ 15.006.30121
adobeacrobat_reader_dc
𝑥
≤ 15.010.20060
adobereader
𝑥
≤ 11.0.15
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/90513
http://www.securitytracker.com/id/1035828
https://helpx.adobe.com/security/products/acrobat/apsb16-14.html
http://www.securityfocus.com/bid/90513
http://www.securitytracker.com/id/1035828
https://helpx.adobe.com/security/products/acrobat/apsb16-14.html