Page 100 of 561 results (0.019 seconds)

CVSS: 9.3EPSS: 5%CPEs: 40EXPL: 0

Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0197, CVE-2010-0201, and CVE-2010-0204. Adobe Reader y Acrobat v9.x anterior v9.3.2, y v8.x anterior v8.2.2 en Windows y Mac OS X, permite a atacantes causar una denegación de servicio (caída de aplicación) o ejecutar código de su elección a través de vectores no especificados, una vulnerabilidad diferente que CVE-2010-0197, CVE-2010-0201, y CVE-2010-0204. • http://www.adobe.com/support/security/bulletins/apsb10-09.html http://www.securityfocus.com/bid/39329 http://www.us-cert.gov/cas/techalerts/TA10-103C.html http://www.vupen.com/english/advisories/2010/0873 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6823 https://access.redhat.com/security/cve/CVE-2010-0194 https://bugzilla.redhat.com/show_bug.cgi?id=581417 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 8%CPEs: 40EXPL: 0

Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, do not properly handle fonts, which allows attackers to execute arbitrary code via unspecified vectors. Adobe Reader y Acrobat v9.x anterior v9.3.2, y v8.x anterior v8.2.2 en Windows y Mac OS X, no maneja adecuadamente fuentes, lo que permite a atacantes ejecutar código de su elección a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe's Acrobat Reader. User interaction is required in that the victim must be coerced into opening a malicious document or visiting a malicious URL. The specific flaw exists within the parsing of embedded fonts inside a PDF document. Upon parsing particular tables out of a font file the application will miscalculate an index used for seeking into a buffer. • http://www.adobe.com/support/security/bulletins/apsb10-09.html http://www.securityfocus.com/bid/39329 http://www.us-cert.gov/cas/techalerts/TA10-103C.html http://www.vupen.com/english/advisories/2010/0873 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7420 https://access.redhat.com/security/cve/CVE-2010-0195 https://bugzilla.redhat.com/show_bug.cgi?id=581417 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 2%CPEs: 16EXPL: 0

Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document, which makes it easier for remote attackers to trick users into executing arbitrary code via a crafted document. Adobe Reader v8.x y v9.x para Windows puede ejecutar ficheros EXE que estén incrustado en un documento PDF, esto facilita a los atacantes remotos engañar a los usuarios para que ejecuten código de su elección mediante un fichero manipulado. • http://lists.immunitysec.com/pipermail/dailydave/2010-April/006072.html http://lists.immunitysec.com/pipermail/dailydave/2010-April/006074.html http://www.metasploit.com/redmine/projects/framework/repository/revisions/8379/changes/modules/exploits/windows/fileformat/adobe_pdf_embedded_exe.rb https://exchange.xforce.ibmcloud.com/vulnerabilities/57994 https://forum.immunityinc.com/board/thread/1199/exploiting-pdf-files-without-vulnerabili/?page=1#post-1199 https://oval.cisecurity.org/repository/search/definition/oval% • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 7%CPEs: 20EXPL: 1

Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005. El desbordamiento de búfer en la región heap de la memoria en el sistema de administración de la pila personalizado en Reader y Acrobat versiones 9.x anteriores a 9.3.2, y versiones 8.x anteriores a 8.2.2 de Adobe en Windows y Mac OS X, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) por medio de un documento PDF especialmente diseñado, también se conoce como FG-VD-10-005. • http://blog.fortinet.com/the-upcoming-blackhat-europe-2010-presentation http://lists.immunitysec.com/pipermail/dailydave/2010-April/006077.html http://www.adobe.com/support/security/bulletins/apsb10-09.html http://www.blackhat.com/html/bh-eu-10/bh-eu-10-briefings.html#Li http://www.securityfocus.com/bid/39227 http://www.securityfocus.com/bid/39329 http://www.us-cert.gov/cas/techalerts/TA10-103C.html http://www.vupen.com/english/advisories/2010/0873 http://www.youtube.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 27%CPEs: 16EXPL: 4

Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad no específica en Adobe Reader y Acrobat v8.x anteriores a v8.2.1 y v9.x anteriores v9.3.1, permite a atacantes provocar una denegación de servicio (caidas de aplicación) o posiblemente ejecutar código de su elección a través de vectores no especificados. Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code. • https://www.exploit-db.com/exploits/21869 https://www.exploit-db.com/exploits/21868 https://www.exploit-db.com/exploits/16670 https://www.exploit-db.com/exploits/11787 http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://secunia.com/advisories/38639 http://secunia.com/advisories/38915 http://securitytracker.com/id?1023601 http://www.adobe.com/support/security/bulletins/apsb10-07.html http://www.redhat.com/support/errata/RHSA-2010-0114.html http: • CWE-94: Improper Control of Generation of Code ('Code Injection') •