Vulnerability Details : CVE-2016-0947
Untrusted search path vulnerability in Adobe Download Manager, as used in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X, allows local users to gain privileges via a crafted resource in an unspecified directory.
Products affected by CVE-2016-0947
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-0947
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 33 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-0947
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
References for CVE-2016-0947
-
https://helpx.adobe.com/security/products/acrobat/apsb16-02.html
Adobe Security BulletinPatch;Vendor Advisory
-
http://www.securitytracker.com/id/1034646
Adobe Acrobat/Reader Multiple Flaws Let Remote Users Execute Arbitrary Code and Bypass Security Restrictions - SecurityTrackerThird Party Advisory;VDB Entry
Jump to