Vulnerability Details : CVE-2015-5111
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4448, CVE-2015-5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5113, and CVE-2015-5114.
Vulnerability category: Memory CorruptionExecute code
Exploit prediction scoring system (EPSS) score for CVE-2015-5111
Probability of exploitation activity in the next 30 days: 1.38%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-5111
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2015-5111
-
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5111
-
http://www.securitytracker.com/id/1032892
Adobe Acrobat/Reader Multiple Flaws Let Remote Users Obtain Potentially Sensitive Information, Gain Elevated Privileges, Execute Arbitrary Code, and Deny Service - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/75739
Adobe Acrobat and Reader Use-After-Free Multiple Remote Code Execution VulnerabilitiesThird Party Advisory;VDB Entry
-
https://helpx.adobe.com/security/products/reader/apsb15-15.html
Adobe Security BulletinPatch;Vendor Advisory
Products affected by CVE-2015-5111
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
- Adobe » Acrobat Dc » Continuous EditionVersions from including (>=) 15.007.20033 and before (<) 15.008.20082cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
- Adobe » Acrobat Dc » Classic EditionVersions from including (>=) 15.006.30033 and before (<) 15.006.30060cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*
- Adobe » Acrobat Reader Dc » Classic EditionVersions from including (>=) 15.006.30033 and before (<) 15.006.30060cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*
- Adobe » Acrobat Reader Dc » Continuous EditionVersions from including (>=) 15.007.20033 and before (<) 15.008.20082cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*