CVSS: 9.3EPSS: 1%CPEs: 74EXPL: 0CVE-2011-2442 – acroread: multiple code execution flaws (APSB11-24)
https://notcve.org/view.php?id=CVE-2011-2442
Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error vulnerability." Adobe Reader y Acrobat v8.x antes de v8.3.1, v9.x antes de v9.4.6, y v10.x antes de v10.1.1, permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados, relacionado con una "vulnerabilidad de error lógico". • http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html http://www.adobe.com/support/security/bulletins/apsb11-24.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14042 https://access.redhat.com/security/cve/CVE-2011-2442 https://bugzilla.redhat.com/show_bug.cgi?id=749381 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 28%CPEs: 74EXPL: 0CVE-2011-2437 – Adobe Reader U3D PCX Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2437
Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2434. Múltiples desbordamientos de búfer basados en memoria dinámica en Adobe Reader y Acrobat v8.x antes de v8.3.1, v9.x antes de v9.4.6, y v10.x antes de v10.1.1, permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos, una vulnerabilidad diferente de CVE-2011-2433 y CVE-2011-2434. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe Image parsing library. When Adobe Reader tries to parse an .PCX image it creates a 32 bits loop counter based on the height and width of the image. • http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html http://www.adobe.com/support/security/bulletins/apsb11-24.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13984 https://access.redhat.com/security/cve/CVE-2011-2437 https://bugzilla.redhat.com/show_bug.cgi?id=749381 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0CVE-2011-1353
https://notcve.org/view.php?id=CVE-2011-1353
Unspecified vulnerability in Adobe Reader 10.x before 10.1.1 on Windows allows local users to gain privileges via unknown vectors. Vulnerabilidad no especificada en Adobe Reader v10.x antes v10.1.1 en Windows permite a usuarios locales conseguir privilegios a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html http://www.adobe.com/support/security/bulletins/apsb11-24.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14177 •
CVSS: 9.3EPSS: 1%CPEs: 74EXPL: 0CVE-2011-2440 – acroread: multiple code execution flaws (APSB11-24)
https://notcve.org/view.php?id=CVE-2011-2440
Use-after-free vulnerability in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad "use-after-free" en Adobe Reader y Acrobat v8.x antes de v8.3.1, v9.x antes de v9.4.6 y v10.x antes de v10.1.1, permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html http://www.adobe.com/support/security/bulletins/apsb11-24.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14149 https://access.redhat.com/security/cve/CVE-2011-2440 https://bugzilla.redhat.com/show_bug.cgi?id=749381 • CWE-399: Resource Management Errors •
CVSS: 3.7EPSS: 0%CPEs: 14EXPL: 0CVE-2008-0883 – acroread: insecure handling of temporary files
https://notcve.org/view.php?id=CVE-2008-0883
acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling. acroread en Adobe Acrobat Reader 8.1.2 permite a usuarios locales sobrescribir ficheros de su elección mediante un ataque de enlaces simbólicos en ficheros temporales relativos al manejo de certificados SSL. • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://secunia.com/advisories/29229 http://secunia.com/advisories/29242 http://secunia.com/advisories/29425 http://secunia.com/advisories/31136 http://secunia.com/advisories/31352 http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1 http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html http://www.adobe.com/support/security/advisories/apsa08-02.html http://www.gentoo.org/security&# • CWE-59: Improper Link Resolution Before File Access ('Link Following') •