CVSS: 9.3EPSS: 97%CPEs: 64EXPL: 5CVE-2008-2992 – Adobe Reader and Acrobat Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2008-2992
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104. Un desbordamiento de búfer en la región stack de la memoria en Adobe Acrobat y Reader versión 8.1.2 y anteriores, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo PDF que llama a la función JavaScript util.printf con un argumento de cadena de formato creado, un problema relacionado con el CVE-2008-1104. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of embedded Javascript code when opening a PDF. Adobe Acrobat has defined it's own set of Javascript functions that can be used in a PDF file. • https://www.exploit-db.com/exploits/16504 https://www.exploit-db.com/exploits/16624 https://www.exploit-db.com/exploits/6994 https://www.exploit-db.com/exploits/7006 http://download.oracle.com/sunalerts/1019937.1.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://osvdb.org/49520 http://secunia.com/advisories/29773 http://secunia.com/advisories/32700 http://secunia.com/advisories/32872 http://secunia.com/advisories/35163 http://sec • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 2%CPEs: 76EXPL: 0CVE-2008-2042
https://notcve.org/view.php?id=CVE-2008-2042
The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function. La API de JavaScript en Adobe Acrobat Professional versiones 7.0.9 y posiblemente 8.1.1 se expone a un método peligroso, el cual permite a atacantes remotos (1) ejecutar comandos de arbitrarios o (2) provocar un desbordamiento de búfer a través de un fcihero PDF manipulado que invoca un app.checkForUpdate con una función de llamada mal intencionada. • http://secunia.com/advisories/30840 http://securityreason.com/securityalert/3861 http://securitytracker.com/id?1019971 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1 http://www.adobe.com/support/security/bulletins/apsb08-13.html http://www.securityfocus.com/archive/1/491735/100/0/threaded http://www.vupen.com/english/advisories/2008/1966/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42237 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 48%CPEs: 54EXPL: 0CVE-2006-5857
https://notcve.org/view.php?id=CVE-2006-5857
Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering. Adobe Reader y Acrobat 7.0.8 y anteriores permite a atacantes remotos con la intervención del usuario ejecutar código mediante un archivo PDF manipulado que dispara una corrupción de memoria y sobrescribe un puntero de subrutina durante el dibujado. • http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0200.html http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html http://osvdb.org/31316 http://secunia.com/advisories/23666 http://secunia.com/advisories/23691 http://secunia.com/advisories/23812 http://secunia.com/advisories/23877 http://secunia.com/advisories/23882 http://secunia.com/advisories/24533 http://security.gentoo.org/glsa/glsa-200701-16.xml http://securitytracker.com/id?1017491 http:/ • CWE-399: Resource Management Errors •
CVSS: 4.6EPSS: 0%CPEs: 28EXPL: 0CVE-2006-3452
https://notcve.org/view.php?id=CVE-2006-3452
Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure file and directory permissions, which allows local users to gain privileges by overwriting program files. Adobe Reader y Acrobat 6.0.4 y anteriores en Mac OSX, tiene un archivo y permisos de directorio inseguros, lo que permite a usuarios locales obtener privilegios sobrescribiendo archivos de programa. • http://secunia.com/advisories/21016 http://securitytracker.com/id?1016473 http://www.adobe.com/support/security/bulletins/apsb06-08.html http://www.osvdb.org/27157 http://www.securityfocus.com/bid/18945 http://www.vupen.com/english/advisories/2006/2758 https://exchange.xforce.ibmcloud.com/vulnerabilities/27678 •
CVSS: 6.8EPSS: 1%CPEs: 22EXPL: 0CVE-2006-3093
https://notcve.org/view.php?id=CVE-2006-3093
Multiple unspecified vulnerabilities in Adobe Acrobat Reader (acroread) before 7.0.8 have unknown impact and unknown vectors. Múltiples vulnerabilidades no especificadas en Adobe Acrobat Reader (acroread) anterior a v7.0.8 tienen un impacto desconocido y vectores desconocidos. • http://secunia.com/advisories/20576 http://secunia.com/advisories/20925 http://secunia.com/advisories/20960 http://securitytracker.com/id?1016314 http://www.adobe.com/support/techdocs/327817.html http://www.novell.com/linux/security/advisories/2006_16_sr.html http://www.novell.com/linux/security/advisories/2006_41_acroread.html http://www.osvdb.org/26535 http://www.osvdb.org/26536 http://www.securityfocus.com/bid/18445 https://exchange.xforce.ibmcloud.com/vulnerabilities/31 •