CVSS: 8.8EPSS: 67%CPEs: 1EXPL: 2CVE-2007-0046 – Adobe Acrobat Reader Plugin 7.0.x - 'acroreader' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-0046
03 Jan 2007 — Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. Doble vulnerabilidad en el Adobe Acrobat Reader Plugin anterior al 8.0.0, como el utilizado en el Mozilla Firefox 1.5.0.7, permite a atacantes remotos ejecutar código de su elección provocando un error mediante un javascript... • https://www.exploit-db.com/exploits/3084 •
CVSS: 6.8EPSS: 5%CPEs: 1EXPL: 0CVE-2007-0047
https://notcve.org/view.php?id=CVE-2007-0047
03 Jan 2007 — CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. Vulnerabilidad de inyección de CRLF en el Plugin de Adobe Acrobat Reader anterior al 8.0.0, cuando se utiliza con el objeto ActiveX Microsoft.XMLHTTP en el Int... • http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf •
CVSS: 9.3EPSS: 23%CPEs: 54EXPL: 0CVE-2006-5857
https://notcve.org/view.php?id=CVE-2006-5857
31 Dec 2006 — Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering. Adobe Reader y Acrobat 7.0.8 y anteriores permite a atacantes remotos con la intervención del usuario ejecutar código mediante un archivo PDF manipulado que dispara una corrupción de memoria y sobrescribe un puntero de subrutina durante el dibujado. • http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0200.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 46%CPEs: 9EXPL: 1CVE-2006-6236
https://notcve.org/view.php?id=CVE-2006-6236
03 Dec 2006 — Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the (1) src, (2) setPageMode, (3) setLayoutMode, and (4) setNamedDest methods in an AcroPDF ActiveX control, a different set of vectors than CVE-2006-6027. Adobe Reader (Adobe Acrobat Reader) 7.0 hasta 7.0.8 permite a un atacante remoto provocar denegación de servicio y posiblemente ejecutar código de su elección a tavés de un parámetro ... • http://research.eeye.com/html/alerts/zeroday/20061128.html •
CVSS: 9.8EPSS: 54%CPEs: 9EXPL: 3CVE-2006-6027 – Adobe Reader 7.0.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-6027
21 Nov 2006 — Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control. Adobe Reader (Adobe Acrobat Reader) 7.0 hasta 7.0.8 permite a atacantes remotos provocar una denegación de servicio y posiblemente ejecutar código de su elección mediante un argumento de cadena largo al método LoadFile en el control ActiveX AcroPDF. • https://www.exploit-db.com/exploits/29076 •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2006-3452
https://notcve.org/view.php?id=CVE-2006-3452
12 Jul 2006 — Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure file and directory permissions, which allows local users to gain privileges by overwriting program files. Adobe Reader y Acrobat 6.0.4 y anteriores en Mac OSX, tiene un archivo y permisos de directorio inseguros, lo que permite a usuarios locales obtener privilegios sobrescribiendo archivos de programa. • http://secunia.com/advisories/21016 •
CVSS: 9.8EPSS: 2%CPEs: 22EXPL: 0CVE-2006-3093
https://notcve.org/view.php?id=CVE-2006-3093
19 Jun 2006 — Multiple unspecified vulnerabilities in Adobe Acrobat Reader (acroread) before 7.0.8 have unknown impact and unknown vectors. Múltiples vulnerabilidades no especificadas en Adobe Acrobat Reader (acroread) anterior a v7.0.8 tienen un impacto desconocido y vectores desconocidos. • http://secunia.com/advisories/20576 •
CVSS: 8.1EPSS: 2%CPEs: 1EXPL: 0CVE-2006-1627
https://notcve.org/view.php?id=CVE-2006-1627
13 Apr 2006 — Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure. • http://secunia.com/advisories/15924 •
CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2006-0525
https://notcve.org/view.php?id=CVE-2006-0525
02 Feb 2006 — Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator CS2, and (3) Adobe Help Center, install a large number of .EXE and .DLL files with write-access permission for the Everyone group, which allows local users to gain privileges via Trojan horse programs. • http://secunia.com/advisories/18698 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 7%CPEs: 16EXPL: 0CVE-2005-2470
https://notcve.org/view.php?id=CVE-2005-2470
16 Aug 2005 — Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 through 7.0.2 and Acrobat 5.0 through 7.0.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. • http://secunia.com/advisories/16466 •