Page 168 of 856 results (0.018 seconds)

CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0

CVE-2007-5666 – acroread JavaScript Insecure Libary Search Path

https://notcve.org/view.php?id=CVE-2007-5666

Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current working directory. NOTE: this issue might be subsumed by CVE-2008-0655. Vulnerabilidad de ruta de búsqueda no confiable en Adobe Reader y Acrobat 8.1.1 y anteriores permite a usuarios locales ejecutar código de su elección a través de una librería maliciosa del proveedor de Seguridad en el directorio de trabajo actual de los lectores. NOTA: este asunto podría estar subsumido por CVE-2008-0655. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=655 http://secunia.com/advisories/29065 http://secunia.com/advisories/29205 http://secunia.com/advisories/30840 http://security.gentoo.org/glsa/glsa-200803-01.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1 http://www.adobe.com/support/security/advisories/apsa08-01.html http://www.adobe.com/support/security/bulletins/apsb08-13.html http://www.redhat.com/support/errata/RHSA-2008-0144.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 36%CPEs: 2EXPL: 0

CVE-2007-5663 – acroread JavaScript Insecure Method Exposure

https://notcve.org/view.php?id=CVE-2007-5663

Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655. Adobe Reader y Acrobat 8.1.1 y anteriores permite a atacantes remotos ejecutar código de su elección a través de un archivo PDF manipulado que llama a un método JavaScript inseguro en el complemento EScript.api. NOTA: este problema podría estar incluido en CVE-2008-0655. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=656 http://secunia.com/advisories/29065 http://secunia.com/advisories/29205 http://secunia.com/advisories/30840 http://security.gentoo.org/glsa/glsa-200803-01.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1 http://www.adobe.com/support/security/advisories/apsa08-01.html http://www.adobe.com/support/security/bulletins/apsb08-13.html http://www.kb.cert.org/vuls/id/140129 http://www • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 17%CPEs: 2EXPL: 0

CVE-2008-0726 – Adobe Acrobat Javascript for PDF Integer Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2008-0726

Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption. Desbordamiento de tipo integer en Adobe Reader y Acrobat 8.1.1 y anteriores. Permite a atacantes remotos ejecutar código de su elección a través de argumentos manipulados a los printSepsWithParams, lo que dispara corrupción de memoria. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious web address or open a malicious file. The specific flaw exists in the parsing of embedded JavaScript code within PDF documents. • http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00007.html http://secunia.com/advisories/28983 http://secunia.com/advisories/29065 http://secunia.com/advisories/29205 http://secunia.com/advisories/30840 http://security.gentoo.org/glsa/glsa-200803-01.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1 http://www.adobe.com/support/security/advisories/apsa08-01.html http://www.adobe.com/support/security/bulletins/apsb08-13.html http://www.redhat& • CWE-189: Numeric Errors •

CVSS: 9.8EPSS: 36%CPEs: 2EXPL: 1

CVE-2008-0655 – Adobe Acrobat and Reader Unspecified Vulnerability

https://notcve.org/view.php?id=CVE-2008-0655

Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors. Múltiples vulnerabilidades no especificadas en Adobe Reader y Acrobat anterior a la versión 8.1.2 tienen vectores de impacto y ataque desconocidos. Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times. • http://blogs.adobe.com/acroread/2008/02/adobe_reader_812_for_linux_and.html http://kb.adobe.com/selfservice/viewContent.do?externalId=kb403079&sliceId=1 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00007.html http://secunia.com/advisories/28802 http://secunia.com/advisories/28851 http://secunia.com/advisories/28983 http://secunia.com/advisories/29065 http://secunia.com/advisories/29205 http://secunia.com/advisories/30840 http://security.gentoo.org/glsa/glsa-200803&# •

CVSS: 9.3EPSS: 27%CPEs: 2EXPL: 0

CVE-2007-5020

https://notcve.org/view.php?id=CVE-2007-5020

Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vague pre-advisory by a reliable researcher. Una vulnerabilidad no especificada en Adobe Acrobat y Reader versión 8.1 en Windows, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo PDF diseñado, relacionado con la opción mailto: e Internet Explorer versión 7 en Windows XP. NOTA: esta información se basa en un asesoramiento previo vago por parte de un investigador confiable. • http://www.adobe.com/support/security/advisories/apsa07-04.html http://www.gnucitizen.org/blog/0day-pdf-pwns-windows http://www.securityfocus.com/archive/1/480080/100/0/threaded http://www.securityfocus.com/bid/25748 http://www.securitytracker.com/id?1018723 http://www.us-cert.gov/cas/techalerts/TA07-297B.html http://www.vupen.com/english/advisories/2007/3392 https://exchange.xforce.ibmcloud.com/vulnerabilities/36722 • CWE-94: Improper Control of Generation of Code ('Code Injection') •