Page 111 of 558 results (0.008 seconds)

CVSS: 9.3EPSS: 97%CPEs: 64EXPL: 5

Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104. Un desbordamiento de búfer en la región stack de la memoria en Adobe Acrobat y Reader versión 8.1.2 y anteriores, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo PDF que llama a la función JavaScript util.printf con un argumento de cadena de formato creado, un problema relacionado con el CVE-2008-1104. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of embedded Javascript code when opening a PDF. Adobe Acrobat has defined it's own set of Javascript functions that can be used in a PDF file. • https://www.exploit-db.com/exploits/16504 https://www.exploit-db.com/exploits/16624 https://www.exploit-db.com/exploits/6994 https://www.exploit-db.com/exploits/7006 http://download.oracle.com/sunalerts/1019937.1.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://osvdb.org/49520 http://secunia.com/advisories/29773 http://secunia.com/advisories/32700 http://secunia.com/advisories/32872 http://secunia.com/advisories/35163 http://sec • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 34%CPEs: 60EXPL: 0

Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method." Vulnerabilidad no especificada en Adobe Reader y Acrobat 7.0.9 y anteriores, y 8.0 hasta 8.1.2, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores no conocidos, relacionados con un "problema de validación de entrada en un método JavaScript." • http://isc.sans.org/diary.html?storyid=4616 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html http://secunia.com/advisories/30832 http://secunia.com/advisories/31136 http://secunia.com/advisories/31339 http://secunia.com/advisories/31352 http://secunia.com/advisories/31428 http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1 http://www.adobe.com/support/security/bulletins/apsb08-15.html http://www.gentoo.org/security/en/glsa/glsa-200808&# • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 29%CPEs: 32EXPL: 1

Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf. Adobe Acrobat Reader 8.1.2 y versiones anteriores, permiten a atacantes remotos provocar una denegación de servicio (caída de aplicación) y posiblemente la ejecución arbitraria de código a través de un documento PDF mal formado, como se ha demostrado por 2008-HI2.pdf. • https://www.exploit-db.com/exploits/5687 http://download.oracle.com/sunalerts/1019937.1.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://secunia.com/advisories/32700 http://secunia.com/advisories/32872 http://secunia.com/advisories/35163 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609 http://www.adobe.com/support/security/bulletins/apsb08-19.html http://www. •

CVSS: 9.3EPSS: 2%CPEs: 76EXPL: 0

The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function. La API de JavaScript en Adobe Acrobat Professional versiones 7.0.9 y posiblemente 8.1.1 se expone a un método peligroso, el cual permite a atacantes remotos (1) ejecutar comandos de arbitrarios o (2) provocar un desbordamiento de búfer a través de un fcihero PDF manipulado que invoca un app.checkForUpdate con una función de llamada mal intencionada. • http://secunia.com/advisories/30840 http://securityreason.com/securityalert/3861 http://securitytracker.com/id?1019971 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1 http://www.adobe.com/support/security/bulletins/apsb08-13.html http://www.securityfocus.com/archive/1/491735/100/0/threaded http://www.vupen.com/english/advisories/2008/1966/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42237 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 92%CPEs: 36EXPL: 2

Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding." Adobe Acrobat Reader Plugin anterior a la versión 8.0.0 para los navegadores Firefox, Internet Explorer y Opera permite a atacantes remotos forzar al navegador a realizar una petición no autorizada a otros sitios web a través de una mediante una URL en los parámetros de petición (1) FDF, (2) xml y (3) xfdf AJAX, seguidos del carácter # (almohadilla), también conocido como "Universal CSRF and session riding". • https://www.exploit-db.com/exploits/29383 http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html http://secunia.com/advisories/23812 http://secunia.com/advisories/23882 http://secunia.com/advisories/29065 http://security.gentoo.org/glsa/glsa-200701-16.xml http://securityreason.com/securityalert/2090 http://securitytracker.com/id?1017469 http://www.redhat.com/support/errata/RHSA-2008- • CWE-352: Cross-Site Request Forgery (CSRF) •