CVSS: 10.0EPSS: 2%CPEs: 102EXPL: 0CVE-2009-3954 – acroread: multiple code execution flaws (APSB10-02)
https://notcve.org/view.php?id=CVE-2009-3954
The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability." La implementación 3D en Adobe Reader y Acrobat v9.x anterior a v9.3, y v8.x anterior a v8.2 sobre Windows y Mac OS X, podría permitir a atacantes ejecutar código de su elección a través de vectores no especificados, relacionados con un "vulnerabilidad de carga DLL". • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://secunia.com/advisories/38138 http://secunia.com/advisories/38215 http://www.adobe.com/support/security/bulletins/apsb10-02.html http://www.redhat.com/support/errata/RHSA-2010-0060.html http://www.securityfocus.com/bid/37761 http://www.securitytracker.com/id?1023446 http://www.us-cert.gov/cas/techalerts/TA10-013A.html http://www.vupen.com/english/advisories/2010/0103 https://bugzilla.redhat.com&# • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 58%CPEs: 102EXPL: 0CVE-2009-3959 – acroread: multiple code execution flaws (APSB10-02)
https://notcve.org/view.php?id=CVE-2009-3959
Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document. Desbordamiento de entero en la implementación U3D en Adobe Reader y Acrobat v9.x anterior a v9.3, y 8.x anterior a v8.2, sobre Windows y Mac OS X, podría permitir a atacantes ejecutar código de su elección a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://secunia.com/advisories/38138 http://secunia.com/advisories/38215 http://www.adobe.com/support/security/bulletins/apsb10-02.html http://www.redhat.com/support/errata/RHSA-2010-0060.html http://www.securityfocus.com/archive/1/508949 http://www.securityfocus.com/bid/37756 http://www.securitytracker.com/id?1023446 http://www.us-cert.gov/cas/techalerts/TA10-013A.html http://www.vupen.com/english/ • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 1%CPEs: 102EXPL: 0CVE-2009-3957
https://notcve.org/view.php?id=CVE-2009-3957
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors. Adobe Reader y Acrobat v9.x anterior a v9.3, y 8.x anterior a v8.2, sobre Windows y Mac OS X, podría permitir a atacantes provocar una denegación de servicio (deferencia a puntero NULL) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://www.adobe.com/support/security/bulletins/apsb10-02.html http://www.securityfocus.com/bid/37760 http://www.securitytracker.com/id?1023446 http://www.us-cert.gov/cas/techalerts/TA10-013A.html http://www.vupen.com/english/advisories/2010/0103 https://exchange.xforce.ibmcloud.com/vulnerabilities/55555 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7975 •
CVSS: 10.0EPSS: 89%CPEs: 102EXPL: 1CVE-2009-3958 – Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Execution
https://notcve.org/view.php?id=CVE-2009-3958
Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters. Desbordamiento de búfer en el Download Manager en Adobe Reader y Acrobat v9.x anterior a v9.3, y 8.x anterior a v8.2, sobre Windows y Mac OS X, podría permitir a atacantes ejecutar código de su elección a través de vectores no especificados. • https://www.exploit-db.com/exploits/11172 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://www.adobe.com/support/security/bulletins/apsb10-02.html http://www.kb.cert.org/vuls/id/773545 http://www.securityfocus.com/bid/37759 http://www.securitytracker.com/id?1023446 http://www.us-cert.gov/cas/techalerts/TA10-013A.html http://www.vupen.com/english/advisories/2010/0103 https://exchange.xforce.ibmcloud.com/vulnerabilities/55556 https://oval.ci • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 96%CPEs: 10EXPL: 1CVE-2009-3953 – Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-3953
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994. La implementación U3D en Adobe Reader y Acrobat v9.x anterior a v9.3, y v8.x anterior a v8.2 sobre Windows y Mac OS X, podría permitir a atacantes ejecutar código de su elección a través de vectores no especificados, relacionados con una "cuestión de limitación en el array". Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution. • https://www.exploit-db.com/exploits/16622 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://osvdb.org/61690 http://secunia.com/advisories/38138 http://secunia.com/advisories/38215 http://www.adobe.com/support/security/bulletins/apsb10-02.html http://www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl http://www.redhat.com/support/errata/RHSA-2010-0060.html http://www.securityfocus.com/bid/37758 http://www.securitytracker.com/i • CWE-787: Out-of-bounds Write •