Vulnerability-Lookup

CVE-2015-6688 (GCVE-0-2015-6688)

Vulnerability from cvelistv5 – Published: 2015-10-14 23:00 – Updated: 2024-08-06 07:29

Summary

Severity

No CVSS data available.

CWE

Assigner

adobe

References

3 references

URL	Tags
https://helpx.adobe.com/security/products/acrobat…	x_refsource_CONFIRM
http://www.securitytracker.com/id/1033796	vdb-entryx_refsource_SECTRACK
http://www.zerodayinitiative.com/advisories/ZDI-15-469	x_refsource_MISC

Date Public

2015-10-13 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:29:24.262Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html"
          },
          {
            "name": "1033796",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033796"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-469"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via a crafted Optional Content Groups (OCG) object in a WillSave document action, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-06T18:57:01.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html"
        },
        {
          "name": "1033796",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033796"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-469"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2015-6688",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via a crafted Optional Content Groups (OCG) object in a WillSave document action, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html"
            },
            {
              "name": "1033796",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033796"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-469",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-469"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2015-6688",
    "datePublished": "2015-10-14T23:00:00.000Z",
    "dateReserved": "2015-08-26T00:00:00.000Z",
    "dateUpdated": "2024-08-06T07:29:24.262Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2015-6688",
      "date": "2026-06-30",
      "epss": "0.05995",
      "percentile": "0.92414"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-6688\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2015-10-14T23:59:09.987\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via a crafted Optional Content Groups (OCG) object in a WillSave document action, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n de memoria en Adobe Reader y Acrobat 10.x en versiones anteriores a 10.1.16 y 11.x en versiones anteriores a 11.0.13, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 2015.006.30094 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 2015.009.20069 en Windows y OS X permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un objeto Optional Content Groups (OCG) manipulado en una acci\u00f3n de documento WillSave, una vulnerabilidad diferente a CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617 y CVE-2015-7621.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0\",\"versionEndIncluding\":\"10.1.15\",\"matchCriteriaId\":\"51326A26-C718-4D3A-B43B-00D32D0AF530\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.0.12\",\"matchCriteriaId\":\"B79BB301-C637-441A-AB91-DF59FE90C4F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*\",\"versionStartIncluding\":\"15.006.30060\",\"versionEndExcluding\":\"15.006.30094\",\"matchCriteriaId\":\"8A0D144B-74E2-44FF-9910-47092166D809\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*\",\"versionStartIncluding\":\"15.008.20082\",\"versionEndExcluding\":\"15.009.20069\",\"matchCriteriaId\":\"40FAFBDF-582F-47A3-846E-C9404B035DFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0\",\"versionEndIncluding\":\"10.1.15\",\"matchCriteriaId\":\"A7815802-4A3C-486D-9DEA-9B016E6BC7F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.0.12\",\"matchCriteriaId\":\"E461CC16-7FDB-4A0A-96BF-315485266832\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*\",\"versionStartIncluding\":\"15.006.30060\",\"versionEndExcluding\":\"15.006.30094\",\"matchCriteriaId\":\"782E2B5E-1BDF-42ED-9B41-C58EFB0E6231\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*\",\"versionStartIncluding\":\"15.008.20082\",\"versionEndExcluding\":\"15.009.20069\",\"matchCriteriaId\":\"AFDEB9E8-1AF3-4510-A2CB-AA2ED9AA1D30\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1033796\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-15-469\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://helpx.adobe.com/security/products/acrobat/apsb15-24.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1033796\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-15-469\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://helpx.adobe.com/security/products/acrobat/apsb15-24.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

BDU:2015-11721

Vulnerability from fstec - Published: 15.10.2015

Title

Уязвимость программ редактирования PDF-файлов Adobe Acrobat и Adobe Acrobat Document Cloud и просмотра PDF-файлов Adobe Reader и Adobe Reader Document Cloud, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость программ редактирования PDF-файлов Adobe Acrobat и Adobe Acrobat Document Cloud и просмотра PDF-файлов Adobe Reader и Adobe Reader Document Cloud связана с использованием памяти после её освобождения. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код с помощью специально сформированного OCG-объекта

Severity

Vendor

Adobe Systems Inc.

