CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41833 – ZDI-CAN-24310: Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-41833
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. • https://helpx.adobe.com/security/products/acrobat/apsb24-57.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41834 – ZDI-CAN-24311: Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-41834
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. • https://helpx.adobe.com/security/products/acrobat/apsb24-57.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34130 – Acrobat Android : OverSecured Finding : Access to arbitrary* content providers via insecure Intent configuration
https://notcve.org/view.php?id=CVE-2024-34130
Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could exploit this vulnerability to access confidential information. Exploitation of this issue does not require user interaction. Las versiones 24.4.2.33155 y anteriores de Acrobat Mobile Sign para Android se ven afectadas por una vulnerabilidad de autorización incorrecta que podría provocar la omisión de una función de seguridad. Un atacante podría aprovechar esta vulnerabilidad para acceder a información confidencial. • https://helpx.adobe.com/security/products/acrobat-android/apsb24-50.html • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34129 – Acrobat Android : OverSecured Finding : Overwriting arbitrary files via attacker-controlled output file paths
https://notcve.org/view.php?id=CVE-2024-34129
Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to access files and directories that are outside the restricted directory and also to overwrite arbitrary files. Exploitation of this issue does not requires user interaction and attack complexity is high. Las versiones 24.4.2.33155 y anteriores de Acrobat Mobile Sign para Android se ven afectadas por una vulnerabilidad de limitación inadecuada de un nombre de ruta a un directorio restringido ("Path Traversal") que podría provocar una omisión de la función de seguridad. Un atacante podría aprovechar esta vulnerabilidad para acceder a archivos y directorios que están fuera del directorio restringido y también para sobrescribir archivos arbitrarios. • https://helpx.adobe.com/security/products/acrobat-android/apsb24-50.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30279 – ZDI-CAN-22887: Adobe Acrobat Reader DC JPEG2000 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30279
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones de Acrobat Reader 20.005.30574, 24.002.20736 y anteriores se ven afectadas por una vulnerabilidad de escritura fuera de los límites que podría provocar la ejecución de código arbitrario en el contexto del usuario actual. La explotación de este problema requiere la interacción del usuario, ya que la víctima debe abrir un archivo malicioso. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. • https://helpx.adobe.com/security/products/acrobat/apsb24-29.html • CWE-787: Out-of-bounds Write •