CVE-2016-1039 – Adobe Acrobat Reader DC CBSharedReviewCloseDialog Javascript API Restrictions Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2016-1039
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062, and CVE-2016-1117. Adobe Reader y Acrobat en versiones anteriores a 11.0.16, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 15.006.30172 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 15.016.20039 sobre Windows y OS X permiten a atacantes eludir restricciones de ejecución de la API JavaScript a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-1038, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062 y CVE-2016-1117. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CBSharedReviewCloseDialog method. By creating a specially crafted PDF with specific Javascript instructions, it is possible to bypass the Javascript API restrictions. • http://www.securityfocus.com/bid/90517 http://www.securitytracker.com/id/1035828 http://www.zerodayinitiative.com/advisories/ZDI-16-290 https://helpx.adobe.com/security/products/acrobat/apsb16-14.html • CWE-284: Improper Access Control •
CVE-2016-1041 – Adobe Acrobat Reader DC ANAuthenticateResource Javascript API Restrictions Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2016-1041
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062, and CVE-2016-1117. Adobe Reader y Acrobat en versiones anteriores a 11.0.16, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 15.006.30172 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 15.016.20039 sobre Windows y OS X permiten a atacantes eludir restricciones de ejecución de la API JavaScript a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062 y CVE-2016-1117. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ANAuthenticateResource method. By creating a specially crafted PDF with specific Javascript instructions, it is possible to bypass the Javascript API restrictions. • http://www.securityfocus.com/bid/90517 http://www.securitytracker.com/id/1035828 http://www.zerodayinitiative.com/advisories/ZDI-16-288 https://helpx.adobe.com/security/products/acrobat/apsb16-14.html • CWE-284: Improper Access Control •
CVE-2016-1065 – Adobe Acrobat Pro DC FileAttachment point Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1065
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107. Vulnerabilidad de uso después de liberación de memoria en Adobe Reader y Acrobat en versiones anteriores a 11.0.16, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 15.006.30172 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 15.016.20039 sobre Windows y OS X permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102 y CVE-2016-4107. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the handling of FileAttachment annotations. By setting the point attribute to a specific array, an attacker can force a dangling pointer to be reused after it has been freed. • http://www.securityfocus.com/bid/90512 http://www.securitytracker.com/id/1035828 http://www.zerodayinitiative.com/advisories/ZDI-16-312 https://helpx.adobe.com/security/products/acrobat/apsb16-14.html •
CVE-2013-1376 – acroread: multiple code execution flaws (APSB13-02)
https://notcve.org/view.php?id=CVE-2013-1376
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0612, CVE-2013-0615, CVE-2013-0617, and CVE-2013-0621. Desbordamiento de búfer en Adobe Reader y Acrobat 9.x anterior a la versión 9.5.3, 10.x anterior a 10.1.5, y 11.x anterior a la versión 11.0.1 permite a atacantes remotos ejecutar código arbitrario a través de vectores sin especificar, una vulnerabilidad diferente a CVE-2013-0606, CVE-2013-0612, CVE-2013-0615, CVE-2013-0617, y CVE-2013-0621. • http://www.adobe.com/support/security/bulletins/apsb13-02.html https://access.redhat.com/security/cve/CVE-2013-1376 https://bugzilla.redhat.com/show_bug.cgi?id=893235 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-3342
https://notcve.org/view.php?id=CVE-2013-3342
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 do not properly handle operating-system domain blacklists, which has unspecified impact and attack vectors. Adobe Reader y Acrobat v9.x antes de v9.5.5, v10.x antes de v10.1.7 y v11.x antes de v11.0.03 no maneja adecuadamente las listas negras de dominio del sistema operativo, lo cual tiene un impacto no especificado y vectores de ataque. • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html http://security.gentoo.org/glsa/glsa-201308-03.xml http://www.adobe.com/support/security/bulletins/apsb13-15.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16063 • CWE-20: Improper Input Validation •