CVE-2015-3047
https://notcve.org/view.php?id=CVE-2015-3047
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors. Adobe Reader y Acrobat 10.x anterior a 10.1.14 y 11.x anterior a 11.0.11 en Windows y OS X permiten a atacantes causar una denegación de servicio (referencia a puntero nulo) a través de vectores no especificados. • http://www.securityfocus.com/bid/74601 http://www.securitytracker.com/id/1032284 https://helpx.adobe.com/security/products/reader/apsb15-10.html •
CVE-2015-3066 – Adobe Acrobat Reader SharedReviewDocCenterInitiator onError Javascript API Restrictions Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-3066
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074. Adobe Reader y Acrobat 10.x anterior a 10.1.14 y 11.x anterior a 11.0.11 en Windows y OS X permite a atacantes evadir restricciones intencionadas en la ejecución de la API JavaScript a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073 y CVE-2015-3074. This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SharedReviewDocCenterInitiator onError event. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the JavaScript API restrictions. • http://www.securityfocus.com/bid/74604 http://www.securitytracker.com/id/1032284 http://www.zerodayinitiative.com/advisories/ZDI-15-200 https://helpx.adobe.com/security/products/reader/apsb15-10.html • CWE-284: Improper Access Control •
CVE-2015-3067 – Adobe Acrobat Reader DynamicAnnotStore enumerate Javascript API Restrictions Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-3067
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074. Adobe Reader y Acrobat 10.x anterior a 10.1.14 y 11.x anterior a 11.0.11 en Windows y OS X permite a atacantes evadir restricciones intencionadas en la ejecución de la API JavaScript a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073 y CVE-2015-3074 This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the DynamicAnnotStore enumerate method. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the JavaScript API restrictions. A remote attacker could exploit this vulnerability to execute arbitrary code. • http://www.securityfocus.com/bid/74604 http://www.securitytracker.com/id/1032284 http://www.zerodayinitiative.com/advisories/ZDI-15-201 https://helpx.adobe.com/security/products/reader/apsb15-10.html • CWE-284: Improper Access Control •
CVE-2015-3056 – Adobe Acrobat Reader Line Annotations Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3056
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3057, CVE-2015-3070, and CVE-2015-3076. Adobe Reader y Acrobat 10.x anterior a 10.1.14 y 11.x anterior a 11.0.11 en Windows y OS X permiten a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3057, CVE-2015-3070, y CVE-2015-3076. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Line Annotations. A specially crafted Line Annotation can force Adobe Acrobat Reader to read memory past the end of an allocated object. • http://www.securityfocus.com/bid/74600 http://www.securitytracker.com/id/1032284 http://www.zerodayinitiative.com/advisories/ZDI-15-209 https://helpx.adobe.com/security/products/reader/apsb15-10.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-3057 – Adobe Acrobat Reader Uninitialized Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3057
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3056, CVE-2015-3070, and CVE-2015-3076. Adobe Reader y Acrobat 10.x anterior a 10.1.14 y 11.x anterior a 11.0.11 en Windows y OS X permiten a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3056, CVE-2015-3070, y CVE-2015-3076. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue lies in the failure to properly initialize a variable prior to using it, leading to memory corruption. • http://www.securityfocus.com/bid/74600 http://www.securitytracker.com/id/1032284 http://www.zerodayinitiative.com/advisories/ZDI-15-210 https://helpx.adobe.com/security/products/reader/apsb15-10.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •