CVE-2016-4106

{"id": "CVE-2016-4106", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2016-05-11T11:00:59.387", "references": [{"url": "http://www.securityfocus.com/bid/90513", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@adobe.com"}, {"url": "http://www.securitytracker.com/id/1035828", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@adobe.com"}, {"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@adobe.com"}, {"url": "http://www.securityfocus.com/bid/90513", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1035828", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows local users to gain privileges via a Trojan horse resource in an unspecified directory, a different vulnerability than CVE-2016-1087 and CVE-2016-1090."}, {"lang": "es", "value": "Vulnerabilidad de b\u00fasqueda de ruta no confiable en Adobe Reader y Acrobat en versiones anteriores a 11.0.16, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 15.006.30172 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 15.016.20039 sobre Windows y OS X permite a usuarios locales obtener privilegios a trav\u00e9s de un recurso troyano en un directorio no especificado, una vulnerabilidad diferente a CVE-2016-1087 y CVE-2016-1090."}], "lastModified": "2024-11-21T02:51:22.713", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574"}, {"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A70458C-0416-49BD-A371-1CFA85DC6A13", "versionEndIncluding": "11.0.15"}, {"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*", "vulnerable": true, "matchCriteriaId": "E91D5928-1453-4359-9F35-46D9A3A9CD91", "versionEndIncluding": "15.006.30121"}, {"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", "vulnerable": true, "matchCriteriaId": "504D35C5-04CB-4FBD-B9FD-4CBA71A5EC1A", "versionEndIncluding": "15.010.20060"}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*", "vulnerable": true, "matchCriteriaId": "A63411C3-E8AE-415D-B1B6-1EA6AA20494A", "versionEndIncluding": "15.006.30121"}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", "vulnerable": true, "matchCriteriaId": "B33BAE59-1F77-4F21-A5C0-B5D9D1D67F1E", "versionEndIncluding": "15.010.20060"}, {"criteria": "cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15C60A67-A7DE-4B57-BC2B-28D9B546DA3B", "versionEndIncluding": "11.0.15"}], "operator": "OR"}], "operator": "AND"}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/426.html\">CWE-426: Untrusted Search Path</a>", "sourceIdentifier": "psirt@adobe.com"}