6.8
CVE-2015-6688
- EPSS 2.43%
- Veröffentlicht 14.10.2015 23:59:09
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle psirt@adobe.com
- Teams Watchlist Login
- Unerledigt Login
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via a crafted Optional Content Groups (OCG) object in a WillSave document action, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Acrobat Dc SwEditionclassic Version >= 15.006.30060 < 15.006.30094
Adobe ≫ Acrobat Dc SwEditioncontinuous Version >= 15.008.20082 < 15.009.20069
Adobe ≫ Acrobat Reader Version >= 10.0 <= 10.1.15
Adobe ≫ Acrobat Reader Version >= 11.0.0 <= 11.0.12
Adobe ≫ Acrobat Reader Dc SwEditionclassic Version >= 15.006.30060 < 15.006.30094
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.43% | 0.837 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.