JavaScript API Execution Bypass in Adobe Reader and Acrobat on Windows and OS X
CVE-2015-3062

Currently unrated

Key Information:

Vendor: Adobe
Status: Acrobat Reader; Mac Os X; Windows
Vendor: CVE Published:; 13 May 2015

Summary

The vulnerability allows an attacker to circumvent intended restrictions on JavaScript API execution in Adobe Reader and Acrobat. This can lead to unauthorized action being taken by malicious scripts, potentially compromising the integrity and confidentiality of user data. The flaw affects specific versions of the software on both Windows and OS X platforms, making it crucial for users to upgrade to the latest versions where the issue has been remediated.

References

http://www.securityfocus.com/bid/74604

vdb-entryx_refsource_BID

https://helpx.adobe.com/security/products/reader/apsb15-1...

x_refsource_CONFIRM

http://www.zerodayinitiative.com/advisories/ZDI-15-207

x_refsource_MISC

Timeline

Vulnerability published
May 13, 2015
Vulnerability Reserved
Apr 9, 2015