Page 39 of 358 results (0.011 seconds)

CVSS: 9.3EPSS: 34%CPEs: 59EXPL: 0

The Bitmap parsing component in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted image that causes an invalid pointer calculation related to 4/8-bit RLE compression, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0602. Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.x anterior a v8.2.6 en Windows y Mac OS X permite a atacantes remotos ejecutar código de su elección a través de una imagen, una vulnerabilidad diferente de CVE-2011-0596, CVE-2011-0598, y CVE-2011 0602. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the Bitmap parsing component of rt3d.dll. When allocating a destination buffer for handling 4/8-bit RLE compressed bitmaps, the process uses the bitmap bits per pixel and number of colors values directly. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/archive/1/516314 http://www.securityfocus.com/bid/46220 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 http://www.zerodayinitiative.com/advisories/ZDI-11-072 https://oval.cisecurity.org/repository/sear • CWE-20: Improper Input Validation •

CVSS: 9.7EPSS: 33%CPEs: 59EXPL: 0

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0600. Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.x anterior a v8.2.6 en Windows y Mac OS X permite a atacantes remotos ejecutar código de su elección a través de un archivo 3D, una vulnerabilidad diferente de CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, y CVE-2011-0600. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of an image format supported by the Universal 3D compressed file format. When decoding the image data provided by the file, the application will use one size for allocating space for the destination buffer and then trust the data when decompressing into that buffer. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/archive/1/516312 http://www.securityfocus.com/bid/46212 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 http://www.zerodayinitiative.com/advisories/ZDI-11-070 https://oval.cisecurity.org/repository/sear • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 46%CPEs: 59EXPL: 0

The U3D component in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file with an invalid Parent Node count that triggers an incorrect size calculation and memory corruption, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0595. El componente U3D de Adobe Reader y Acrobat versión 10.x anterior a 10.0.1, versión 9.x anterior a 9.4.2 y versión 8.x anterior a 8.2.6 en Windows y Mac OS X, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo 3D con un recuento de nodos principales no válido que activa un cálculo de tamaño inapropiado y la corrupción de memoria, esta es una vulnerabilidad diferente a los CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593 y CVE-2011-0595. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader on Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the U3D component distributed with the Reader. The application uses the Parent Node count to calculate the size of an allocation. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/archive/1/516316/100/0/threaded http://www.securityfocus.com/bid/46213 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 http://www.zerodayinitiative.com/advisories/ZDI-11-074 https://oval.cisecurity. • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 79%CPEs: 59EXPL: 0

Integer overflow in ACE.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code via crafted ICC data, a different vulnerability than CVE-2011-0596, CVE-2011-0599, and CVE-2011-0602. Un desbordamiento de enteros en la biblioteca ACE.dll en Adobe Reader y Acrobat versión 10.x anterior a 10.0.1, versión 9.x anterior a 9.4.2 y versión 8.x anterior a 8.2.6 en Windows y Mac OS X, permite a los atacantes remotos ejecutar código arbitrario por medio de datos ICC creados, esta es una vulnerabilidad diferente a los CVE-2011-0596, CVE-2011-0599 y CVE-2011-0602. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the ICC parsing component of ACE.dll. It is possible to cause an integer overflow due to several multiplications of controlled byte values. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/archive/1/516315/100/0/threaded http://www.securityfocus.com/bid/46219 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 http://www.zerodayinitiative.com/advisories/ZDI-11-073 https://exchange.xforce. • CWE-189: Numeric Errors •

CVSS: 9.3EPSS: 27%CPEs: 59EXPL: 0

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0595, and CVE-2011-0600. Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.x anterior a v8.2.6 en Windows y Mac OS X permite a atacantes remotos ejecutar código de su elección a través de un archivo 3D, una vulnerabilidad diferente de CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0595, y CVE-2011-0600. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of an image format supported by the Universal 3D compressed file format. When decoding the image data provided by the file, the application will use a supplied size for allocating space for the destination buffer and then trust the data when decompressing into that buffer. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/bid/46211 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 http://www.zerodayinitiative.com/advisories/ZDI-11-069 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12258 htt • CWE-20: Improper Input Validation •