CVSS: 9.3EPSS: 12%CPEs: 70EXPL: 0CVE-2009-1062 – acroread: multiple JBIG2-related security flaws
https://notcve.org/view.php?id=CVE-2009-1062
Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061. Adobe Acrobat Reader versión 9 anterior a 9.1, versión 8 anterior a 8.1.4 y versión 7 anterior a 7.1.1 podría permitir a los atacantes remotos desencadenar una corrupción de memoria y posiblemente ejecutar código arbitrario por medio de vectores de ataque desconocidos relacionados con JBIG2, una vulnerabilidad diferente a las CVE-2009-0193 y CVE-2009-1061. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://secunia.com/advisories/34392 http://secunia.com/advisories/34490 http://secunia.com/advisories/34706 http://secunia.com/advisories/34790 http://security.gentoo.org/glsa/glsa-200904-17.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1 http://www.adobe.com/support/security/bulletins/apsb09-04.html http://w • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 6%CPEs: 2EXPL: 0CVE-2009-0836
https://notcve.org/view.php?id=CVE-2009-0836
Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which allows remote attackers to execute arbitrary programs and have unspecified other impact via a crafted file, as demonstrated by the "Open/Execute a file" action. Foxit Reader v2.3 anterior a Build 3902 y v3.0 anterior a Build 1506, incluidas la 1120 y 1301, no requiere la confirmación del usuario antes de realizar acciones peligrosas en un fichero PDF, lo que permite a atacantes remotos ejecutar programas de manera arbitraria y pudiendo producir un impacto sin especificar a través de un fichero manipulado, como se ha demostrado en la acción "Abrir/Ejecutar fichero". • http://blog.zoller.lu/2009/03/remote-code-execution-in-pdf-still.html http://lists.immunitysec.com/pipermail/dailydave/2010-April/006079.html http://secunia.com/advisories/34036 http://www.coresecurity.com/content/foxit-reader-vulnerabilities http://www.foxitsoftware.com/pdf/reader/security.htm#bypass http://www.securityfocus.com/archive/1/501623/100/0/threaded http://www.securityfocus.com/bid/34035 http://www.securitytracker.com/id?1021824 http://www.vupen.com/english/advisories/2009&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 4%CPEs: 1EXPL: 2CVE-2008-1942
https://notcve.org/view.php?id=CVE-2008-1942
Foxit Reader 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with (1) a malformed ExtGState resource containing a /Font resource, or (2) an XObject resource with a Rotate setting, which triggers memory corruption. NOTE: this is probably a different vulnerability than CVE-2007-2186. El Foxit Reader 2.2 permite a los atacantes remotos causar una denegación de servicio (caida) y posiblemente la ejecución de código arbitrario mediante un fichero PDF con (1) un recurso ExtGState mal construido conteniendo un recurso /Font o (2) un recurso XObject con configuración Rotate, con iniciadores de corrupción de memoria. NOTA: esta es, probablemente, una vulnerabilidad distinta a CVE-2007-2186 • http://secunia.com/advisories/29934 http://www.securityfocus.com/bid/28890 http://www.vallejo.cc/proyectos/foxitreader1.htm http://www.vallejo.cc/proyectos/foxitreader2.htm http://www.vupen.com/english/advisories/2008/1327/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41972 https://exchange.xforce.ibmcloud.com/vulnerabilities/41973 • CWE-20: Improper Input Validation •