CERT-In Advisory
CIAD-2015-0056
Multiple Vulnerabilities in Adobe Reader and Acrobat
Original Issue Date: October 14, 2015
Severity Rating: High
Software Affected
- Adobe Acrobat DC ( 2015.008.20082 ) and earlier versions for Windows and Macintosh
- Adobe Acrobat Reader DC ( 2015.008.20082 ) and earlier versions for Windows and Macintosh
- Adobe Acrobat DC (2015.006.30060) and earlier versions for Windows and Macintosh
- Adobe Acrobat Reader DC (2015.006.30060) and earlier versions for Windows and Macintosh
- Adobe Acrobat XI (11.0.12 ) and earlier versions for Windows and Macintosh
- Adobe Reader XI (11.0.12 ) and earlier versions for Windows and Macintosh
- Adobe Acrobat X (10.1.15) and earlier versions for Windows and Macintosh
- Adobe Reader X (10.1.15) and earlier versions for Windows and Macintosh
Overview
Multiple vulnerabilities have been reported in Adobe Reader and Acrobat which could allow an unauthenticated remote attacker to execute arbitrary code, bypass security restrictions or gain access to sensitive information by enticing a user to visit specially crafted web page hosting malicious content or execute specially crafted PDF files on the targeted system.
Description
1. Buffer Overflow Vulnerability
(
CVE-2015-6692
)
This vulnerability occurs due to unknown errors in Adobe Reader and Acrobat. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to cause buffer overflow conditions via unspecified vectors leading to disclosure of sensitive information from the targeted system.
2. Use-after-free vulnerabilities
(
CVE-2015-6689
CVE-2015-6688
CVE-2015-6690
CVE-2015-7615
CVE-2015-7617
CVE-2015-6687
CVE-2015-6684
CVE-2015-6691
CVE-2015-7621
CVE-2015-5586
CVE-2015-6683
)
These vulnerabilities occur due to use after free error caused because of improper handling of U3D objects, EScript Exceptions, PDFs with media content, popUpMenuEx method and Will Save Document action functions of Adobe Reader and Acrobat. A remote attacker could exploit these vulnerabilities by enticing a user to open specially crafted PDF files containing Will save document action or U3D objects. Successful exploitation of these vulnerabilities could allow a remote attacker to dereference already freed memory leading to the execution of arbitrary code on the targeted system.
3. Heap-Based Buffer Overflow Vulnerabilities
(
CVE-2015-6696
CVE-2015-6698
)
These vulnerabilities occur due to improper user input validation by Acroform object of Adobe Reader and Acrobat. Successful exploitation of these vulnerabilities could allow a remote attacker to write past the end of allocated object causing heap buffer overflow conditions leading to execution of arbitrary code on the targeted system.
4. Memory Corruption Vulnerabilities
(
CVE-2015-6685
CVE-2015-6693
CVE-2015-6694
CVE-2015-6695
CVE-2015-6686
CVE-2015-7622
)
These Vulnerabilities exist due to improper validation of user-supplied input by Adobe Reader and Acrobat. A remote attacker could exploit these vulnerabilities by enticing a user to open specially crafted PDF files causing memory corruption errors. Successful exploitation of these vulnerabilities could allow remote attacker to execute arbitrary code on the targeted system.
5. Memory Leak Vulnerabilities
(
CVE-2015-6699
CVE-2015-6700
CVE-2015-6701
CVE-2015-6702
CVE-2015-6703
CVE-2015-6704
CVE-2015-6697
)
These vulnerabilities occur due to improper handling of addForegroundSprite, setBackground, ambientIlluminationColor property, createSquareMesh, loadFlashMovie and animations methods by Adobe Reader and Acrobat. Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or gain access to memory layout information on the targeted system.
6. Security Bypass Vulnerabilities
(
CVE-2015-5583
CVE-2015-6705
CVE-2015-6706
CVE-2015-7624
)
These vulnerabilities occur due to flaw in Adobe Reader Printing method and other improper security restrictions imposed by Adobe Reader and Acrobat. Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to print arbitrary PDF files on remote printers or by pass and box security restrictions to gain access to sensitive information on the targeted system.
7. JavaScript API Execution Restriction bypass Vulnerabilities
(
CVE-2015-6707
CVE-2015-6708
CVE-2015-6709
CVE-2015-6710
CVE-2015-6711
CVE-2015-6712
CVE-2015-7614
CVE-2015-7616
CVE-2015-6717
CVE-2015-6718
CVE-2015-6719
CVE-2015-6720
CVE-2015-6721
CVE-2015-6722
CVE-2015-6723
CVE-2015-6724
CVE-2015-6725
CVE-2015-7618
CVE-2015-7619
CVE-2015-7620
CVE-2015-7623
CVE-2015-6713
CVE-2015-6714
CVE-2015-6715
)
These vulnerabilities occur due to flaw in various JavaScript API methods of Adobe Reader and Acrobat which includes ANAuthenticateResource, ANSendFormFormDistribution, ANRunSharedReviewEmailStep, ANSendForSharedReview, CBSharedReviewCloseDialog, CBSharedReviewIfOfflineDialog, CBSharedReviewSecurityDialog, ANShareFile2, DynamicAnnotStore, CBAutoConfigCommentRepository, ANTrustPropagateAll, ANSendForBrowserReview, ANSendForApproval, CBSharedReviewStatusDialog,DynamicAnnotStore, CBAutoConfigCommentRepository, ANTrustPropagateAll, ANSendForBrowserReview, ANVerifyComments , apply, bind, call, ANSendApprovalToAuthorEnabled, CBBBRInit, CBBBRInvite, DoIdentityDialog, ANStartApproval, ANSendForReview methods. A remote attacker could exploit these vulnerabilities by convincing a user to execute specially crafted PDF files. Successful exploitation of these vulnerabilities could allow remote attacker to bypass restrictions on JavaScript API execution and execute arbitrary code on the targeted system.
