CVE-2016-4106

EUVD-2016-5107
Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows local users to gain privileges via a Trojan horse resource in an unspecified directory, a different vulnerability than CVE-2016-1087 and CVE-2016-1090.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
adobeacrobat
𝑥
≤ 11.0.15
adobeacrobat_dc
𝑥
≤ 15.006.30121
adobeacrobat_dc
𝑥
≤ 15.010.20060
adobeacrobat_reader_dc
𝑥
≤ 15.006.30121
adobeacrobat_reader_dc
𝑥
≤ 15.010.20060
adobereader
𝑥
≤ 11.0.15
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/90513
http://www.securitytracker.com/id/1035828
https://helpx.adobe.com/security/products/acrobat/apsb16-14.html
http://www.securityfocus.com/bid/90513
http://www.securitytracker.com/id/1035828
https://helpx.adobe.com/security/products/acrobat/apsb16-14.html