Software Name

Adobe Reader Document Cloud, Adobe Reader, Adobe Acrobat, Adobe Acrobat Document Cloud

Software Version

до 2015.006.30094 Classic (Adobe Reader Document Cloud), до 2015.009.20069 Continuous (Adobe Reader Document Cloud), от 10.0 до 10.1.16 (Adobe Reader), от 11.0 до 11.0.13 (Adobe Reader), от 10.0 до 10.1.16 (Adobe Acrobat), от 11.0 до 11.0.13 (Adobe Acrobat), до 2015.006.30094 Classic (Adobe Acrobat Document Cloud), до 2015.009.20069 Continuous (Adobe Acrobat Document Cloud)

Possible Mitigations

Использование рекомендаций производителя: https://helpx.adobe.com/security/products/acrobat/apsb15-24.html

Reference

https://helpx.adobe.com/security/products/acrobat/apsb15-24.html http://www.zerodayinitiative.com/advisories/ZDI-15-469

CWE

CWE-416

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": null,
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Adobe Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 2015.006.30094 Classic (Adobe Reader Document Cloud), \u0434\u043e 2015.009.20069 Continuous (Adobe Reader Document Cloud), \u043e\u0442 10.0 \u0434\u043e 10.1.16 (Adobe Reader), \u043e\u0442 11.0 \u0434\u043e 11.0.13 (Adobe Reader), \u043e\u0442 10.0 \u0434\u043e 10.1.16 (Adobe Acrobat), \u043e\u0442 11.0 \u0434\u043e 11.0.13 (Adobe Acrobat), \u0434\u043e 2015.006.30094 Classic (Adobe Acrobat Document Cloud), \u0434\u043e 2015.009.20069 Continuous (Adobe Acrobat Document Cloud)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://helpx.adobe.com/security/products/acrobat/apsb15-24.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "15.10.2015",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "29.10.2015",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2015-11721",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2015-6688",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Adobe Reader Document Cloud, Adobe Reader, Adobe Acrobat, Adobe Acrobat Document Cloud",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Apple Inc. MacOS X 32-bit, Microsoft Corp Windows - 64-bit, Microsoft Corp Windows - 32-bit, Apple Inc. MacOS X 64-bit",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PDF-\u0444\u0430\u0439\u043b\u043e\u0432 Adobe Acrobat \u0438 Adobe Acrobat Document Cloud \u0438 \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 PDF-\u0444\u0430\u0439\u043b\u043e\u0432 Adobe Reader \u0438 Adobe Reader Document Cloud, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PDF-\u0444\u0430\u0439\u043b\u043e\u0432 Adobe Acrobat \u0438 Adobe Acrobat Document Cloud \u0438 \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 PDF-\u0444\u0430\u0439\u043b\u043e\u0432 Adobe Reader \u0438 Adobe Reader Document Cloud \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0451 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e OCG-\u043e\u0431\u044a\u0435\u043a\u0442\u0430",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html\nhttp://www.zerodayinitiative.com/advisories/ZDI-15-469",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,3)"
}

CERTFR-2015-AVI-427

Vulnerability from certfr_avis - Published: 2015-10-14 - Updated: 2015-10-14

De multiples vulnérabilités ont été corrigées dans Adobe Acrobat Reader. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	Acrobat Reader	Acrobat DC (Classic) jusqu'à la version 2015.006.30060
Adobe	Acrobat Reader	Acrobat Reader DC (Classic) jusqu'à la version 2015.006.30060
Adobe	Acrobat Reader	Acrobat X jusqu'à la version 10.1.15
Adobe	Acrobat Reader	Acrobat DC (Continuous) jusqu'à la version 2015.008.20082
Adobe	Acrobat Reader	Acrobat XI jusqu'à la version 11.0.12
Adobe	Acrobat Reader	Reader XI jusqu'à la version 11.0.12
Adobe	Acrobat Reader	Reader X jusqu'à la version 10.1.15
Adobe	Acrobat Reader	Acrobat Reader DC (Continuous) jusqu'à la version 2015.008.20082

References

Title

Publication Time

CNVD-2015-06695

Vulnerability from cnvd - Published: 2015-10-20

Title

Adobe Acrobat/Reader内存错误引用漏洞（CNVD-2015-06695）

Description

Adobe Reader/Acrobat是一款流行的处理PDF文件的应用程序。 Adobe Reader/Acrobat存在内存错误引用漏洞。允许攻击者构建恶意PDF文件，诱使用户解析，可使应用程序崩溃或执行任意的代码。

