8.4

CVE-2016-1008

Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

Data is provided by the National Vulnerability Database (NVD)
AdobeAcrobat Version <= 11.0.14
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Dc SwEditionclassic Version <= 15.006.30119
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Dc SwEditioncontinuous Version <= 15.010.20059
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Version <= 11.0.14
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Dc SwEditioncontinuous Version <= 15.010.20059
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Dc Version15.006.30119 SwEditionclassic
   ApplemacOS X
   MicrosoftWindows
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.09% 0.261
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.4 2.5 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.