CVSS: 9.3EPSS: 46%CPEs: 59EXPL: 0CVE-2011-0600 – Adobe Reader u3d Parent Node Count Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0600
The U3D component in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file with an invalid Parent Node count that triggers an incorrect size calculation and memory corruption, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0595. El componente U3D de Adobe Reader y Acrobat versión 10.x anterior a 10.0.1, versión 9.x anterior a 9.4.2 y versión 8.x anterior a 8.2.6 en Windows y Mac OS X, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo 3D con un recuento de nodos principales no válido que activa un cálculo de tamaño inapropiado y la corrupción de memoria, esta es una vulnerabilidad diferente a los CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593 y CVE-2011-0595. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader on Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the U3D component distributed with the Reader. The application uses the Parent Node count to calculate the size of an allocation. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/archive/1/516316/100/0/threaded http://www.securityfocus.com/bid/46213 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 http://www.zerodayinitiative.com/advisories/ZDI-11-074 https://oval.cisecurity. • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 72%CPEs: 59EXPL: 0CVE-2011-0567 – Adobe Reader Controlled memset Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0567
AcroRd32.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image that triggers an incorrect pointer calculation, leading to heap memory corruption, a different vulnerability than CVE-2011-0566 and CVE-2011-0603. Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.x anterior a v8.2.6 en Windows y Mac OS X permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una imagen manipulada, una vulnerabilidad diferente de CVE-2011-0566 y CVE-2011-0603. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within AcroRd32.dll. Initially, a pointer passed to memset can be miscalculated and the resulting copy operation corrupts heap memory. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/bid/46199 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 http://www.zerodayinitiative.com/advisories/ZDI-11-065 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12248 htt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 27%CPEs: 59EXPL: 0CVE-2011-0592 – Adobe Acrobat Reader U3D Texture bmp RLE Decompression Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0592
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to "Texture bmp," a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600. Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.x anterior a v8.2.6 en Windows y Mac OS X permite a atacantes remotos ejecutar código de su elección a través de un archivo 3D, una vulnerabilidad diferente de CVE-2011-0590, CVE-2011-0591, CVE-2011-0593, CVE-2011-0595, y CVE-2011-0600. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of an image format supported by the Universal 3D compressed file format. When decoding the image data provided by the file, the application will one size for allocating space for the destination buffer and then trust the data when decompressing into that buffer. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/bid/46210 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 http://www.zerodayinitiative.com/advisories/ZDI-11-068 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11819 htt • CWE-20: Improper Input Validation •
CVSS: 9.7EPSS: 33%CPEs: 59EXPL: 0CVE-2011-0595 – Adobe Acrobat Reader U3D Texture .fli RLE Decompression Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0595
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0600. Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.x anterior a v8.2.6 en Windows y Mac OS X permite a atacantes remotos ejecutar código de su elección a través de un archivo 3D, una vulnerabilidad diferente de CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, y CVE-2011-0600. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of an image format supported by the Universal 3D compressed file format. When decoding the image data provided by the file, the application will use one size for allocating space for the destination buffer and then trust the data when decompressing into that buffer. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/archive/1/516312 http://www.securityfocus.com/bid/46212 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 http://www.zerodayinitiative.com/advisories/ZDI-11-070 https://oval.cisecurity.org/repository/sear • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 37%CPEs: 59EXPL: 0CVE-2011-0590 – Adobe Acrobat Reader U3D Texture Parser ILBM Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0590
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600. Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.x anterior a v8.2.6 en Windows y Mac OS X permite a atacantes remotos ejecutar código de su elección a través de un archivo 3D, una vulnerabilidad diferente de CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595 y CVE-2011-0600. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of an image format supported by the Universal 3D compressed file format. When parsing a particular texture file specified by the format, the application will explicitly trust fields within the file in a multiply used to allocate space for the image data. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12621 https://access.redhat.com/security/cve/CVE-2011-0590 https://bugzilla.redhat.com/show_bug.cgi • CWE-20: Improper Input Validation •