CVE-2009-3954 – acroread: multiple code execution flaws (APSB10-02)
https://notcve.org/view.php?id=CVE-2009-3954
The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability." La implementación 3D en Adobe Reader y Acrobat v9.x anterior a v9.3, y v8.x anterior a v8.2 sobre Windows y Mac OS X, podría permitir a atacantes ejecutar código de su elección a través de vectores no especificados, relacionados con un "vulnerabilidad de carga DLL". • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://secunia.com/advisories/38138 http://secunia.com/advisories/38215 http://www.adobe.com/support/security/bulletins/apsb10-02.html http://www.redhat.com/support/errata/RHSA-2010-0060.html http://www.securityfocus.com/bid/37761 http://www.securitytracker.com/id?1023446 http://www.us-cert.gov/cas/techalerts/TA10-013A.html http://www.vupen.com/english/advisories/2010/0103 https://bugzilla.redhat.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2009-3956 – acroread: script injection vulnerability (APSB10-02)
https://notcve.org/view.php?id=CVE-2009-3956
The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers. La configuración por defecto en Adobe Reader y Acrobat v9.x anterior a v9.3, y 8.x anterior a v8.2, sobre Windows y Mac OS X, no soporta adecuadamente la funcionalidad Enhanced Security, que tiene un impacto y vectores de ataque desconocidos relacionados con "una vulnerabilidad de inyección de secuencias de comandos". • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://secunia.com/advisories/38138 http://secunia.com/advisories/38215 http://www.adobe.com/support/security/bulletins/apsb10-02.html http://www.packetstormsecurity.org/1001-exploits/SS-2010-001.txt http://www.redhat.com/support/errata/RHSA-2010-0060.html http://www.securityfocus.com/bid/37763 http://www.securitytracker.com/id?1023446 http://www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_ • CWE-16: Configuration •
CVE-2009-3955 – acroread: multiple code execution flaws (APSB10-02)
https://notcve.org/view.php?id=CVE-2009-3955
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption. Adobe Reader y Acrobat versión 9.x anterior a 9.3 y versión 8.x anterior a 8.2 en Windows y Mac OS X, permiten a los atacantes remotos ejecutar código arbitrario por medio de un marcador JPC_MS_RGN creado en la secuencia Jp2c de un flujo de datos codificado JpxDecode, lo que desencadena una extensión de signo entero que omite una comprobación de saneamiento, lo que conduce a la corrupción de memoria. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=836 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://secunia.com/advisories/38138 http://secunia.com/advisories/38215 http://www.adobe.com/support/security/bulletins/apsb10-02.html http://www.redhat.com/support/errata/RHSA-2010-0060.html http://www.securityfocus.com/bid/37757 http://www.securitytracker.com/id?1023446 http://www.us-cert.gov/cas/techalerts/TA10-013A.html http:// • CWE-399: Resource Management Errors •
CVE-2009-3959 – acroread: multiple code execution flaws (APSB10-02)
https://notcve.org/view.php?id=CVE-2009-3959
Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document. Desbordamiento de entero en la implementación U3D en Adobe Reader y Acrobat v9.x anterior a v9.3, y 8.x anterior a v8.2, sobre Windows y Mac OS X, podría permitir a atacantes ejecutar código de su elección a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://secunia.com/advisories/38138 http://secunia.com/advisories/38215 http://www.adobe.com/support/security/bulletins/apsb10-02.html http://www.redhat.com/support/errata/RHSA-2010-0060.html http://www.securityfocus.com/archive/1/508949 http://www.securityfocus.com/bid/37756 http://www.securitytracker.com/id?1023446 http://www.us-cert.gov/cas/techalerts/TA10-013A.html http://www.vupen.com/english/ • CWE-189: Numeric Errors •
CVE-2009-2992
https://notcve.org/view.php?id=CVE-2009-2992
An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial of service via unknown vectors. Un control ActiveX no especificado en Adobe Reader y Acrobat v9.x anteriores a v9.2, v8.x anteriores a v8.1.7 y posiblemente en v7.x anteriores a v7.1.4 no validan adecuadamente la entrada, permitiendo a atacantes provocar una denegación de servicio mediante vectores no especificados. • http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.securityfocus.com/bid/36638 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6054 • CWE-20: Improper Input Validation •