CVSS: 10.0EPSS: 34%CPEs: 60EXPL: 0CVE-2008-2641 – acroread: input validation issue in a JavaScript method
https://notcve.org/view.php?id=CVE-2008-2641
Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method." Vulnerabilidad no especificada en Adobe Reader y Acrobat 7.0.9 y anteriores, y 8.0 hasta 8.1.2, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores no conocidos, relacionados con un "problema de validación de entrada en un método JavaScript." • http://isc.sans.org/diary.html?storyid=4616 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html http://secunia.com/advisories/30832 http://secunia.com/advisories/31136 http://secunia.com/advisories/31339 http://secunia.com/advisories/31352 http://secunia.com/advisories/31428 http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1 http://www.adobe.com/support/security/bulletins/apsb08-15.html http://www.gentoo.org/security/en/glsa/glsa-200808&# • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 29%CPEs: 32EXPL: 1CVE-2008-2549 – Adobe Acrobat Reader 8.1.2 - '.PDF' Remote Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2008-2549
Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf. Adobe Acrobat Reader 8.1.2 y versiones anteriores, permiten a atacantes remotos provocar una denegación de servicio (caída de aplicación) y posiblemente la ejecución arbitraria de código a través de un documento PDF mal formado, como se ha demostrado por 2008-HI2.pdf. • https://www.exploit-db.com/exploits/5687 http://download.oracle.com/sunalerts/1019937.1.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://secunia.com/advisories/32700 http://secunia.com/advisories/32872 http://secunia.com/advisories/35163 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609 http://www.adobe.com/support/security/bulletins/apsb08-19.html http://www. •
CVSS: 9.3EPSS: 2%CPEs: 76EXPL: 0CVE-2008-2042
https://notcve.org/view.php?id=CVE-2008-2042
The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function. La API de JavaScript en Adobe Acrobat Professional versiones 7.0.9 y posiblemente 8.1.1 se expone a un método peligroso, el cual permite a atacantes remotos (1) ejecutar comandos de arbitrarios o (2) provocar un desbordamiento de búfer a través de un fcihero PDF manipulado que invoca un app.checkForUpdate con una función de llamada mal intencionada. • http://secunia.com/advisories/30840 http://securityreason.com/securityalert/3861 http://securitytracker.com/id?1019971 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1 http://www.adobe.com/support/security/bulletins/apsb08-13.html http://www.securityfocus.com/archive/1/491735/100/0/threaded http://www.vupen.com/english/advisories/2008/1966/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42237 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 5%CPEs: 26EXPL: 3CVE-2007-1199 – Adobe Acrobat/Adobe Reader 7.0.9 - Information Disclosure
https://notcve.org/view.php?id=CVE-2007-1199
Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with <</URI(file:///C:/)/S/URI>>, a different issue than CVE-2007-0045. Adobe Reader y Acrobat Trial permite a atacantes remotos leer archivos de su elección a través de una file:// URI en un documento PDF, como se demostró con <</URI(file:///C:/)/S/URI>>, un asunto diferente que CVE-2007-0045. • https://www.exploit-db.com/exploits/29686 http://osvdb.org/33897 http://secunia.com/advisories/24408 http://secunia.com/advisories/29205 http://security.gentoo.org/glsa/glsa-200803-01.xml http://www.gnucitizen.org/projects/pdf-strikes-back http://www.securityfocus.com/bid/22753 https://exchange.xforce.ibmcloud.com/vulnerabilities/32815 •
CVSS: 4.3EPSS: 92%CPEs: 36EXPL: 2CVE-2007-0044 – Adobe Reader 9.1.3 Plugin - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-0044
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding." Adobe Acrobat Reader Plugin anterior a la versión 8.0.0 para los navegadores Firefox, Internet Explorer y Opera permite a atacantes remotos forzar al navegador a realizar una petición no autorizada a otros sitios web a través de una mediante una URL en los parámetros de petición (1) FDF, (2) xml y (3) xfdf AJAX, seguidos del carácter # (almohadilla), también conocido como "Universal CSRF and session riding". • https://www.exploit-db.com/exploits/29383 http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html http://secunia.com/advisories/23812 http://secunia.com/advisories/23882 http://secunia.com/advisories/29065 http://security.gentoo.org/glsa/glsa-200701-16.xml http://securityreason.com/securityalert/2090 http://securitytracker.com/id?1017469 http://www.redhat.com/support/errata/RHSA-2008- • CWE-352: Cross-Site Request Forgery (CSRF) •