JavaScript API Execution Bypass in Adobe Reader and Acrobat
CVE-2015-3061

Currently unrated

Key Information:

Vendor: Adobe
Status: Acrobat Reader; Mac Os X; Windows
Vendor: CVE Published:; 13 May 2015

Summary

Adobe Reader and Acrobat versions prior to 10.1.14 and 11.0.11 contain a vulnerability that permits attackers to circumvent established restrictions on JavaScript API execution. This could potentially allow unauthorized actions to be carried out through the exploited JavaScript capabilities within the affected applications. The vulnerability arises from unspecified vectors, making it necessary for users to ensure they are using updated, secure versions of these products.

References

http://www.securityfocus.com/bid/74604

vdb-entryx_refsource_BID

https://helpx.adobe.com/security/products/reader/apsb15-1...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1032284

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
May 13, 2015
Vulnerability Reserved
Apr 9, 2015