JavaScript API Execution Bypass in Adobe Reader and Acrobat on Windows and OS X
CVE-2015-3068

Currently unrated

Key Information:

Vendor: Adobe
Status: Acrobat; Mac Os X; Windows
Vendor: CVE Published:; 13 May 2015

What is CVE-2015-3068?

The vulnerability enables attackers to circumvent intended restrictions on JavaScript API execution within Adobe Reader and Acrobat applications. This flaw affects versions of both products prior to specified updates, potentially allowing malicious actors to execute arbitrary JavaScript code in a trusted context, which could lead to further exploits.

References

http://www.securityfocus.com/bid/74604

vdb-entryx_refsource_BID

http://www.zerodayinitiative.com/advisories/ZDI-15-202

x_refsource_MISC

https://helpx.adobe.com/security/products/reader/apsb15-1...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2015
Vulnerability Reserved
Apr 9, 2015