JavaScript API Execution Vulnerability in Adobe Reader and Acrobat
CVE-2015-3074

Currently unrated

Key Information:

Vendor: Adobe
Status: Acrobat; Mac Os X; Windows
Vendor: CVE Published:; 13 May 2015

Summary

Adobe Reader and Acrobat versions prior to 10.1.14 for 10.x and prior to 11.0.11 for 11.x on both Windows and OS X contain a vulnerability that allows attackers to bypass the intended restrictions on JavaScript API execution. This flaw can be exploited through unspecified vectors, potentially enabling unauthorized actions in environments that utilize these applications for viewing or handling PDF documents.

References

http://www.securityfocus.com/bid/74604

vdb-entryx_refsource_BID

https://helpx.adobe.com/security/products/reader/apsb15-1...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1032284

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
May 13, 2015
Vulnerability Reserved
Apr 9, 2015