CVSS: 10.0EPSS: 15%CPEs: 46EXPL: 0CVE-2014-0527 – Adobe Reader AcroPDF messageHandler Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0527
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad de uso después de liberación en Adobe Reader y Acrobat 10.x anterior a 10.1.10 y 11.x anterior a 11.0.07 en Windows y OS X permite a atacantes ejecutar código arbitrario a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the AcroPDF ActiveX control. The issue lies in the messageHandler property of the control. • http://helpx.adobe.com/security/products/reader/apsb14-15.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2014-0512 – Adobe Reader Sandbox Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0512
Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. Adobe Reader 11.0.06 permite a atacantes evadir un mecanismo de protección sandbox a través de vectores no especificados, como fue demostrado por VUPEN durante una competición Pwn2Own en CanSecWest 2014. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file writes. The issue lies in the failure to properly validate user-supplied paths. • http://helpx.adobe.com/security/products/reader/apsb14-15.html http://twitter.com/thezdi/statuses/443827076580122624 http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 87%CPEs: 1EXPL: 0CVE-2014-0511 – Adobe Reader PDF417 Barcode Parsing Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0511
Heap-based buffer overflow in Adobe Reader 11.0.06 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. Desbordamiento de buffer basado en memoria dinámica en Adobe Reader 11.0.06 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, como fue demostrado por VUPEN durante una competición Pwn2Own en CanSecWest 2014. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF417 barcodes. The issue lies in the failure to properly sanitize a user-supplied value. • http://helpx.adobe.com/security/products/reader/apsb14-15.html http://twitter.com/thezdi/statuses/443827076580122624 http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •