CVE-2015-6702

The createSquareMesh function in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information from process memory via invalid arguments, a different vulnerability than CVE-2015-6697, CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6703, and CVE-2015-6704.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://helpx.adobe.com/security/products/acrobat/apsb15-24.html	Patch Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-15-480	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033796	Third Party Advisory VDB Entry

Advertisement

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:adobe:acrobat::::::::
	cpe:2.3:a:adobe:acrobat::::::::
	cpe:2.3:a:adobe:acrobat_dc:::::classic:::*
	cpe:2.3:a:adobe:acrobat_dc:::::continuous:::*
	cpe:2.3:a:adobe:acrobat_reader::::::::
	cpe:2.3:a:adobe:acrobat_reader::::::::
	cpe:2.3:a:adobe:acrobat_reader_dc:::::classic:::*
	cpe:2.3:a:adobe:acrobat_reader_dc:::::continuous:::*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Information

Published : 2015-10-14 16:59

Updated : 2021-09-08 10:19

NVD link : CVE-2015-6702

Mitre link : CVE-2015-6702

JSON object : View

CWE

CWE-772

Missing Release of Resource after Effective Lifetime

Advertisement

Products Affected

microsoft

windows

adobe

acrobat
acrobat_reader_dc
acrobat_reader
acrobat_dc

apple

macos

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html", "name": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-480", "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-480", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "MISC"}, {"url": "http://www.securitytracker.com/id/1033796", "name": "1033796", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The createSquareMesh function in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information from process memory via invalid arguments, a different vulnerability than CVE-2015-6697, CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6703, and CVE-2015-6704."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-772"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-6702", "ASSIGNER": "psirt@adobe.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2015-10-14T23:59Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "10.1.15", "versionStartIncluding": "10.0"}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "11.0.12", "versionStartIncluding": "11.0.0"}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15.006.30094", "versionStartIncluding": "15.006.30060"}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15.009.20069", "versionStartIncluding": "15.008.20082"}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "10.1.15", "versionStartIncluding": "10.0"}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "11.0.12", "versionStartIncluding": "11.0.0"}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15.006.30094", "versionStartIncluding": "15.006.30060"}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15.009.20069", "versionStartIncluding": "15.008.20082"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-09-08T17:19Z"}