Page 110 of 550 results (0.015 seconds)

CVSS: 9.3EPSS: 55%CPEs: 83EXPL: 0

Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via a PDF file containing a malformed U3D model file with a crafted extension block. Un desbordamiento de búfer en la región stack de la memoria en Reader versión 7 y Acrobat versiones 7 anteriores a 7.1.3 de Adobe, Reader versión 8 y Acrobat versiones 8 anteriores a 8.1.6 y Reader versión 9 y Acrobat versiones 9 anteriores a 9.1.2 de Adobe, podría permitir a los atacantes ejecutar código arbitrario por medio de un archivo PDF que contiene un archivo de modelo U3D malformado con un bloque de extensión diseñado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious web address or open a malicious file. The specific flaw exists when parsing malformed U3D model files contained in a PDF. When a specially crafted extension block of a model is processed, insufficient bounds checking is done before a call to wcsncpy(). • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/34580 http://secunia.com/advisories/35496 http://secunia.com/advisories/35655 http://secunia.com/advisories/35685 http://secunia.com/advisories/35734 http://security.gentoo.org/glsa/glsa-200907-06.xml http://securitytracker.com/id?1022361 http://www.adobe.com/support/security/bulletins/apsb09-07.html http:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 96%CPEs: 6EXPL: 3

The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments. El método getAnnots Doc en la API de JavaScript en Adobe Reader y Acrobat v9.1, v8.1.4, v7.1.1 y anteriores permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o ejecutar código arbitrario a través de un archivo PDF que contiene una anotación, y tiene una entrada OpenAction con el código JavaScript que llama a este método con argumentos enteros elaborados. • https://www.exploit-db.com/exploits/8569 http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://osvdb.org/54130 http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt& • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 12%CPEs: 70EXPL: 0

Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061. Adobe Acrobat Reader versión 9 anterior a 9.1, versión 8 anterior a 8.1.4 y versión 7 anterior a 7.1.1 podría permitir a los atacantes remotos desencadenar una corrupción de memoria y posiblemente ejecutar código arbitrario por medio de vectores de ataque desconocidos relacionados con JBIG2, una vulnerabilidad diferente a las CVE-2009-0193 y CVE-2009-1061. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://secunia.com/advisories/34392 http://secunia.com/advisories/34490 http://secunia.com/advisories/34706 http://secunia.com/advisories/34790 http://security.gentoo.org/glsa/glsa-200904-17.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1 http://www.adobe.com/support/security/bulletins/apsb09-04.html http://w • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 56%CPEs: 99EXPL: 0

Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat Professional 7.1.0, 8.1.3, 9.0.0, and other versions allows remote attackers to execute arbitrary code via a PDF file containing a JBIG2 stream with a size inconsistency related to an unspecified table. Desbordamiento de búfer basado en montículo en Adobe Acrobat Reader y Acrobat Professional v7.1.0, v8.1.3, v9.0.0 y otras versiones, permite a atacantes remotos ejecutar código de su elección a través de un archivo PDF que contiene una cadena JBIG2 con un tamaño inconsistente relacionado con una tabla sin especificar. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=776 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://secunia.com/advisories/34392 http://secunia.com/advisories/34490 http://secunia.com/advisories/34706 http://secunia.com/advisories/34790 http://security.gentoo.org/glsa/glsa-200904-17.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 97%CPEs: 6EXPL: 4

Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E. Un desbordamiento del búfer en Adobe Reader versión 9.0 y anteriores, y Acrobat versión 9.0 y anteriores, permite a los atacantes remotos ejecutar código arbitrario por medio de un documento PDF creado, relacionado con una llamada a una función que no sea JavaScript y posiblemente una secuencia de imágenes del componente JBIG2 incrustada, tal como se explotó “in the wild” en febrero de 2009 por Trojan.Pidief.E. • https://www.exploit-db.com/exploits/8099 https://www.exploit-db.com/exploits/16593 https://www.exploit-db.com/exploits/16672 http://isc.sans.org/diary.html?n&storyid=5902 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://osvdb.org/52073 http://secunia.com/advisories/33901 http://secunia.com/advisories/34392 http://secunia.com/advisories/34490 http://secunia.com/ad • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •