CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2009-1599
https://notcve.org/view.php?id=CVE-2009-1599
11 May 2009 — Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is act... • http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2009-1600
https://notcve.org/view.php?id=CVE-2009-1600
11 May 2009 — Apple Safari executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file... • http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 91%CPEs: 6EXPL: 3CVE-2009-1492 – Adobe Reader 8.1.4/9.1 - 'GetAnnots()' Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-1492
30 Apr 2009 — The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments. El método getAnnots Doc en la API de JavaScript en Adobe Reader y Acrobat v9.1, v8.1.4, v7.1.1 y anteriores permite a atacantes remotos provocar una denegación... • https://www.exploit-db.com/exploits/8569 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 34%CPEs: 99EXPL: 0CVE-2009-0928 – acroread: multiple JBIG2-related security flaws
https://notcve.org/view.php?id=CVE-2009-0928
25 Mar 2009 — Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat Professional 7.1.0, 8.1.3, 9.0.0, and other versions allows remote attackers to execute arbitrary code via a PDF file containing a JBIG2 stream with a size inconsistency related to an unspecified table. Desbordamiento de búfer basado en montículo en Adobe Acrobat Reader y Acrobat Professional v7.1.0, v8.1.3, v9.0.0 y otras versiones, permite a atacantes remotos ejecutar código de su elección a través de un archivo PDF que contiene una cadena JBI... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=776 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 21%CPEs: 3EXPL: 0CVE-2009-1061 – acroread: multiple JBIG2-related security flaws
https://notcve.org/view.php?id=CVE-2009-1061
25 Mar 2009 — Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via unknown attack vectors related to JBIG2 and "input validation," a different vulnerability than CVE-2009-0193 and CVE-2009-1062. Vulnerabilidad inespecífica en Adobe Acrobat Reader v9 anteriores a v9.1, v8 anteriores a v8.1.4, y v7 anteriores a v7.1.1 permitiría a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos relacionado... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 10%CPEs: 70EXPL: 0CVE-2009-1062 – acroread: multiple JBIG2-related security flaws
https://notcve.org/view.php?id=CVE-2009-1062
25 Mar 2009 — Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061. Adobe Acrobat Reader versión 9 anterior a 9.1, versión 8 anterior a 8.1.4 y versión 7 anterior a 7.1.1 podría permitir a los atacantes remotos desencadenar una corrupción de memoria y posiblemente ejecutar código arbitrario por medio de ve... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 72%CPEs: 3EXPL: 0CVE-2009-0193 – acroread: multiple JBIG2-related security flaws
https://notcve.org/view.php?id=CVE-2009-0193
25 Mar 2009 — Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a PDF file with a malformed JBIG2 symbol dictionary segment, a different vulnerability than CVE-2009-1061 and CVE-2009-1062. Hay una vulnerabilidad en el desbordamiento del búfer en la región heap de la memoria en el programa de Adobe Acrobat Reader versión 9 anterior a 9.1, versión 8 anterior a 8.1.4, y versión 7 anterior a 7.1.1, permite a los atacantes ... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 97%CPEs: 3EXPL: 5CVE-2009-0927 – Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-0927
19 Mar 2009 — Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658. Vulnerabilidad no especificada en Adobe Reader y Adobe Acrobat v9.1 y v7.1.1 permite a atacantes remotos ejecutar código de su elección mediante vectores desconocidos, en relación con un método JavaScript y validación de entrada, una vulne... • https://www.exploit-db.com/exploits/9579 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 97%CPEs: 6EXPL: 4CVE-2009-0658 – Adobe Acrobat Reader - JBIG2 Local Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-0658
20 Feb 2009 — Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E. Un desbordamiento del búfer en Adobe Reader versión 9.0 y anteriores, y Acrobat versión 9.0 y anteriores, permite a los atacantes remotos ejecutar código arbitrario por medio de un documento PDF creado, rela... • https://www.exploit-db.com/exploits/8099 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2008-5364
https://notcve.org/view.php?id=CVE-2008-5364
08 Dec 2008 — Stack-based buffer overflow in the getPlus ActiveX control in gp.ocx 1.2.2.50 in NOS Microsystems getPlus Download Manager, as used for the Adobe Reader 8.1 installation process and other downloads, allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2008-4817. Desbordamiento de búfer basado en pila en el control ActiveX getPlus en gp.ocx v1.2.2.50 en NOS Microsystems getPlus Download Manager, como el usado por el proceso de instalación de Adobe Reader v8.1 ... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=754 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •