Vulnerability Details : CVE-2016-1111
Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via a crafted Graphics State dictionary.
Vulnerability category: Memory CorruptionExecute code
Exploit prediction scoring system (EPSS) score for CVE-2016-1111
Probability of exploitation activity in the next 30 days: 4.40%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 92 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-1111
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
References for CVE-2016-1111
-
http://www.zerodayinitiative.com/advisories/ZDI-16-273/
ZDI-16-273 | Zero Day InitiativeThird Party Advisory;VDB Entry
-
https://helpx.adobe.com/security/products/acrobat/apsb16-02.html
Adobe Security BulletinVendor Advisory
Products affected by CVE-2016-1111
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*