CVE-2016-1040

Description

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062, and CVE-2016-1117.

Risk Information

Base Score

9.8

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

1.271

Associated Vulnerability

Vulnerability	OS Platform
Update for Google Chrome (51.0.2704.63)	Windows
Update for Google Chrome x64 (51.0.2704.63)	Windows
Update Adobe Reader 11.0.15 to latest version	Windows
Multiple vulnerabilities affected in Acrobat DC 15.010.20060	Windows
Multiple Vulnerabilities are affected in Adobe Acrobat DC for MAC 15.006.30121	Mac
Multiple Vulnerabilities are affected in Adobe Acrobat Reader DC for MAC 15.010.20060	Mac
Update for Google Chrome (51.0.2704.63) (For Ubuntu)	Linux
Update for Google Chrome (51.0.2704.63) (For Debian)	Linux
Update for Google Chrome (51.0.2704.63) (For Centos)	Linux
Update for Google Chrome (51.0.2704.63) (For RedHat)	Linux
Update for Google Chrome (51.0.2704.63) (For Suse)	Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-303496	Update for Google Chrome (51.0.2704.63)
PATCH-303497	Update for Google Chrome x64 (51.0.2704.63)
PATCH-306675	Adobe Reader 11.0.23 update - All languages (APSB17-36)
PATCH-343119	Adobe Acrobat DC Pro and Standard (Continuous Track) update - All languages (24.004.20272)
PATCH-611991	Adobe Acrobat DC for MAC (25.001.20693)(Deployment-Only)
PATCH-611989	Adobe Acrobat Reader DC for MAC (25.001.20693)(Deployment-Only)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234