CVE-2009-3955 – acroread: multiple code execution flaws (APSB10-02)
https://notcve.org/view.php?id=CVE-2009-3955
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption. Adobe Reader y Acrobat versión 9.x anterior a 9.3 y versión 8.x anterior a 8.2 en Windows y Mac OS X, permiten a los atacantes remotos ejecutar código arbitrario por medio de un marcador JPC_MS_RGN creado en la secuencia Jp2c de un flujo de datos codificado JpxDecode, lo que desencadena una extensión de signo entero que omite una comprobación de saneamiento, lo que conduce a la corrupción de memoria. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=836 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://secunia.com/advisories/38138 http://secunia.com/advisories/38215 http://www.adobe.com/support/security/bulletins/apsb10-02.html http://www.redhat.com/support/errata/RHSA-2010-0060.html http://www.securityfocus.com/bid/37757 http://www.securitytracker.com/id?1023446 http://www.us-cert.gov/cas/techalerts/TA10-013A.html http:// • CWE-399: Resource Management Errors •
CVE-2009-3959 – acroread: multiple code execution flaws (APSB10-02)
https://notcve.org/view.php?id=CVE-2009-3959
Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document. Desbordamiento de entero en la implementación U3D en Adobe Reader y Acrobat v9.x anterior a v9.3, y 8.x anterior a v8.2, sobre Windows y Mac OS X, podría permitir a atacantes ejecutar código de su elección a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://secunia.com/advisories/38138 http://secunia.com/advisories/38215 http://www.adobe.com/support/security/bulletins/apsb10-02.html http://www.redhat.com/support/errata/RHSA-2010-0060.html http://www.securityfocus.com/archive/1/508949 http://www.securityfocus.com/bid/37756 http://www.securitytracker.com/id?1023446 http://www.us-cert.gov/cas/techalerts/TA10-013A.html http://www.vupen.com/english/ • CWE-189: Numeric Errors •
CVE-2009-2992
https://notcve.org/view.php?id=CVE-2009-2992
An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial of service via unknown vectors. Un control ActiveX no especificado en Adobe Reader y Acrobat v9.x anteriores a v9.2, v8.x anteriores a v8.1.7 y posiblemente en v7.x anteriores a v7.1.4 no validan adecuadamente la entrada, permitiendo a atacantes provocar una denegación de servicio mediante vectores no especificados. • http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.securityfocus.com/bid/36638 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6054 • CWE-20: Improper Input Validation •
CVE-2009-2994 – Adobe Acrobat Reader 7 < 9 - U3D Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-2994
Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer en Adobe Reader y Acrobat v7.x anteriores a v7.1.4, v8.x anteriores a v8.1.7 y v9.x anteriores a v9.2 permite a atacantes ejecutar código de su elección a través de vectores de ataque sin especificar. • https://www.exploit-db.com/exploits/9865 http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.securityfocus.com/bid/36638 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6156 https://access.redhat.com/security/cve/CVE-2009-2994 https://bugzilla.redhat.com/show_bug.cgi?id=528659 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-2982
https://notcve.org/view.php?id=CVE-2009-2982
An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow remote attackers to conduct a "social engineering attack" via unknown vectors. Un certificado sin especificar en Adobe Reader y Acrobat v9.x anteriores a la v9.2, v8.x anteriores a la v8.1.7 y posiblemente v7.x hasta la v7.1.4 puede permitir a atacantes remotos llevar a cabo un "ataque por ingeniería social" a través de vectores de ataque desconocidos. • http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.securityfocus.com/bid/36638 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6365 • CWE-310: Cryptographic Issues •