CVE-2009-2983 – Adobe Reader 9.1.3 / Acrobat - COM Objects Memory Corruption Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-2983
Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. Adobe Reader y Acrobat v9.x anteriores a v9.2, v8.x anteriores a v8.1.7 y posiblemente en v7.x anteriores a v7.1.4 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) o probablemente ejecutar código de su elección mediante vectores no especificados. Various reproduction code that demonstrates memory corruption when loading/unloading Adobe objects through an EMBED tag in Firefox. • https://www.exploit-db.com/exploits/33283 http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.securityfocus.com/bid/36638 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5636 https://access.redhat.com/security/cve/CVE-2009-2983 https://bugzilla.redhat.com/show_bug.cgi?id=528659 • CWE-399: Resource Management Errors •
CVE-2009-2996 – acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15)
https://notcve.org/view.php?id=CVE-2009-2996
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2985. Adobe Reader y Acrobat v7.x anteriores a v7.1.4, v8.x anteriores a v8.1.7, y v9.x anteriores a v9.2 permite a atacantes provocar una denegación de servicio (consumo de memoria) o posiblemente ejecutar código de su elección mediante vectores no especificados, siendo una vulnerabilidad diferente que CVE-2009-2985. • http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.securityfocus.com/bid/36638 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5560 https://access.redhat.com/security/cve/CVE-2009-2996 https://bugzilla.redhat.com/show_bug.cgi?id=528659 • CWE-399: Resource Management Errors •
CVE-2009-2987
https://notcve.org/view.php?id=CVE-2009-2987
Unspecified vulnerability in an ActiveX control in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Windows allows remote attackers to cause a denial of service via unknown vectors. Vulnerabilidad no especificada en un control ActiveX en Adobe Reader y Acrobat v7.x anteriores a v7.1.4, v8.x anteriores a v8.1.7 y v9.x anteriores a v9.2 para Windows permite a atacantes remotos provocar una denegación de servicio mediante vectores desconocidos. • http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.securityfocus.com/bid/36638 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6274 •
CVE-2009-2991 – acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15)
https://notcve.org/view.php?id=CVE-2009-2991
Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en el plug-in para Mozilla en Adobe Reader y Acrobat v8.x anteriores a v8.1.7 y posiblemente en v7.x anteriores a v7.1.4 y v9.x anteriores a v9.2, podría permitir a atacantes remotos ejecutar código de su elección mediante vectores desconocidos. • http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.securityfocus.com/bid/36638 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5557 https://access.redhat.com/security/cve/CVE-2009-2991 https://bugzilla.redhat.com/show_bug.cgi?id=528659 •
CVE-2009-2990 – Adobe Reader / Acrobat - '.U3D' File Invalid Array Index Overflow
https://notcve.org/view.php?id=CVE-2009-2990
Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors. Error de indice en vector en Adobe Reader y Acrobat v9.x anteriores a v9.2, v8.x anteriores a v8.1.7 y posiblemente en v7.x anteriores a v7.1.4 podría permitir a atacantes ejecutar código de su elección mediante vectores no especificados. When a U3D CLODProgressiveMeshContinuation (blocktype: 0xFFFFFF3C) is parsed by Adobe Acrobat Reader U3D plugin the split position index is read from the input without any validation. That index is then used for getting an object out of the limits of the array, object from which a function pointer is dereferenced and called. Adobe Acrobat Reader version 8.1.6 and below and 9.1.3 and below are affected. • https://www.exploit-db.com/exploits/9990 https://www.exploit-db.com/exploits/16309 http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.securityfocus.com/bid/36638 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6371 https://access.redhat.com/security/cve/CVE-2009-2990 https: • CWE-189: Numeric Errors •