Solution
Apply appropriate patches as mentioned in Adobe Security Bulletin
APSB15-24
Vendor Information
Adobe
https://helpx.adobe.com/security/products/acrobat/apsb15-24.html
References
Cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=41495
Zero Day initiative
http://www.zerodayinitiative.com/advisories/ZDI-15-510
http://www.zerodayinitiative.com/advisories/ZDI-15-509
http://www.zerodayinitiative.com/advisories/ZDI-15-508
http://www.zerodayinitiative.com/advisories/ZDI-15-507
http://www.zerodayinitiative.com/advisories/ZDI-15-506
http://www.zerodayinitiative.com/advisories/ZDI-15-505
http://www.zerodayinitiative.com/advisories/ZDI-15-504
http://www.zerodayinitiative.com/advisories/ZDI-15-503
http://www.zerodayinitiative.com/advisories/ZDI-15-502
http://www.zerodayinitiative.com/advisories/ZDI-15-501
http://www.zerodayinitiative.com/advisories/ZDI-15-500
http://www.zerodayinitiative.com/advisories/ZDI-15-499
http://www.zerodayinitiative.com/advisories/ZDI-15-498
http://www.zerodayinitiative.com/advisories/ZDI-15-497
http://www.zerodayinitiative.com/advisories/ZDI-15-496
http://www.zerodayinitiative.com/advisories/ZDI-15-495
http://www.zerodayinitiative.com/advisories/ZDI-15-494
http://www.zerodayinitiative.com/advisories/ZDI-15-493
http://www.zerodayinitiative.com/advisories/ZDI-15-492
http://www.zerodayinitiative.com/advisories/ZDI-15-491
http://www.zerodayinitiative.com/advisories/ZDI-15-490
http://www.zerodayinitiative.com/advisories/ZDI-15-489
http://www.zerodayinitiative.com/advisories/ZDI-15-488
http://www.zerodayinitiative.com/advisories/ZDI-15-487
http://www.zerodayinitiative.com/advisories/ZDI-15-486
http://www.zerodayinitiative.com/advisories/ZDI-15-485
http://www.zerodayinitiative.com/advisories/ZDI-15-484
http://www.zerodayinitiative.com/advisories/ZDI-15-483
http://www.zerodayinitiative.com/advisories/ZDI-15-482
http://www.zerodayinitiative.com/advisories/ZDI-15-481
http://www.zerodayinitiative.com/advisories/ZDI-15-480
http://www.zerodayinitiative.com/advisories/ZDI-15-479
http://www.zerodayinitiative.com/advisories/ZDI-15-478
http://www.zerodayinitiative.com/advisories/ZDI-15-477
http://www.zerodayinitiative.com/advisories/ZDI-15-476
http://www.zerodayinitiative.com/advisories/ZDI-15-475
http://www.zerodayinitiative.com/advisories/ZDI-15-474
http://www.zerodayinitiative.com/advisories/ZDI-15-473
http://www.zerodayinitiative.com/advisories/ZDI-15-472
http://www.zerodayinitiative.com/advisories/ZDI-15-471
http://www.zerodayinitiative.com/advisories/ZDI-15-470
http://www.zerodayinitiative.com/advisories/ZDI-15-469
http://www.zerodayinitiative.com/advisories/ZDI-15-468
http://www.zerodayinitiative.com/advisories/ZDI-15-467
http://www.zerodayinitiative.com/advisories/ZDI-15-466
CVE Name
CVE-2015-6692
CVE-2015-6689
CVE-2015-6688
CVE-2015-6690
CVE-2015-7615
CVE-2015-7617
CVE-2015-6687
CVE-2015-6684
CVE-2015-6691
CVE-2015-7621
CVE-2015-5586
CVE-2015-6683
CVE-2015-6696
CVE-2015-6698
CVE-2015-6685
CVE-2015-6693
CVE-2015-6694
CVE-2015-6695
CVE-2015-6686
CVE-2015-7622
CVE-2015-6699
CVE-2015-6700
CVE-2015-6701
CVE-2015-6702
CVE-2015-6703
CVE-2015-6704
CVE-2015-6697
CVE-2015-5583
CVE-2015-6705
CVE-2015-6706
CVE-2015-7624
CVE-2015-6707
CVE-2015-6708
CVE-2015-6709
CVE-2015-6710
CVE-2015-6711
CVE-2015-6712
CVE-2015-7614
CVE-2015-7616
CVE-2015-6717
CVE-2015-6718
CVE-2015-6719
CVE-2015-6720
CVE-2015-6721
CVE-2015-6722
CVE-2015-6723
CVE-2015-6724
CVE-2015-6725
CVE-2015-7618
CVE-2015-7619
CVE-2015-7620
CVE-2015-7623
CVE-2015-6713
CVE-2015-6714
CVE-2015-6715
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|