CVSS: 9.3EPSS: 32%CPEs: 83EXPL: 0CVE-2009-0889 – acroread: multiple security fixes in version 8.1.6 (APSB09-07)
https://notcve.org/view.php?id=CVE-2009-0889
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, and CVE-2009-0888. Desbordamiento de búfer basado en memoria dinámica (heap) en el filtro JBIG2 en adobe acrobat 7 reader 7 anterior a v7.1.3, Adobe Reader 8 y Acrobat 8 anterior a v8.1.6, y Adobe Reader 9 y Acrobat 9 anterior v9.1.2, permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. Vulnerabilidad distinta de CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, y CVE-2009-0888. • http://secunia.com/advisories/34580 http://secunia.com/advisories/35496 http://secunia.com/advisories/35734 http://security.gentoo.org/glsa/glsa-200907-06.xml http://securitytracker.com/id?1022361 http://www.adobe.com/support/security/bulletins/apsb09-07.html http://www.redhat.com/support/errata/RHSA-2009-1109.html http://www.securityfocus.com/bid/35274 http://www.us-cert.gov/cas/techalerts/TA09-161A.html http://www.vupen.com/english/advisories/2009/1547 https://ac • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 43%CPEs: 83EXPL: 0CVE-2009-1858 – acroread: multiple security fixes in version 8.1.6 (APSB09-07)
https://notcve.org/view.php?id=CVE-2009-1858
The JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors that trigger memory corruption. El filtro JBIG2 en Adobe Reader v7 y Acrobat v7 anterior a v7.1.3, Adobe Reader v8 y Acrobat 8 anterior a v8.1.6, y Adobe Reader v9 y Acrobat 9 anterior a v9.1.2, permitiría a atacantes remotos ejecutar código arbitrario a través de vectores inespecíficos que inician la corrupción de la memoria. • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/34580 http://secunia.com/advisories/35496 http://secunia.com/advisories/35655 http://secunia.com/advisories/35685 http://secunia.com/advisories/35734 http://security.gentoo.org/glsa/glsa-200907-06.xml http://securitytracker.com/id?1022361 http://www.adobe.com/support/security/bulletins/apsb09-07.html http:&# • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 19%CPEs: 83EXPL: 0CVE-2009-1861 – acroread: multiple security fixes in version 8.1.6 (APSB09-07)
https://notcve.org/view.php?id=CVE-2009-1861
Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file with a JPX (aka JPEG2000) stream that triggers heap memory corruption. Múltiples desbordamientos de búfer basados en memoria dinámica en Adobe Reader v7 y Acrobat v7 anteriores a v7.1.3, Adobe Reader v8 y Acrobat v8 anteriores a v8.1.6, y Adobe Reader v9 y Acrobat v9 anteriores a v9.1.2, podría permitir a atacantes remotos ejecutar código arbitrario o producir una denegación de servicio (caída de aplicación) a través de un fichero PDF con un stream JPX (también conocido como JPEG2000) que inicia la corrupción de la memoria dinámica. • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/34580 http://secunia.com/advisories/35496 http://secunia.com/advisories/35655 http://secunia.com/advisories/35685 http://secunia.com/advisories/35734 http://security.gentoo.org/glsa/glsa-200907-06.xml http://securitytracker.com/id?1022361 http://www.adobe.com/support/security/bulletins/apsb09-07.html http:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 55%CPEs: 83EXPL: 0CVE-2009-1855 – Adobe Reader U3D RHAdobeMeta Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-1855
Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via a PDF file containing a malformed U3D model file with a crafted extension block. Un desbordamiento de búfer en la región stack de la memoria en Reader versión 7 y Acrobat versiones 7 anteriores a 7.1.3 de Adobe, Reader versión 8 y Acrobat versiones 8 anteriores a 8.1.6 y Reader versión 9 y Acrobat versiones 9 anteriores a 9.1.2 de Adobe, podría permitir a los atacantes ejecutar código arbitrario por medio de un archivo PDF que contiene un archivo de modelo U3D malformado con un bloque de extensión diseñado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious web address or open a malicious file. The specific flaw exists when parsing malformed U3D model files contained in a PDF. When a specially crafted extension block of a model is processed, insufficient bounds checking is done before a call to wcsncpy(). • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/34580 http://secunia.com/advisories/35496 http://secunia.com/advisories/35655 http://secunia.com/advisories/35685 http://secunia.com/advisories/35734 http://security.gentoo.org/glsa/glsa-200907-06.xml http://securitytracker.com/id?1022361 http://www.adobe.com/support/security/bulletins/apsb09-07.html http:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2009-1599
https://notcve.org/view.php?id=CVE-2009-1599
Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content." Opera ejecuta llamadas a DOM en respuesta a un "javascript: URI" en el atributo target de un elemento submit en un formulario contenido en un fichero PDF, lo que podría permitir a atacantes remotos eludir las restricciones JavaScript al acceder al objeto de documento, como lo demuestran un sitio web que permite subir archivos PDF por usuarios no confiables, y por lo tanto disponer de un document.domain compartido entre el sitio web y este "javascript: URI". NOTA: El investigador informa de que la posición de Adobe es "un archivo PDF es contenido activo". • http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf http://www.securityfocus.com/archive/1/503183/100/0/threaded • CWE-264: Permissions, Privileges, and Access Controls •