| CVE ID | CVE-2015-5090 |
| CVSS SCORE | 6.9, AV:L/AC:M/Au:N/C:C/I:C/A:C |
| AFFECTED VENDORS |
Adobe |
| AFFECTED PRODUCTS |
Reader |
| VULNERABILITY DETAILS |
The specific flaw exists within the ARMSvc service. An attacker can force the service to overwrite the Adobe updater with any file signed by Adobe. An attacker can leverage this vulnerability to execute code under the context of SYSTEM.
|
| ADDITIONAL DETAILS |
Adobe has issued an update to correct this vulnerability. More details can be found at:
https://helpx.adobe.com/security/products/reader/apsb15-15.html |
| DISCLOSURE TIMELINE |
|
| CREDIT | AbdulAziz Hariri and Jasiel Spelman - HP Zero Day Initiative |