Severity

高

Patch Name

Adobe Acrobat/Reader内存错误引用漏洞（CNVD-2015-06695）的补丁

Patch Description

Adobe Reader/Acrobat是一款流行的处理PDF文件的应用程序。Adobe Reader/Acrobat存在内存错误引用漏洞。允许攻击者构建恶意PDF文件，诱使用户解析，可使应用程序崩溃或执行任意的代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： https://helpx.adobe.com/content/help/en/security/products/acrobat/apsb15-24.html

Reference

https://helpx.adobe.com/content/help/en/security/products/acrobat/apsb15-24.html

Impacted products

Name
['Adobe Reader/Acrobat 10.x(<10.1.16)', 'Adobe Reader/Acrobat 11.x(<11.0.13)', 'Adobe Acrobat/Acrobat Reader DC Classic <2015.006.30094', 'Adobe Acrobat/Acrobat Reader DC Continuous(on Windows/OS X) <2015.009.20069']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-6688"
    }
  },
  "description": "Adobe Reader/Acrobat\u662f\u4e00\u6b3e\u6d41\u884c\u7684\u5904\u7406PDF\u6587\u4ef6\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nAdobe Reader/Acrobat\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u6784\u5efa\u6076\u610fPDF\u6587\u4ef6\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u7684\u4ee3\u7801\u3002",
  "discovererName": "AbdulAziz Hariri of HP Zero Day Initiative",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://helpx.adobe.com/content/help/en/security/products/acrobat/apsb15-24.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-06695",
  "openTime": "2015-10-20",
  "patchDescription": "Adobe Reader/Acrobat\u662f\u4e00\u6b3e\u6d41\u884c\u7684\u5904\u7406PDF\u6587\u4ef6\u7684\u5e94\u7528\u7a0b\u5e8f\u3002Adobe Reader/Acrobat\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u6784\u5efa\u6076\u610fPDF\u6587\u4ef6\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u7684\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Acrobat/Reader\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff08CNVD-2015-06695\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Adobe Reader/Acrobat 10.x(\u003c10.1.16)",
      "Adobe Reader/Acrobat 11.x(\u003c11.0.13)",
      "Adobe Acrobat/Acrobat Reader DC Classic \u003c2015.006.30094",
      "Adobe Acrobat/Acrobat Reader DC Continuous(on Windows/OS X) \u003c2015.009.20069"
    ]
  },
  "referenceLink": "https://helpx.adobe.com/content/help/en/security/products/acrobat/apsb15-24.html",
  "serverity": "\u9ad8",
  "submitTime": "2015-10-15",
  "title": "Adobe Acrobat/Reader\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff08CNVD-2015-06695\uff09"
}

FKIE_CVE-2015-6688

Vulnerability from fkie_nvd - Published: 2015-10-14 23:59 - Updated: 2026-06-17 00:31

Severity

Summary

References

URL	Tags
psirt@adobe.com	http://www.securitytracker.com/id/1033796	Third Party Advisory, VDB Entry
psirt@adobe.com	http://www.zerodayinitiative.com/advisories/ZDI-15-469	Third Party Advisory, VDB Entry
psirt@adobe.com	https://helpx.adobe.com/security/products/acrobat/apsb15-24.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033796	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-15-469	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/acrobat/apsb15-24.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	acrobat	*
adobe	acrobat	*
adobe	acrobat_dc	*
adobe	acrobat_dc	*
adobe	acrobat_reader	*
adobe	acrobat_reader	*
adobe	acrobat_reader_dc	*
adobe	acrobat_reader_dc	*
apple	macos	-
microsoft	windows	-

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "source": "psirt@adobe.com"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51326A26-C718-4D3A-B43B-00D32D0AF530",
              "versionEndIncluding": "10.1.15",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B79BB301-C637-441A-AB91-DF59FE90C4F7",
              "versionEndIncluding": "11.0.12",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*",
              "matchCriteriaId": "8A0D144B-74E2-44FF-9910-47092166D809",
              "versionEndExcluding": "15.006.30094",
              "versionStartIncluding": "15.006.30060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
              "matchCriteriaId": "40FAFBDF-582F-47A3-846E-C9404B035DFD",
              "versionEndExcluding": "15.009.20069",
              "versionStartIncluding": "15.008.20082",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7815802-4A3C-486D-9DEA-9B016E6BC7F5",
              "versionEndIncluding": "10.1.15",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E461CC16-7FDB-4A0A-96BF-315485266832",
              "versionEndIncluding": "11.0.12",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*",
              "matchCriteriaId": "782E2B5E-1BDF-42ED-9B41-C58EFB0E6231",
              "versionEndExcluding": "15.006.30094",
              "versionStartIncluding": "15.006.30060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
              "matchCriteriaId": "AFDEB9E8-1AF3-4510-A2CB-AA2ED9AA1D30",
              "versionEndExcluding": "15.009.20069",
              "versionStartIncluding": "15.008.20082",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via a crafted Optional Content Groups (OCG) object in a WillSave document action, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n de memoria en Adobe Reader y Acrobat 10.x en versiones anteriores a 10.1.16 y 11.x en versiones anteriores a 11.0.13, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 2015.006.30094 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 2015.009.20069 en Windows y OS X permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un objeto Optional Content Groups (OCG) manipulado en una acci\u00f3n de documento WillSave, una vulnerabilidad diferente a CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617 y CVE-2015-7621."
    }
  ],
  "id": "CVE-2015-6688",
  "lastModified": "2026-06-17T00:31:15.340",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-10-14T23:59:09.987",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1033796"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-469"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1033796"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-C77H-2F4C-X8Q8

Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-6688"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-10-14T23:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via a crafted Optional Content Groups (OCG) object in a WillSave document action, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621.",
  "id": "GHSA-c77h-2f4c-x8q8",
  "modified": "2022-05-13T01:06:42Z",
  "published": "2022-05-13T01:06:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6688"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033796"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-469"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2015-6688

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-6688

Aliases

CVE-2015-6688

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-6688",
    "description": "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via a crafted Optional Content Groups (OCG) object in a WillSave document action, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621.",
    "id": "GSD-2015-6688",
    "references": [
      "https://www.suse.com/security/cve/CVE-2015-6688.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-6688"
      ],
      "details": "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via a crafted Optional Content Groups (OCG) object in a WillSave document action, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621.",
      "id": "GSD-2015-6688",
      "modified": "2023-12-13T01:20:04.828726Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2015-6688",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via a crafted Optional Content Groups (OCG) object in a WillSave document action, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html",
            "refsource": "CONFIRM",
            "url": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html"
          },
          {
            "name": "1033796",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1033796"
          },
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-469",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-469"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.1.15",
                    "versionStartIncluding": "10.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "11.0.12",
                    "versionStartIncluding": "11.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "15.006.30094",
                    "versionStartIncluding": "15.006.30060",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "15.009.20069",
                    "versionStartIncluding": "15.008.20082",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.1.15",
                    "versionStartIncluding": "10.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "11.0.12",
                    "versionStartIncluding": "11.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "15.006.30094",
                    "versionStartIncluding": "15.006.30060",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "15.009.20069",
                    "versionStartIncluding": "15.008.20082",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2015-6688"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via a crafted Optional Content Groups (OCG) object in a WillSave document action, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-469",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-469"
            },
            {
              "name": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html"
            },
            {
              "name": "1033796",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1033796"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2021-09-08T17:19Z",
      "publishedDate": "2015-10-14T23:59Z"
    }
  }
}

VAR-201510-0359

Vulnerability from variot - Updated: 2025-04-13 23:03

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via a crafted Optional Content Groups (OCG) object in a WillSave document action, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621. This vulnerability CVE-2015-5586 , CVE-2015-6683 , CVE-2015-6684 , CVE-2015-6687 , CVE-2015-6689 , CVE-2015-6690 , CVE-2015-6691 , CVE-2015-7615 , CVE-2015-7617 ,and CVE-2015-7621 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlBy the attacker, WillSave document Cleverly crafted in action Optional Content Groups (OCG) Arbitrary code may be executed through the object. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of OCG objects within the WillSave document action. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Adobe Acrobat and Reader are prone to multiple remote code-execution vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A use-after-free vulnerability exists in several Adobe products. 30060 and earlier, Acrobat XI Desktop 11.0.12 and earlier, Reader XI Desktop 11.0.12 and earlier, Acrobat X Desktop 10.1.15 and earlier, Reader X Desktop 10.1.15 and earlier

