CVE-2016-4204

CRITICAL

Adobe Reader and Acrobat <11.0.17 <15.006.30198 - Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-4204. PoCs published by COSIG.

AI-analyzed exploit summary This is a vulnerability writeup for CVE-2016-4204, detailing a remote code execution flaw in Adobe Acrobat Reader DC via a crafted PDF with an invalid TTF font. The PoC is referenced externally but not included in the provided text.

Description

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.

Exploits (1)

exploitdb WRITEUP VERIFIED

by COSIG · textdosmultiple

https://www.exploit-db.com/exploits/40096

View Code ZIP pw:eip

This is a vulnerability writeup for CVE-2016-4204, detailing a remote code execution flaw in Adobe Acrobat Reader DC via a crafted PDF with an invalid TTF font. The PoC is referenced externally but not included in the provided text.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Adobe Acrobat Reader DC 15.016.20045 and earlier

No auth needed

Prerequisites: User interaction to open a malicious PDF file

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/91716

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1036281

Patch, Vendor Advisory x_refsource_confirm

https://helpx.adobe.com/security/products/acrobat/apsb16-26.html

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/40096/

Scores

CVSS v3 9.8

EPSS 0.1781

EPSS Percentile 96.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (6)

adobe/acrobat < 11.0.16

adobe/acrobat_dc < 15.006.30174

adobe/acrobat_dc < 15.016.20045

adobe/acrobat_reader_dc < 15.006.30174

adobe/acrobat_reader_dc < 15.016.20045

adobe/reader < 11.0.16

Published Jul 13, 2016

Tracked Since Feb 18, 2026