CVE-2015-3058 – Adobe Acrobat Pro Spell customDictionaryExport Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-3058
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors. Adobe Reader y Acrobat 10.x anterior a 10.1.14 y 11.x anterior a 11.0.11 en Windows y OS X permiten a atacantes obtener información sensible de la memoria de procesos a través de vectores no especificados. This vulnerability allows remote attackers to leak memory addresses from Spell.api on vulnerable installations of Adobe Acrobat Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Spell object. By creating and exporting a custom dictionary, it is possible to leak memory addresses from Spell.api. • http://www.securityfocus.com/bid/74618 http://www.securitytracker.com/id/1032284 http://www.zerodayinitiative.com/advisories/ZDI-15-211 https://helpx.adobe.com/security/products/reader/apsb15-10.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-3064 – Adobe Acrobat Reader DynamicAnnotStore compete Javascript API Restrictions Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-3064
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074. Adobe Reader y Acrobat 10.x anterior a 10.1.14 y 11.x anterior a 11.0.11 en Windows y OS X permiten a atacantes evadir las restricciones en la ejecución de la API JavaScript a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, y CVE-2015-3074. This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the DynamicAnnotStore compete method. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the JavaScript API restrictions. • http://www.securityfocus.com/bid/74604 http://www.securitytracker.com/id/1032284 http://www.zerodayinitiative.com/advisories/ZDI-15-204 https://helpx.adobe.com/security/products/reader/apsb15-10.html • CWE-284: Improper Access Control •
CVE-2015-3061 – Adobe Acrobat Reader ANMatchString Javascript API Restrictions Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-3061
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074. Adobe Reader y Acrobat 10.x anterior a 10.1.14 y 11.x anterior a 11.0.11 en Windows y OS X permite a atacantes evadir restricciones intencionadas en la ejecución de la API JavaScript a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3060, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073 y CVE-2015-3074. This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ANMatchString method. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the JavaScript API restrictions. • http://www.securityfocus.com/bid/74604 http://www.securitytracker.com/id/1032284 http://www.zerodayinitiative.com/advisories/ZDI-15-206 https://helpx.adobe.com/security/products/reader/apsb15-10.html • CWE-284: Improper Access Control •
CVE-2014-9161 – Adobe Reader X / XI Out Of Bounds Read
https://notcve.org/view.php?id=CVE-2014-9161
CoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows, and 10.x through 10.1.13 and 11.x through 11.0.10 on OS X, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document. CoolType.dll en Adobe Reader y Acrobat 10.x anterior a 10.1.13 y 11.x anterior a 11.0.10 en Windows, y 10.x hasta 10.1.13 y 11.x hasta 11.0.10 en OS X, permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) o posiblemente tener otro impacto no especificado a través de un documento PDF manipulado. Adobe Reader X and XI for Windows suffer from an out-of-bounds read in CoolType.dll. • http://code.google.com/p/google-security-research/issues/detail?id=149 http://packetstormsecurity.com/files/134394/Adobe-Reader-X-XI-Out-Of-Bounds-Read.html http://www.securityfocus.com/bid/74600 http://www.securitytracker.com/id/1032284 https://helpx.adobe.com/security/products/reader/apsb15-10.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-0566
https://notcve.org/view.php?id=CVE-2014-0566
Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0565. Adobe Reader y Acrobat 10.x anterior a 10.1.12 y 11.x anterior a 11.0.09 en Windows y OS X apermiten a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-0565. • http://helpx.adobe.com/security/products/reader/apsb14-20.html http://www.securityfocus.com/bid/69825 http://www.securitytracker.com/id/1030853 http://www.securitytracker.com/id/1032892 https://exchange.xforce.ibmcloud.com/vulnerabilities/96003 https://helpx.adobe.com/security/products/reader/apsb15-15.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •