CVSS: 7.5EPSS: 5%CPEs: 11EXPL: 0CVE-2004-0629
https://notcve.org/view.php?id=CVE-2004-0629
Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat 5.0.5 and Acrobat Reader, and possibly other versions, allows remote attackers to execute arbitrary code via a URI for a PDF file with a null terminator (%00) followed by a long string. Desbordamiento de búfer en el componente ActiveX (pdf.ocx) de Adobe Acrobat 5.0.5 y Acrobat Reader, y posiblemente otras versiones, permite a atacantes remotos ejecutar código de su elección mediante una URI de un fichero PDF con un terminador nulo (%00) seguido por una cadena larga. • http://www.adobe.com/support/techdocs/330527.html http://www.gentoo.org/security/en/glsa/glsa-200408-14.xml http://www.idefense.com/application/poi/display?id=126&type=vulnerabilities http://www.securityfocus.com/bid/10947 https://exchange.xforce.ibmcloud.com/vulnerabilities/16998 •
CVSS: 7.5EPSS: 12%CPEs: 4EXPL: 0CVE-2004-0632
https://notcve.org/view.php?id=CVE-2004-0632
Adobe Reader 6.0 does not properly handle null characters when splitting a filename path into components, which allows remote attackers to execute arbitrary code via a file with a long extension that is not normally handled by Reader, triggering a buffer overflow. Adobe Reader 6.0 no maneja adecuadamente caractéres nulos cuando divide la ruta de un archivo en sus componentes, lo que permite a atacantes remotos ejecutar código de su elección mediante un fichero con una extensión larga que no es normalmente manejada por Reader, disparando un desbordameinteo de búfer. • http://www.adobe.com/support/techdocs/330527.html http://www.adobe.com/support/techdocs/34222.htm http://www.idefense.com/application/poi/display?id=116&type=vulnerabilities https://exchange.xforce.ibmcloud.com/vulnerabilities/16667 •
CVSS: 7.5EPSS: 5%CPEs: 14EXPL: 1CVE-2003-0434 – Adobe Acrobat Reader (UNIX) 5.0 6 / Xpdf 0.9x Hyperlinks - Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2003-0434
Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink. Varios visores de PDF, incluidos Adobe Acrobat 5.06 y Xpdf 1.01 permiten a atacantes remotos la ejecución arbitraria de comandos mediante metacaracteres de shell en un hipervínculo embebido. • https://www.exploit-db.com/exploits/22771 http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005719.html http://marc.info/?l=bugtraq&m=105777963019186&w=2 http://secunia.com/advisories/9037 http://secunia.com/advisories/9038 http://www.kb.cert.org/vuls/id/200132 http://www.mandriva.com/security/advisories?name=MDKSA-2003:071 http://www.redhat.com/support/errata/RHSA-2003-196.html http://www.redhat.com/support/errata/RHSA-2003-197.html https://oval. •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0284
https://notcve.org/view.php?id=CVE-2003-0284
Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote attackers to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated by the W32.Yourde virus. Adobe Acrobat 5 no valida adecuadamente JavaScript en ficheros PDF, lo cual permite a atacantes remotos, escribir ficheros arbitrarios en el directorio Plug-ins, que se propaga a otros documentos PDF, como demostró el virus W32.Yourde. • http://www.adobe.com/support/downloads/detail.jsp?ftpID=2121 http://www.kb.cert.org/vuls/id/184820 •
CVSS: 4.6EPSS: 0%CPEs: 12EXPL: 0CVE-2002-0030
https://notcve.org/view.php?id=CVE-2002-0030
The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe. El mecanismo de firma digital del visor de PDF Adobe Acrobat Reader sólo verifica la cabecera PE del código ejecutable de un plug-in, lo que puede permitir a atacantes ejecutar código arbitrario en modo certificado haciendo que parezca que el plug-in parezca firmado por Adobe. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0148.html http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004230.html http://www.kb.cert.org/vuls/id/549913 http://www.kb.cert.org/vuls/id/JSHA-5EZQGZ •