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201510-0359",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "acrobat reader dc",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "adobe",
        "version": "15.008.20082"
      },
      {
        "model": "acrobat dc",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "adobe",
        "version": "15.008.20082"
      },
      {
        "model": "acrobat dc",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "adobe",
        "version": "15.006.30060"
      },
      {
        "model": "acrobat reader dc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "adobe",
        "version": "15.009.20069"
      },
      {
        "model": "acrobat dc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "adobe",
        "version": "15.006.30094"
      },
      {
        "model": "acrobat",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "adobe",
        "version": "10.0"
      },
      {
        "model": "acrobat reader",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "adobe",
        "version": "10.1.15"
      },
      {
        "model": "acrobat reader",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "adobe",
        "version": "10.0"
      },
      {
        "model": "acrobat reader",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "adobe",
        "version": "11.0.12"
      },
      {
        "model": "acrobat",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "adobe",
        "version": "10.1.15"
      },
      {
        "model": "acrobat",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "adobe",
        "version": "11.0.12"
      },
      {
        "model": "acrobat reader dc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "adobe",
        "version": "15.006.30094"
      },
      {
        "model": "acrobat",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "adobe",
        "version": "11.0.0"
      },
      {
        "model": "acrobat dc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "adobe",
        "version": "15.009.20069"
      },
      {
        "model": "acrobat reader",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "adobe",
        "version": "11.0.0"
      },
      {
        "model": "acrobat reader dc",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "adobe",
        "version": "15.006.30060"
      },
      {
        "model": "acrobat dc",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "(windows/macintosh)"
      },
      {
        "model": "acrobat reader dc",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "(windows/macintosh)"
      },
      {
        "model": "acrobat reader dc",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "classic 2015.006.30094"
      },
      {
        "model": "acrobat",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "11.x (windows/macintosh)"
      },
      {
        "model": "acrobat",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "xi desktop 11.0.13"
      },
      {
        "model": "reader",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "11.x (windows/macintosh)"
      },
      {
        "model": "acrobat dc",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "continuous 2015.009.20069"
      },
      {
        "model": "acrobat",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "10.x (windows/macintosh)"
      },
      {
        "model": "reader",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "xi desktop 11.0.13"
      },
      {
        "model": "acrobat",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "x desktop 10.1.16"
      },
      {
        "model": "acrobat dc",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "classic 2015.006.30094"
      },
      {
        "model": "reader",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "10.x (windows/macintosh)"
      },
      {
        "model": "acrobat reader dc",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "continuous 2015.009.20069"
      },
      {
        "model": "reader",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "x desktop 10.1.16"
      },
      {
        "model": "acrobat pro dc",
        "scope": null,
        "trust": 0.7,
        "vendor": "adobe",
        "version": null
      },
      {
        "model": "acrobat reader",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "11.0.6"
      },
      {
        "model": "acrobat reader",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "11.0.5"
      },
      {
        "model": "acrobat reader dc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "2015.006.30060"
      },
      {
        "model": "acrobat reader",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "11.0.2"
      },
      {
        "model": "acrobat reader",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "11.0.1"
      },
      {
        "model": "acrobat reader dc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "2015.008.20082"
      },
      {
        "model": "acrobat dc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "2015.006.30060"
      },
      {
        "model": "acrobat dc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "2015.008.20082"
      },
      {
        "model": "acrobat reader",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "11.0.0"
      },
      {
        "model": "acrobat reader",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "11.0.3"
      },
      {
        "model": "reader",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "10.1.3"
      },
      {
        "model": "reader",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "10.1.2"
      },
      {
        "model": "reader",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "10.1.1"
      },
      {
        "model": "reader",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "10.1"
      },
      {
        "model": "reader",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "10.0.3"
      },
      {
        "model": "reader",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "10.0.2"
      },
      {
        "model": "reader",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "10.0.1"
      },
      {
        "model": "reader",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "10.0"
      },
      {
        "model": "acrobat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "10.1.3"
      },
      {
        "model": "acrobat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "10.1.2"
      },
      {
        "model": "acrobat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "10.1.1"
      },
      {
        "model": "acrobat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "10.1"
      },
      {
        "model": "acrobat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "10.0.3"
      },
      {
        "model": "acrobat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "10.0.2"
      },
      {
        "model": "acrobat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "10.0.1"
      },
      {
        "model": "acrobat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "10.0"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-15-469"
      },
      {
        "db": "BID",
        "id": "77064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005245"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-201"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6688"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:adobe:acrobat",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:adobe:acrobat_dc",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:adobe:acrobat_reader_dc",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:adobe:acrobat_reader",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005245"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "AbdulAziz Hariri - HP Zero Day Initiative",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-15-469"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2015-6688",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2015-6688",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.7,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2015-6688",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-84649",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-6688",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-6688",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "ZDI",
