CVSS: 9.3EPSS: 33%CPEs: 8EXPL: 0CVE-2008-4814 – Reader: arbitrary code execution via unspecified JavaScript method
https://notcve.org/view.php?id=CVE-2008-4814
05 Nov 2008 — Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an "input validation issue." Vulnerabilidad no especificada en un método JavaScript en Adobe Reader y Acrobat 8.1.2 y anteriores permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos. Esté relacionado con un "tema de validación de entrada". • http://download.oracle.com/sunalerts/1019937.1.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2008-4815 – Reader: insecure RPATH flaw
https://notcve.org/view.php?id=CVE-2008-4815
05 Nov 2008 — Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH. Vulnerabilidad de ruta de búsqueda no confiable en Adobe Reader y Acrobat 8.1.2 y anteriores en Unix y Linux; permite a los atacantes ganar privilegios mediante un programa troyano en un directorio no especificado que está asociado a una RPATH no segura. • http://download.oracle.com/sunalerts/1019937.1.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2008-4816
https://notcve.org/view.php?id=CVE-2008-4816
05 Nov 2008 — Unspecified vulnerability in the Download Manager in Adobe Reader 8.1.2 and earlier on Windows allows remote attackers to change Internet Security options on a client machine via unknown vectors. Vulnerabilidad no especificada en el Gestor de Descargas de Adobe Reader v8.1.2 y anteriores en Windows; permite a atacantes remotos modificar las opciones de Seguridad de Internet en una máquina cliente a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html •
CVSS: 9.3EPSS: 32%CPEs: 8EXPL: 0CVE-2008-4812 – Reader: embedded font handling out-of-bounds array indexing
https://notcve.org/view.php?id=CVE-2008-4812
05 Nov 2008 — Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts. Error de índice de array en Adobe Reader y Acrobat, y la extensión de Explorer (también conocida como AcroRd32Info), v8.1.2, v8.1.1 y anteriores; permite a atacantes remotos ejecutar código de su elección a través de un documento PDF manipul... • http://download.oracle.com/sunalerts/1019937.1.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 33%CPEs: 9EXPL: 0CVE-2008-4817 – Reader: Download Manager input validation flaw
https://notcve.org/view.php?id=CVE-2008-4817
05 Nov 2008 — The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption. El Gestor de Descargas (Download Manager) de Adobe Acrobat Professional y Reader v8.1.2 y anteriores; permite a atacantes remotos ejecutar código de su elección a través de un documento PDF manipulado que llama a una función AcroJS con un argumento de cadena larga pro... • http://download.oracle.com/sunalerts/1019937.1.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 93%CPEs: 64EXPL: 5CVE-2008-2992 – Adobe Reader and Acrobat Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2008-2992
04 Nov 2008 — Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104. Un desbordamiento de búfer en la región stack de la memoria en Adobe Acrobat y Reader versión 8.1.2 y anteriores, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo PDF que llama a la función JavaScript util.printf con un... • https://www.exploit-db.com/exploits/16504 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 70%CPEs: 8EXPL: 0CVE-2008-4813 – Adobe Acrobat PDF Javascript getCosObj Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-4813
04 Nov 2008 — Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj method; or (2) contains a malformed PDF object that triggers memory corruption during parsing. Adobe Reader y Acrobat v8.1.2 y anteriores; permiten a atacantes remotos ejecutar código de su elección a través de un PDF manipulado que (1) realiza acciones no espec... • http://download.oracle.com/sunalerts/1019937.1.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 36%CPEs: 60EXPL: 0CVE-2008-2641 – acroread: input validation issue in a JavaScript method
https://notcve.org/view.php?id=CVE-2008-2641
25 Jun 2008 — Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method." Vulnerabilidad no especificada en Adobe Reader y Acrobat 7.0.9 y anteriores, y 8.0 hasta 8.1.2, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario ... • http://isc.sans.org/diary.html?storyid=4616 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 32%CPEs: 32EXPL: 1CVE-2008-2549 – Adobe Acrobat Reader 8.1.2 - '.PDF' Remote Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2008-2549
04 Jun 2008 — Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf. Adobe Acrobat Reader 8.1.2 y versiones anteriores, permiten a atacantes remotos provocar una denegación de servicio (caída de aplicación) y posiblemente la ejecución arbitraria de código a través de un documento PDF mal formado, como se ha demostrado por 2008-HI2.pdf. • https://www.exploit-db.com/exploits/5687 •
CVSS: 9.3EPSS: 2%CPEs: 76EXPL: 0CVE-2008-2042
https://notcve.org/view.php?id=CVE-2008-2042
07 May 2008 — The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function. La API de JavaScript en Adobe Acrobat Professional versiones 7.0.9 y posiblemente 8.1.1 se expone a un método peligroso, el cual permite a atacantes remotos (1) ejecutar comandos de arbitrarios o (2) provocar un desbordamiento de ... • http://secunia.com/advisories/30840 • CWE-20: Improper Input Validation •