CVE-2015-4451 - OpenCVE

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4452, CVE-2015-5085, and CVE-2015-5086.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Adobe	Acrobat Acrobat Dc Acrobat Reader Acrobat Reader Dc
Apple	Macos
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:adobe:acrobat::::::::
	cpe:2.3:a:adobe:acrobat::::::::
	cpe:2.3:a:adobe:acrobat_dc:::::classic:::*
	cpe:2.3:a:adobe:acrobat_dc:::::continuous:::*
	cpe:2.3:a:adobe:acrobat_reader::::::::
	cpe:2.3:a:adobe:acrobat_reader::::::::
	cpe:2.3:a:adobe:acrobat_reader_dc:::::classic:::*
	cpe:2.3:a:adobe:acrobat_reader_dc:::::continuous:::*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/75737
http://www.securitytracker.com/id/1032892
https://helpx.adobe.com/security/products/reader/apsb15-15.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2015-07-15T14:00:00

Updated: 2024-08-06T06:18:11.058Z

Reserved: 2015-06-08T00:00:00

Link: CVE-2015-4451

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2015-07-15T14:59:14.423

Modified: 2021-09-08T17:19:27.117

Link: CVE-2015-4451

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-07-14T00:00:00", "descriptions": [{"lang": "en", "value": "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4452, CVE-2015-5085, and CVE-2015-5086."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-21T09:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"name": "1032892", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032892"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html"}, {"name": "75737", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/75737"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "ID": "CVE-2015-4451", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4452, CVE-2015-5085, and CVE-2015-5086."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1032892", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032892"}, {"name": "https://helpx.adobe.com/security/products/reader/apsb15-15.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html"}, {"name": "75737", "refsource": "BID", "url": "http://www.securityfocus.com/bid/75737"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:18:11.058Z"}, "title": "CVE Program Container", "references": [{"name": "1032892", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032892"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html"}, {"name": "75737", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/75737"}]}]}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2015-4451", "datePublished": "2015-07-15T14:00:00", "dateReserved": "2015-06-08T00:00:00", "dateUpdated": "2024-08-06T06:18:11.058Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "matchCriteriaId": "A2476537-AFF5-423A-92A7-53A05459DFA6", "versionEndIncluding": "10.1.14", "versionStartIncluding": "10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A223BA4-D7D0-4D97-86CF-C695B687E2F3", "versionEndIncluding": "11.0.11", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*", "matchCriteriaId": "D6622F20-8DE4-4284-BA45-1FBC41A3E06F", "versionEndExcluding": "15.006.30060", "versionStartIncluding": "15.006.30033", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", "matchCriteriaId": "5C9A8A87-4113-4FCC-9913-27572D7C7580", "versionEndExcluding": "15.008.20082", "versionStartIncluding": "15.007.20033", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "matchCriteriaId": "68E03A1A-613F-4B54-B9BA-B2C8CAFA3037", "versionEndIncluding": "10.1.14", "versionStartIncluding": "10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B0D83A4-4029-4C39-B1D4-E38BE5B4BED9", "versionEndIncluding": "11.0.11", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*", "matchCriteriaId": "76471725-ED80-45B5-B8A5-85F47FEA4E18", "versionEndExcluding": "15.006.30060", "versionStartIncluding": "15.006.30033", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", "matchCriteriaId": "DDE9EB8A-407F-4707-8AF0-E957DDE76D10", "versionEndExcluding": "15.008.20082", "versionStartIncluding": "15.007.20033", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4452, CVE-2015-5085, and CVE-2015-5086."}, {"lang": "es", "value": "Adobe Reader y Acrobat 10.x anterior a 10.1.15 y 11.x anterior a 11.0.12, Acrobat y Acrobat Reader DC Classic anterior a 2015.006.30060 y Acrobat y Acrobat Reader DC Continuous anterior a 2015.008.20082 en Windows y OS X permite a atacantes eludir las restricciones de ejecuci\u00f3n de JavaScript API a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente a CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4452, CVE-2015-5085, y CVE-2015-5086."}], "id": "CVE-2015-4451", "lastModified": "2021-09-08T17:19:27.117", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-07-15T14:59:14.423", "references": [{"source": "psirt@adobe.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/75737"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032892"}, {"source": "psirt@adobe.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}