CVSS: 9.3EPSS: 91%CPEs: 3EXPL: 1CVE-2010-2862 – Acrobat Acrobat - Font Parsing Integer Overflow
https://notcve.org/view.php?id=CVE-2010-2862
Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table. Desbordamiento de entero en CoolType.dll de Adobe Reader v8.2.3 y v9.3.3, y Acrobat v9.3.3, permite a atacantes remotos ejecutar código a su elección a través de fuentes TrueType con un valor maxCompositePoints grande en una tabla Maximum Profile (maxp). • https://www.exploit-db.com/exploits/14642 http://secunia.com/advisories/40766 http://securityevaluators.com/files/papers/CrashAnalysis.pdf http://www.us-cert.gov/cas/techalerts/TA10-231A.html http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693 https://access.redhat.com/security/cve/CVE-2010-2862 https://bugzilla.redhat.com/show_bug.cgi?i • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 1%CPEs: 48EXPL: 0CVE-2010-2208 – acroread: multiple code execution flaws (APSB10-15)
https://notcve.org/view.php?id=CVE-2010-2208
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object's deletion, which allows attackers to execute arbitrary code via unspecified vectors. Adobe Reader y Acrobat v9.x anteriores a v9.3.3, y v8.x anteriores a v8.2.3 en Windows y Mac OS X, desreferencia a un objeto del montón después de que este objeto es eliminado, lo cual permite a atacantes ejecutar código arbitrario mediante vectores desconocidos • http://www.adobe.com/support/security/bulletins/apsb10-15.html http://www.securityfocus.com/bid/41244 http://www.securitytracker.com/id?1024159 http://www.vupen.com/english/advisories/2010/1636 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7188 https://access.redhat.com/security/cve/CVE-2010-2208 https://bugzilla.redhat.com/show_bug.cgi?id=609203 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 1%CPEs: 48EXPL: 0CVE-2010-2205 – acroread: multiple code execution flaws (APSB10-15)
https://notcve.org/view.php?id=CVE-2010-2205
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, access uninitialized memory, which allows attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad en Adobe Reader y Acrobat v9.x anteriores a v9.3.3, y v8.x anteriores a v8.2.3 en Windows y Mac OS X, acceso a memoria no inicializada permite a atacantes ejecutar código arbitrario mediante vectores desconocidos • http://www.adobe.com/support/security/bulletins/apsb10-15.html http://www.securitytracker.com/id?1024159 http://www.vupen.com/english/advisories/2010/1636 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7070 https://access.redhat.com/security/cve/CVE-2010-2205 https://bugzilla.redhat.com/show_bug.cgi?id=609203 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 2%CPEs: 48EXPL: 1CVE-2010-2201 – Adobe Acrobat and Reader - 'pushstring' Memory Corruption
https://notcve.org/view.php?id=CVE-2010-2201
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content involving the (1) pushstring (0x2C) operator, (2) debugfile (0xF1) operator, and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2168. Adobe Reader y Acrobat versión 9.x anterior a 9.3.3 y versión 8.x anterior a 8.2.3 en Windows y Mac OS X, permiten a los atacantes ejecutar código arbitrario por medio de un archivo PDF con contenido Flash creado que involucra (1) el operador pushstring (0x2C), (2) el operador debugfile (0xF1) y un "invalid pointer vulnerability" que desencadena corrupción de memoria, esta es una vulnerabilidad diferente a los CVE-2010-1285 y CVE-2010-2168. • https://www.exploit-db.com/exploits/14982 http://www.adobe.com/support/security/bulletins/apsb10-15.html http://www.securityfocus.com/archive/1/512098 http://www.securityfocus.com/bid/41237 http://www.securitytracker.com/id?1024159 http://www.vupen.com/english/advisories/2010/1636 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6854 https://access.redhat.com/security/cve/CVE-2010-2201 https://bugzilla.redhat.com/show_bug.cgi?id=609203 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 5%CPEs: 48EXPL: 0CVE-2010-1285 – acroread: multiple code execution flaws (APSB10-15)
https://notcve.org/view.php?id=CVE-2010-1285
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified manipulations involving the newclass (0x58) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-2168 and CVE-2010-2201. Adobe Reader y Acrobat versión 9.x anterior a 9.3.3 y versión 8.x anterior a 8.2.3 en Windows y Mac OS X, permiten a los atacantes ejecutar código arbitrario por medio de manipulaciones no especificadas que involucre el operador newclass (0x58) y una "invalid pointer vulnerability" que desencadena corrupción de memoria, esta es una vulnerabilidad diferente a los CVE-2010-2168 y CVE-2010-2201. • http://www.adobe.com/support/security/bulletins/apsb10-15.html http://www.securityfocus.com/archive/1/512099 http://www.securityfocus.com/bid/41232 http://www.securitytracker.com/id?1024159 http://www.vupen.com/english/advisories/2010/1636 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6725 https://access.redhat.com/security/cve/CVE-2010-1285 https://bugzilla.redhat.com/show_bug.cgi?id=609203 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •