Adobe Reader and Acrobat JavaScript API Execution Bypass Vulnerability
CVE-2015-3071

Currently unrated

Key Information:

Vendor: Adobe
Status: Acrobat Reader; Mac Os X; Windows
Vendor: CVE Published:; 13 May 2015

Summary

This vulnerability in Adobe Reader and Acrobat allows attackers to bypass restrictions meant to control JavaScript API execution. The flaw exists in versions before 10.1.14 for Adobe Reader 10.x and 11.0.11 for Adobe Reader 11.x on both Windows and OS X platforms. Attackers may exploit this flaw through unspecified vectors, potentially leading to unauthorized actions within the applications.

References

http://www.securityfocus.com/bid/74604

vdb-entryx_refsource_BID

https://helpx.adobe.com/security/products/reader/apsb15-1...

x_refsource_CONFIRM

http://www.zerodayinitiative.com/advisories/ZDI-15-195

x_refsource_MISC

Timeline

Vulnerability published
May 13, 2015
Vulnerability Reserved
Apr 9, 2015