Page 35 of 222 results (0.008 seconds)

CVSS: 9.3EPSS: 97%CPEs: 78EXPL: 2

Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information. Un Desbordamiento de búfer en la región heap de la memoria en Adobe Reader y Acrobat versión 7.x anterior a versión 7.1.4, versión 8.x anterior a 8.1.7, y versión 9.x anterior a 9.2, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo PDF creado que desencadena la corrupción de memoria, tal y como fue explotado "in the wild" en octubre de 2009. NOTA: algunos de estos detalles se obtienen de información de terceros. • https://www.exploit-db.com/exploits/16546 https://www.exploit-db.com/exploits/16652 http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html http://isc.sans.org/diary.html?storyid=7300 http://secunia.com/advisories/36983 http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.iss.net/threats/348.html http://www.securityfocus.com/bid/36600 http://www.us-cert.gov/cas/techalerts/TA09-286B.ht • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 5%CPEs: 50EXPL: 0

Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2996. Adobe Reader y Acrobat v7.x anteriores a v7.1.4, v8.x anteriores a v8.1.7 y v9.x anteriores a v9.2 permite a atacantes provocar una denegación de servicio (consumo de memoria) o probablemente ejecutar código de su elección mediante vectores no especificados, siendo una vulnerabilidad diferente a CVE-2009-2996. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application parses a PDF file containing a malformed Compact Font Format stream. While decoding the font embedded in this stream, the application will explicitly trust a 16-bit value used to index into an array of elements. • http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.securityfocus.com/bid/36638 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6145 https://access.redhat.com/security/cve/CVE-2009-2985 https://bugzilla.redhat.com/show_bug.cgi?id=528659 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 10%CPEs: 85EXPL: 2

Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4 and earlier 7.x versions allows remote attackers to cause a denial of service (application crash) via a PDF file with a large number of [ (open square bracket) characters in the argument to the alert method. NOTE: some of these details are obtained from third party information. Una vulnerabilidad de consumo de pila en Reader y Acrobat de Adobe versiones 9.1.3, 9.1.2, 9.1.1 y anteriores a versiones 9.x; versiones 8.1.6 y anteriores a versiones 8.x ; y posiblemente versiones 7.1.4 y anteriores a versiones 7.x, permite a los atacantes remotos causar una denegación de servicio (bloqueo de aplicación) por medio de un archivo PDF con un gran número de caracteres [ (corchete abierto) en el argumento al método de alerta. NOTA: algunos de estos datos fueron obtenidos de la información de terceros. • https://www.exploit-db.com/exploits/33017 http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.securityfocus.com/bid/35148 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6532 https://access.redhat.com/security/cve/CVE-2009-3431 https://bugzilla.redhat.com/show_bug.cgi?id=528665 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 1%CPEs: 83EXPL: 0

Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a PDF document with a crafted TrueType font. Reader versión 7 y Acrobat versiones 7 anteriores a 7.1.3 de Adobe, Reader versión 8 y Acrobat versiones 8 anteriores a 8.1.6 y Reader versión 9 y Acrobat versiones 9 anteriores a 9.1.2 de Adobe, permite a los atacantes causar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código arbitrario por medio de un documento PDF con una fuente TrueType diseñada. • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/34580 http://secunia.com/advisories/35496 http://secunia.com/advisories/35655 http://secunia.com/advisories/35685 http://secunia.com/advisories/35734 http://security.gentoo.org/glsa/glsa-200907-06.xml http://securitytracker.com/id?1022361 http://www.adobe.com/support/security/bulletins/apsb09-07.html http:&# • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 32%CPEs: 83EXPL: 0

Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption. Adobe Reader v7 y Acrobat v7 anteriores a v7.1.3, Adobe Reader v8 y Acrobat v8 anteriores a v8.1.6, y Adobe Reader v9 y Acrobat v9 anteriores a v9.1.2 podría permitir a atacantes ejecutar código arbitrario a través de vectores inespecíficos que inician la corrupción de la memoria. • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/34580 http://secunia.com/advisories/35496 http://secunia.com/advisories/35655 http://secunia.com/advisories/35685 http://secunia.com/advisories/35734 http://security.gentoo.org/glsa/glsa-200907-06.xml http://securitytracker.com/id?1022361 http://www.adobe.com/support/security/bulletins/apsb09-07.html http:&# • CWE-399: Resource Management Errors •