CVSS: 10.0EPSS: 43%CPEs: 28EXPL: 0CVE-2010-1278 – Adobe Download Manager Atlcom.get_atlcom ActiveX Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1278
Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in Adobe Download Manager, as used in Adobe Reader and Acrobat 8.x before 8.2 and 9.x before 9.3, allows remote attackers to execute arbitrary code via unspecified parameters. Desbordamiento de búfer en el control ActiveX Atlcom.get_atlcom de gp.ocx de Adobe Download Manager, como el que se utiliza en Adobe Reader y Acrobat v8.x anterior a 8.2 y v9.x anterior a 9.3, permite a atacantes remotos ejecutar código de su elección mediante parámetros no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Download Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the gp.ocx ActiveX control. This control has a CLSID of {E2883E8F-472F-4fb0-9522-AC9BF37916A7} and the ProgID Atlcom.get_atlcom. • http://www.adobe.com/support/security/bulletins/apsb10-02.html http://www.securityfocus.com/archive/1/510868/100/0/threaded http://www.securitytracker.com/id?1023908 http://www.zerodayinitiative.com/advisories/ZDI-10-077 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7500 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 97%CPEs: 78EXPL: 2CVE-2009-3459 – Adobe - FlateDecode Stream Predictor 02 Integer Overflow
https://notcve.org/view.php?id=CVE-2009-3459
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information. Un Desbordamiento de búfer en la región heap de la memoria en Adobe Reader y Acrobat versión 7.x anterior a versión 7.1.4, versión 8.x anterior a 8.1.7, y versión 9.x anterior a 9.2, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo PDF creado que desencadena la corrupción de memoria, tal y como fue explotado "in the wild" en octubre de 2009. NOTA: algunos de estos detalles se obtienen de información de terceros. • https://www.exploit-db.com/exploits/16546 https://www.exploit-db.com/exploits/16652 http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html http://isc.sans.org/diary.html?storyid=7300 http://secunia.com/advisories/36983 http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.iss.net/threats/348.html http://www.securityfocus.com/bid/36600 http://www.us-cert.gov/cas/techalerts/TA09-286B.ht • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 90%CPEs: 3EXPL: 3CVE-2009-1493 – Adobe 8.1.4/9.1 - 'customDictionaryOpen()' Code Execution
https://notcve.org/view.php?id=CVE-2009-1493
The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument. El método spell customDictionaryOpen en la API de JavaScript en Adobe Reader v8.1.4 y v9.1 de Linux permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o ejecutar código arbitrario a través de un archivo PDF que activa una llamada a este método con una larga cadena de en el segundo argumento. • https://www.exploit-db.com/exploits/8570 http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://osvdb.org/54129 http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt http://secunia.com/advisories/34924 http://secunia.com/advisories/35055&# • CWE-399: Resource Management Errors •