Vulnerabilities > CVE-2016-1090 - Unspecified vulnerability in Adobe products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
adobe
nessus

Summary

Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows local users to gain privileges via a Trojan horse resource in an unspecified directory, a different vulnerability than CVE-2016-1087 and CVE-2016-4106.

Vulnerable Configurations

Part Description Count
OS
Apple
1
OS
Microsoft
1
Application
Adobe
247

Nessus

  • NASL familyWindows
    NASL idADOBE_READER_APSB16-14.NASL
    descriptionThe version of Adobe Reader installed on the remote Windows host is prior to 11.0.16, 15.006.30172, or 15.016.20039. It is, therefore, affected by multiple vulnerabilities : - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, CVE-2016-4107) - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2016-4091, CVE-2016-4092) - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, CVE-2016-4105, CVE-2016-4119) - An integer overflow vulnerability exists that allows an attacker to execute arbitrary code. (CVE-2016-1043) - Multiple memory leak issues exist that allow an attacker to have an unspecified impact. (CVE-2016-1079, CVE-2016-1092) - An unspecified flaw exists that allows an attacker to disclose sensitive information. (CVE-2016-1112) - Multiple vulnerabilities exist that allow an attacker to bypass restrictions on JavaScript API execution. (CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062, CVE-2016-1117) - Multiple flaws exist when loading dynamic-link libraries. An attacker can exploit this, via a specially crafted .dll file, to execute arbitrary code. (CVE-2016-1087, CVE-2016-1090, CVE-2016-4106) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id91097
    published2016-05-12
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91097
    titleAdobe Reader < 11.0.16 / 15.006.30172 / 15.016.20039 Multiple Vulnerabilities (APSB16-14)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_ADOBE_ACROBAT_APSB16-14.NASL
    descriptionThe version of Adobe Acrobat installed on the remote Mac OS X host is prior to 11.0.16 / 15.006.30172 / 15.016.20039. It is, therefore, affected by multiple vulnerabilities : - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, CVE-2016-4107) - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2016-4091, CVE-2016-4092) - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, CVE-2016-4105, CVE-2016-4119) - An integer overflow vulnerability exists that allows an attacker to execute arbitrary code. (CVE-2016-1043) - Multiple memory leak issues exist that allow an attacker to have an unspecified impact. (CVE-2016-1079, CVE-2016-1092) - An unspecified flaw exists that allows an attacker to disclose sensitive information. (CVE-2016-1112) - Multiple vulnerabilities exist that allow an attacker to bypass restrictions on JavaScript API execution. (CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062, CVE-2016-1117) - Multiple flaws exist when loading dynamic-link libraries. An attacker can exploit this, via a specially crafted .dll file, to execute arbitrary code. (CVE-2016-1087, CVE-2016-1090, CVE-2016-4106) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id91098
    published2016-05-12
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91098
    titleAdobe Acrobat < 11.0.16 / 15.006.30172 / 15.016.20039 Multiple Vulnerabilities (APSB16-14) (Mac OS X)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_ADOBE_READER_APSB16-14.NASL
    descriptionThe version of Adobe Reader installed on the remote Mac OS X host is prior to 11.0.16, 15.006.30172, or 15.016.20039. It is, therefore, affected by multiple vulnerabilities : - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, CVE-2016-4107) - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2016-4091, CVE-2016-4092) - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, CVE-2016-4105, CVE-2016-4119) - An integer overflow vulnerability exists that allows an attacker to execute arbitrary code. (CVE-2016-1043) - Multiple memory leak issues exist that allow an attacker to have an unspecified impact. (CVE-2016-1079, CVE-2016-1092) - An unspecified flaw exists that allows an attacker to disclose sensitive information. (CVE-2016-1112) - Multiple vulnerabilities exist that allow an attacker to bypass restrictions on JavaScript API execution. (CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062, CVE-2016-1117) - Multiple flaws exist when loading dynamic-link libraries. An attacker can exploit this, via a specially crafted .dll file, to execute arbitrary code. (CVE-2016-1087, CVE-2016-1090, CVE-2016-4106) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id91099
    published2016-05-12
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91099
    titleAdobe Reader < 11.0.16 / 15.006.30172 / 15.016.20039 Multiple Vulnerabilities (APSB16-14) (Mac OS X)
  • NASL familyWindows
    NASL idADOBE_ACROBAT_APSB16-14.NASL
    descriptionThe version of Adobe Acrobat installed on the remote Windows host is prior to 11.0.16, 15.006.30172, or 15.016.20039. It is, therefore, affected by multiple vulnerabilities : - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, CVE-2016-4107) - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2016-4091, CVE-2016-4092) - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, CVE-2016-4105, CVE-2016-4119) - An integer overflow vulnerability exists that allows an attacker to execute arbitrary code. (CVE-2016-1043) - Multiple memory leak issues exist that allow an attacker to have an unspecified impact. (CVE-2016-1079, CVE-2016-1092) - An unspecified flaw exists that allows an attacker to disclose sensitive information. (CVE-2016-1112) - Multiple vulnerabilities exist that allow an attacker to bypass restrictions on JavaScript API execution. (CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062, CVE-2016-1117) - Multiple flaws exist when loading dynamic-link libraries. An attacker can exploit this, via a specially crafted .dll file, to execute arbitrary code. (CVE-2016-1087, CVE-2016-1090, CVE-2016-4106) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id91096
    published2016-05-12
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91096
    titleAdobe Acrobat < 11.0.16 / 15.006.30172 / 15.016.20039 Multiple Vulnerabilities (APSB16-14)