2018-07-09 21:29:03 2019-10-03 02:03:26

Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an XFA '\n' POST injection vulnerability. Successful exploitation could lead to a security bypass.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Adobe Acrobat reader dc 15.016.20041 ~~continuous~~~ (not an official CPE) Adobe Acrobat reader dc 15.016.20039 ~~continuous~~~ (not an official CPE) Adobe Acrobat reader dc 15.010.20060 ~~continuous~~~ (not an official CPE) Adobe Acrobat reader dc 15.010.20059 ~~continuous~~~ (not an official CPE) Adobe Acrobat reader dc 15.010.20056 ~~continuous~~~ (not an official CPE) Adobe Acrobat reader dc 15.009.20079 ~~continuous~~~ (not an official CPE) Adobe Acrobat reader dc 15.009.20077 ~~continuous~~~ (not an official CPE) Adobe Acrobat reader dc 15.009.20071 ~~continuous~~~ (not an official CPE) Adobe Acrobat reader dc 15.009.20069 ~~continuous~~~ (not an official CPE) Adobe Acrobat reader dc 15.008.20082 ~~continuous~~~ (not an official CPE) Adobe Acrobat reader dc 15.006.30417 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 15.006.30416 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 15.006.30394 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 15.006.30392 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 15.006.30355 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 15.006.30354 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 15.006.30352 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 15.006.30306 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 15.006.30280 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 15.006.30279 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 15.006.30244 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 15.006.30243 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 15.006.30201 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 15.006.30198 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 15.006.30174 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 15.006.30173 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 15.006.30172 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 15.006.30121 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 15.006.30119 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 15.006.30097 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 15.006.30096 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 15.006.30094 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 15.006.30060 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 18.011.20038 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 18.009.20050 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 18.009.20044 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 17.012.20098 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 17.012.20096 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 17.012.20095 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 17.012.20093 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 17.011.30079 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 17.011.30078 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 17.011.30070 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 17.011.30068 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 17.011.30066 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 17.011.30065 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 17.011.30059 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 17.009.20058 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 17.009.20044 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 17.000.0000 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 15.023.20070 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 15.023.20056 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 15.023.20053 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 15.020.20042 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 15.020.20039 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 15.017.20053 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 15.017.20050 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 15.016.20045 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 15.016.20041 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 15.016.20039 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 15.010.20060 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 15.010.20059 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 15.010.20056 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 15.009.20079 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 15.009.20077 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 15.009.20071 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 15.009.20069 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 15.008.20082 ~~continuous~~~ (not an official CPE) Adobe Acrobat dc 15.006.30417 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 15.006.30416 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 15.006.30413 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 15.006.30394 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 15.006.30392 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 15.006.30355 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 15.006.30354 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 15.006.30352 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 15.006.30306 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 15.006.30280 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 15.006.30279 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 15.006.30244 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 15.006.30243 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 15.006.30201 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 15.006.30198 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 15.006.30174 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 15.006.30173 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 15.006.30172 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 15.006.30121 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 15.006.30119 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 15.006.30097 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 15.006.30096 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 15.006.30094 ~~classic~~~ (not an official CPE) Adobe Acrobat dc 15.006.30060 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 15.016.20045 ~~continuous~~~ (not an official CPE) Adobe Acrobat reader dc 15.017.20050 ~~continuous~~~ (not an official CPE) Adobe Acrobat reader dc 15.017.20053 ~~continuous~~~ (not an official CPE) Adobe Acrobat reader dc 15.020.20039 ~~continuous~~~ (not an official CPE) Adobe Acrobat reader dc 15.020.20042 ~~continuous~~~ (not an official CPE) Adobe Acrobat reader dc 15.023.20053 ~~continuous~~~ (not an official CPE) Adobe Acrobat reader dc 15.023.20056 ~~continuous~~~ (not an official CPE) Adobe Acrobat reader dc 15.023.20070 ~~continuous~~~ (not an official CPE) Adobe Acrobat reader dc 17.000.0000 ~~continuous~~~ (not an official CPE) Adobe Acrobat reader dc 17.009.20044 ~~continuous~~~ (not an official CPE) Adobe Acrobat reader dc 17.009.20058 ~~continuous~~~ (not an official CPE) Adobe Acrobat reader dc 17.011.30059 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 17.011.30065 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 17.011.30066 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 17.011.30068 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 17.011.30070 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 17.011.30078 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 17.011.30079 ~~classic~~~ (not an official CPE) Adobe Acrobat reader dc 17.012.20093 ~~continuous~~~ (not an official CPE) Adobe Acrobat reader dc 17.012.20095 ~~continuous~~~ (not an official CPE) Adobe Acrobat reader dc 17.012.20098 ~~continuous~~~ (not an official CPE) Adobe Acrobat reader dc 18.009.20044 ~~continuous~~~ (not an official CPE) Adobe Acrobat reader dc 18.009.20050 ~~continuous~~~ (not an official CPE) Adobe Acrobat reader dc 18.011.20038 ~~continuous~~~ (not an official CPE)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (ID 74)

Related CAPEC 38 Buffer Overflow via Environment Variables (CAPEC-ID 10) Server Side Include (SSI) Injection (CAPEC-ID 101) Cross Site Scripting through Log Files (CAPEC-ID 106) Command Line Execution through SQL Injection (CAPEC-ID 108) Subverting Environment Variable Values (CAPEC-ID 13) Format String Injection (CAPEC-ID 135) Client-side Injection-induced Buffer Overflow (CAPEC-ID 14) Filter Failure through Buffer Overflow (CAPEC-ID 24) XML Injection (CAPEC-ID 250) Leverage Alternate Encoding (CAPEC-ID 267) HTTP Response Smuggling (CAPEC-ID 273) Fuzzing (CAPEC-ID 28) Using Leading 'Ghost' Character Sequences to Bypass Input Filters (CAPEC-ID 3) HTTP Response Splitting (CAPEC-ID 34) Manipulating Writeable Terminal Devices (CAPEC-ID 40) MIME Conversion (CAPEC-ID 42) Exploiting Multiple Input Interpretation Layers (CAPEC-ID 43) Buffer Overflow via Symbolic Links (CAPEC-ID 45) Overflow Variables and Tags (CAPEC-ID 46) Buffer Overflow via Parameter Expansion (CAPEC-ID 47) Poison Web Service Registry (CAPEC-ID 51) Embedding NULL Bytes (CAPEC-ID 52) Postfix, Null Terminate, and Backslash (CAPEC-ID 53) Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64) SQL Injection (CAPEC-ID 66) String Format Overflow in syslog() (CAPEC-ID 67) Blind SQL Injection (CAPEC-ID 7) Using Unicode Encoding to Bypass Validation Logic (CAPEC-ID 71) URL Encoding (CAPEC-ID 72) Manipulating Input to File System Calls (CAPEC-ID 76) Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78) Using Slashes in Alternate Encoding (CAPEC-ID 79) Buffer Overflow in an API Call (CAPEC-ID 8) Using UTF-8 Encoding to Bypass Validation Logic (CAPEC-ID 80) XPath Injection (CAPEC-ID 83) XQuery Injection (CAPEC-ID 84) Buffer Overflow in Local Command-Line Utilities (CAPEC-ID 9) XSS in IMG Tags (CAPEC-ID 91)