Home

CVE-2016-0947

Description

Untrusted search path vulnerability in Adobe Download Manager, as used in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X, allows local users to gain privileges via a crafted resource in an unspecified directory.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.481

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities fixed in Adobe Reader 11.0.14 update - All languages (APSB16-02)Windows
Multiple vulnerabilities fixed in Adobe Acrobat 11.0.14 Pro and Standard update - All languages (APSB16-02)Windows
Multiple vulnerabilities fixed in Adobe Reader 11.0.14 update - Multilingual (MUI) installer (APSB16-02)Windows
Multiple vulnerabilities fixed in Adobe Acrobat DC 15.010.20056Windows
Multiple vulnerabilities fixed in Adobe Acrobat DC 15.006.30119Windows
Multiple vulnerabilities affected in Acrobat DC 15.009.20077Windows
Multiple vulnerabilities affected in Acrobat Reader 11.0.9Windows
Multiple Vulnerabilities are affected in Adobe Acrobat Reader DC MUI 11.0.13Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-303115Adobe Reader 11.0.14 update - All languages (APSB16-02)
PATCH-303114Adobe Acrobat 11.0.14 Pro and Standard update - All languages (APSB16-02)
PATCH-303121Adobe Reader 11.0.14 update - Multilingual (MUI) installer (APSB16-02)
PATCH-343120Adobe Acrobat Reader DC (24.004.20272)
PATCH-315460Adobe Acrobat DC Pro and Standard (Classic Track) update - All languages (15.006.30527) (APSB20-48)
PATCH-343119Adobe Acrobat DC Pro and Standard (Continuous Track) update - All languages (24.004.20272)
PATCH-315465Adobe Acrobat Reader MUI DC (Classic Track) update - All languages (15.006.30527) (APSB20-48)
PATCH-343122Adobe Acrobat Reader DC MUI (24.004.20272)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234