CVSS: 10.0EPSS: 15%CPEs: 46EXPL: 0CVE-2014-0527 – Adobe Reader AcroPDF messageHandler Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0527
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad de uso después de liberación en Adobe Reader y Acrobat 10.x anterior a 10.1.10 y 11.x anterior a 11.0.07 en Windows y OS X permite a atacantes ejecutar código arbitrario a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the AcroPDF ActiveX control. The issue lies in the messageHandler property of the control. • http://helpx.adobe.com/security/products/reader/apsb14-15.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2014-0495
https://notcve.org/view.php?id=CVE-2014-0495
Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0493. Adobe reader y Acrobat 10.x anteriores a 10.1.9 y 11.x anteriores a 11.0.06 en Windows y Mac OS X permite a atacantes ejecutar código de forma arbitraria o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a VE-2014-0493. • http://helpx.adobe.com/security/products/acrobat/apsb14-01.html http://www.securitytracker.com/id/1029604 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2014-0493
https://notcve.org/view.php?id=CVE-2014-0493
Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0495. Adobe Reader y Acrobat 10.x anteriores a 10.1.9 y 11.x anteriores a 11.0.06 en Windows y Mac OS X permite a atacantes ejecutar código de forma arbitraria o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-0495. • http://helpx.adobe.com/security/products/acrobat/apsb14-01.html http://www.securitytracker.com/id/1029604 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0CVE-2014-0496 – Adobe Reader and Acrobat Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2014-0496
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad de uso despues de liberación en Adobe Reader y Acrobat 10.x anteriores a 10.1.9 y 11.x anteriores a 11.0.06 en Windows y mac OS X permite a los atacantes ejecutar código de forma arbitraria a través de vectores no especificados. Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution. • http://helpx.adobe.com/security/products/acrobat/apsb14-01.html http://www.securitytracker.com/id/1029604 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 0%CPEs: 11EXPL: 0CVE-2013-5325
https://notcve.org/view.php?id=CVE-2013-5325
Adobe Reader and Acrobat 11.x before 11.0.05 on Windows allow remote attackers to execute arbitrary JavaScript code in a javascript: URL via a crafted PDF document. Adobe Reader y Acrobat 11.x anterior a la versión 11.0.05 en Windows permite a atacantes remotos ejecutar código JavaScript arbitrario en una URL tipo javascript: a través de un documento PDF diseñado. • http://www.adobe.com/support/security/bulletins/apsb13-25.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19053 • CWE-94: Improper Control of Generation of Code ('Code Injection') •