Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Critical Adobe Updates - March 2016 - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Critical Adobe Updates - March 2016

Adobe has released updates for Acrobat and Acrobat Reader versions to address "critical vulnerabilities that could potentially allow an attacker to take control of the affected system".

According to Adobe, there are three CVE's fixed in these updates. CVE-2016-1007 and CVE-2016-1009 refer to memory corruption issues that could permit code execution.   CVE-2016-1008 refers to a resource directory search path issue that could also lead to code execution.

Both of these sound serious enough to warrant updating as soon as reasonable.

Further information can be found at:


-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - - Twitter:namedeplume (Protected)


324 Posts
ISC Handler
Mar 8th 2016
Patch released for Flash also. One day late maybe?
Paul Szabo

14 Posts
Looks like the Flash player updates were released today (Thursday 2016-03-10).…

436 Posts
ISC Handler
To possibly help anyone deploying the Reader 11 security patch and writing detection logic for it - the acrord32.exe file doesn't seem to be touched, and is still 11.0.14 from December. Acrord32.dll, however, is updated to 11.0.15, as well as some other files.

27 Posts
Adobe just released Flash

13 Posts

Sign Up for Free or Log In to start participating in the conversation!