CVE-2016-1111

Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via a crafted Graphics State dictionary.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
adobeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
adobeacrobat
𝑥
≤ 11.0.13
adobeacrobat_dc
𝑥
≤ 15.006.30097
adobeacrobat_dc
𝑥
≤ 15.009.20077
adobeacrobat_reader
𝑥
≤ 9.0
adobeacrobat_reader_dc
𝑥
≤ 15.006.30097
adobeacrobat_reader_dc
𝑥
≤ 15.009.20077
𝑥
= Vulnerable software versions
References
http://www.zerodayinitiative.com/advisories/ZDI-16-273/
https://helpx.adobe.com/security/products/acrobat/apsb16-02.html
http://www.zerodayinitiative.com/advisories/ZDI-16-273/
https://helpx.adobe.com/security/products/acrobat/apsb16-02.html