            "id": "CVE-2015-6688",
            "trust": 0.7,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201510-201",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-84649",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-15-469"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84649"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005245"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-201"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6688"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via a crafted Optional Content Groups (OCG) object in a WillSave document action, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621. This vulnerability CVE-2015-5586 , CVE-2015-6683 , CVE-2015-6684 , CVE-2015-6687 , CVE-2015-6689 , CVE-2015-6690 , CVE-2015-6691 , CVE-2015-7615 , CVE-2015-7617 ,and CVE-2015-7621 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlBy the attacker, WillSave document Cleverly crafted in action Optional Content Groups (OCG) Arbitrary code may be executed through the object. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of OCG objects within the WillSave document action. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Adobe Acrobat and Reader are prone to multiple remote code-execution vulnerabilities. Failed exploit  attempts will likely cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A use-after-free vulnerability exists in several Adobe products. 30060 and earlier, Acrobat XI Desktop 11.0.12 and earlier, Reader XI Desktop 11.0.12 and earlier, Acrobat X Desktop 10.1.15 and earlier, Reader X Desktop 10.1.15 and earlier",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-6688"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005245"
      },
      {
        "db": "ZDI",
        "id": "ZDI-15-469"
      },
      {
        "db": "BID",
        "id": "77064"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84649"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-6688",
        "trust": 3.5
      },
      {
        "db": "ZDI",
        "id": "ZDI-15-469",
        "trust": 2.7
      },
      {
        "db": "SECTRACK",
        "id": "1033796",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005245",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-2997",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-201",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-15-508",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-15-470",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-15-493",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-15-474",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-15-492",
        "trust": 0.3
      },
      {
        "db": "BID",
        "id": "77064",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-84649",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-15-469"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84649"
      },
      {
        "db": "BID",
        "id": "77064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005245"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-201"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6688"
      }
    ]
  },
  "id": "VAR-201510-0359",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-84649"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-13T23:03:46.764000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APSB15-24",
        "trust": 1.5,
        "url": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html"
      },
      {
        "title": "APSB15-24",
        "trust": 0.8,
        "url": "https://helpx.adobe.com/jp/security/products/reader/apsb15-24.html"
      },
      {
        "title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Reader \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
        "trust": 0.8,
        "url": "http://www.fmworld.net/biz/common/adobe/20151015.html"
      },
      {
        "title": "Multiple Adobe Remediation measures for reusing vulnerabilities after product release",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58050"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-15-469"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005245"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-201"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-416",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-84649"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005245"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6688"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-15-469"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1033796"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6688"
      },
      {
        "trust": 0.8,
        "url": "http://www.ipa.go.jp/security/ciadr/vul/20151014-adobereader.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2015/at150035.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6688"
      },
      {
        "trust": 0.8,
        "url": "http://www.npa.go.jp/cyberpolice/topics/?seq=17022"
      },
      {
        "trust": 0.3,
        "url": "http://www.adobe.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-15-469/"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-15-470/"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-15-474/"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-15-492/"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-15-493/"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-15-508/"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-15-469"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84649"
      },
      {
        "db": "BID",
        "id": "77064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005245"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-201"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6688"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-15-469"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84649"
      },
      {
        "db": "BID",
        "id": "77064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005245"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-201"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6688"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-10-13T00:00:00",
        "db": "ZDI",
        "id": "ZDI-15-469"
      },
      {
        "date": "2015-10-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-84649"
      },
      {
        "date": "2015-10-13T00:00:00",
        "db": "BID",
        "id": "77064"
      },
      {
        "date": "2015-10-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-005245"
      },
      {
        "date": "2015-10-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201510-201"
      },
      {
        "date": "2015-10-14T23:59:09.987000",
        "db": "NVD",
        "id": "CVE-2015-6688"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-10-13T00:00:00",
        "db": "ZDI",
        "id": "ZDI-15-469"
      },
      {
        "date": "2020-05-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-84649"
      },
      {
        "date": "2015-10-26T17:00:00",
        "db": "BID",
        "id": "77064"
      },
      {
        "date": "2015-10-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-005245"
      },
      {
        "date": "2020-05-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201510-201"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2015-6688"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-201"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Windows and  Mac OS X Run on  Adobe Reader and  Acrobat Vulnerable to arbitrary code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005245"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-201"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-6688 (GCVE-0-2015-6688)

BDU:2015-11721

CERTFR-2015-AVI-427

Solution

CNVD-2015-06695

FKIE_CVE-2015-6688

GHSA-C77H-2F4C-X8Q8

GSD-2015-6688

VAR-201510-0359

Tags

Sightings

Nomenclature