CVSS: 10.0EPSS: 68%CPEs: 102EXPL: 0CVE-2009-3959 – acroread: multiple code execution flaws (APSB10-02)
https://notcve.org/view.php?id=CVE-2009-3959
13 Jan 2010 — Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document. Desbordamiento de entero en la implementación U3D en Adobe Reader y Acrobat v9.x anterior a v9.3, y 8.x anterior a v8.2, sobre Windows y Mac OS X, podría permitir a atacantes ejecutar código de su elección a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 2%CPEs: 102EXPL: 0CVE-2009-3956 – acroread: script injection vulnerability (APSB10-02)
https://notcve.org/view.php?id=CVE-2009-3956
13 Jan 2010 — The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers. La configuración por defecto en Adobe Reader y Acrobat v9.x anterior a v9.3, y 8.x anterior a v8.2, sobre Windows y Mac O... • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html • CWE-16: Configuration •
CVSS: 10.0EPSS: 88%CPEs: 102EXPL: 1CVE-2009-3958 – Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Execution
https://notcve.org/view.php?id=CVE-2009-3958
13 Jan 2010 — Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters. Desbordamiento de búfer en el Download Manager en Adobe Reader y Acrobat v9.x anterior a v9.3, y 8.x anterior a v8.2, sobre Windows y Mac OS X, podría permitir a atacantes ejecutar có... • https://www.exploit-db.com/exploits/11172 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 3%CPEs: 102EXPL: 0CVE-2009-3954 – acroread: multiple code execution flaws (APSB10-02)
https://notcve.org/view.php?id=CVE-2009-3954
13 Jan 2010 — The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability." La implementación 3D en Adobe Reader y Acrobat v9.x anterior a v9.3, y v8.x anterior a v8.2 sobre Windows y Mac OS X, podría permitir a atacantes ejecutar código de su elección a través de vectores no especificados, relacionados con un "vulnerabilidad de carga DLL". • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 94%CPEs: 11EXPL: 4CVE-2009-4324 – Adobe Acrobat and Reader Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2009-4324
15 Dec 2009 — Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009. La vulnerabilidad de uso de la memoria previamente liberada (Use-after-free) en la función Doc.media.newPlayer en el archivo Multimedia.api en Adobe Reader y Acrobat versión 9.x anterior a 9.3, y ... • https://www.exploit-db.com/exploits/16503 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 50EXPL: 0CVE-2009-2988 – acroread: Multiple DoS fixes in 8.1.7 (APSB09-15)
https://notcve.org/view.php?id=CVE-2009-2988
19 Oct 2009 — Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which allows attackers to cause a denial of service via unspecified vectors. Adobe Reader y Acrobat v7.x anteriores a v7.1.4, v8.x anteriores a v8.1.7 y v9.x anteriores a v9.2 no valida adecuadamente la entrad, permitiendo a atacantes provocar una denegación de servicio mediante vectores no especificados. • http://securitytracker.com/id?1023007 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 13%CPEs: 50EXPL: 0CVE-2009-2991 – acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15)
https://notcve.org/view.php?id=CVE-2009-2991
19 Oct 2009 — Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en el plug-in para Mozilla en Adobe Reader y Acrobat v8.x anteriores a v8.1.7 y posiblemente en v7.x anteriores a v7.1.4 y v9.x anteriores a v9.2, podría permitir a atacantes remotos ejecutar código de su elección mediante vectores desconocidos. • http://securitytracker.com/id?1023007 •
CVSS: 9.8EPSS: 93%CPEs: 50EXPL: 1CVE-2009-2983 – Adobe Reader 9.1.3 / Acrobat - COM Objects Memory Corruption Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-2983
19 Oct 2009 — Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. Adobe Reader y Acrobat v9.x anteriores a v9.2, v8.x anteriores a v8.1.7 y posiblemente en v7.x anteriores a v7.1.4 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) o probablemente ejecutar código de su elección mediante vectores no especificados. • https://www.exploit-db.com/exploits/33283 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 1%CPEs: 50EXPL: 0CVE-2009-2982
https://notcve.org/view.php?id=CVE-2009-2982
19 Oct 2009 — An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow remote attackers to conduct a "social engineering attack" via unknown vectors. Un certificado sin especificar en Adobe Reader y Acrobat v9.x anteriores a la v9.2, v8.x anteriores a la v8.1.7 y posiblemente v7.x hasta la v7.1.4 puede permitir a atacantes remotos llevar a cabo un "ataque por ingeniería social" a través de vectores de ataque desconocidos. • http://securitytracker.com/id?1023007 • CWE-310: Cryptographic Issues •
CVSS: 9.3EPSS: 61%CPEs: 50EXPL: 0CVE-2009-3458 – acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15)
https://notcve.org/view.php?id=CVE-2009-3458
19 Oct 2009 — Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998. Adobe Reader y Acrobat v7.x anteriores a v7.1.4, v8.x anteriores a v8.1.7 y v9.x anteriores a v9.2 no validan los datos de entrada apropiadamente, lo que puede permitir a los atacantes ejecutar código de su elección a través de vectores de ataque sin especificar. Es una vuln... • http://securitytracker.com/id?1023007 • CWE-20: Improper Input Validation •