CVSS: 9.3EPSS: 97%CPEs: 64EXPL: 5CVE-2008-2992 – Adobe Reader and Acrobat Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2008-2992
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104. Un desbordamiento de búfer en la región stack de la memoria en Adobe Acrobat y Reader versión 8.1.2 y anteriores, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo PDF que llama a la función JavaScript util.printf con un argumento de cadena de formato creado, un problema relacionado con el CVE-2008-1104. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of embedded Javascript code when opening a PDF. Adobe Acrobat has defined it's own set of Javascript functions that can be used in a PDF file. • https://www.exploit-db.com/exploits/16504 https://www.exploit-db.com/exploits/16624 https://www.exploit-db.com/exploits/6994 https://www.exploit-db.com/exploits/7006 http://download.oracle.com/sunalerts/1019937.1.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://osvdb.org/49520 http://secunia.com/advisories/29773 http://secunia.com/advisories/32700 http://secunia.com/advisories/32872 http://secunia.com/advisories/35163 http://sec • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 5%CPEs: 3EXPL: 1CVE-2008-4071 – Adobe Acrobat 9 - ActiveX Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-4071
A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL. Un determinado control ActiveX en Adobe Acrobat 9, cuando es utilizado con Microsoft Windows Vista e Internet Explorer 7, permite a atacantes remotos provocar una denegación de servicio (caída del navegador) a través de un valor de la propiedad src con una URL acroie:// no válida. • https://www.exploit-db.com/exploits/6424 http://securityreason.com/securityalert/4257 https://exchange.xforce.ibmcloud.com/vulnerabilities/45195 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 2%CPEs: 76EXPL: 0CVE-2008-2042
https://notcve.org/view.php?id=CVE-2008-2042
The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function. La API de JavaScript en Adobe Acrobat Professional versiones 7.0.9 y posiblemente 8.1.1 se expone a un método peligroso, el cual permite a atacantes remotos (1) ejecutar comandos de arbitrarios o (2) provocar un desbordamiento de búfer a través de un fcihero PDF manipulado que invoca un app.checkForUpdate con una función de llamada mal intencionada. • http://secunia.com/advisories/30840 http://securityreason.com/securityalert/3861 http://securitytracker.com/id?1019971 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1 http://www.adobe.com/support/security/bulletins/apsb08-13.html http://www.securityfocus.com/archive/1/491735/100/0/threaded http://www.vupen.com/english/advisories/2008/1966/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42237 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 97%CPEs: 2EXPL: 2CVE-2007-5659 – Adobe Acrobat and Reader Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-5659
Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655. Múltiples desbordamientos de búfer en Adobe Reader and Acrobat 8.1.1 y anteriores permiten a atacantes remotos ejecutar código de su elección a través de ficheros PDF con argumentos largos de métodos no especificados de JavaScript. NOTA: esta cuestión podría ser subsumida por CVE-2008-0655. Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods. • https://www.exploit-db.com/exploits/31114 https://www.exploit-db.com/exploits/16674 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=657 http://secunia.com/advisories/29065 http://secunia.com/advisories/29205 http://secunia.com/advisories/30840 http://security.gentoo.org/glsa/glsa-200803-01.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1 http://www.adobe.com/support/security/advisories/apsa08-01.html http://www.adobe.com/support/se • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2007-5666 – acroread JavaScript Insecure Libary Search Path
https://notcve.org/view.php?id=CVE-2007-5666
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current working directory. NOTE: this issue might be subsumed by CVE-2008-0655. Vulnerabilidad de ruta de búsqueda no confiable en Adobe Reader y Acrobat 8.1.1 y anteriores permite a usuarios locales ejecutar código de su elección a través de una librería maliciosa del proveedor de Seguridad en el directorio de trabajo actual de los lectores. NOTA: este asunto podría estar subsumido por CVE-2008-0655. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=655 http://secunia.com/advisories/29065 http://secunia.com/advisories/29205 http://secunia.com/advisories/30840 http://security.gentoo.org/glsa/glsa-200803-01.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1 http://www.adobe.com/support/security/advisories/apsa08-01.html http://www.adobe.com/support/security/bulletins/apsb08-13.html http://www.redhat.com/support/errata/RHSA-2008-0144.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •