Page 40 of 222 results (0.013 seconds)

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH. Vulnerabilidad de ruta de búsqueda no confiable en Adobe Reader y Acrobat 8.1.2 y anteriores en Unix y Linux; permite a los atacantes ganar privilegios mediante un programa troyano en un directorio no especificado que está asociado a una RPATH no segura. • http://download.oracle.com/sunalerts/1019937.1.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://secunia.com/advisories/32700 http://secunia.com/advisories/32872 http://www.adobe.com/support/security/bulletins/apsb08-19.html http://www.redhat.com/support/errata/RHSA-2008-0974.html http://www.securityfocus.com/bid/32100 http://www.securitytracker.com/id?1021140 http://www.us-cert.gov/cas/techalerts/TA08-309A.html http://www.vupen.com/eng • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 38%CPEs: 8EXPL: 0

Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an "input validation issue." Vulnerabilidad no especificada en un método JavaScript en Adobe Reader y Acrobat 8.1.2 y anteriores permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos. Esté relacionado con un "tema de validación de entrada". • http://download.oracle.com/sunalerts/1019937.1.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://secunia.com/advisories/32700 http://secunia.com/advisories/32872 http://www.adobe.com/support/security/bulletins/apsb08-19.html http://www.adobe.com/support/security/bulletins/apsb09-04.html http://www.redhat.com/support/errata/RHSA-2008-0974.html http://www.securityfocus.com/bid/32100 http://www.securitytracker.com/id?1021140 http://www.skyrecon • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 42%CPEs: 8EXPL: 0

Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts. Error de índice de array en Adobe Reader y Acrobat, y la extensión de Explorer (también conocida como AcroRd32Info), v8.1.2, v8.1.1 y anteriores; permite a atacantes remotos ejecutar código de su elección a través de un documento PDF manipulado que provoca una escritura fuera de rango. Está relacionado con la validación de Tipo de fuentes 1. • http://download.oracle.com/sunalerts/1019937.1.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=755 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://secunia.com/advisories/32700 http://secunia.com/advisories/32872 http://secunia.com/advisories/35163 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609 http://www.adobe.com/support/security/bulletins/apsb08- • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 43%CPEs: 9EXPL: 0

The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption. El Gestor de Descargas (Download Manager) de Adobe Acrobat Professional y Reader v8.1.2 y anteriores; permite a atacantes remotos ejecutar código de su elección a través de un documento PDF manipulado que llama a una función AcroJS con un argumento de cadena larga provocando una corrupción del montículo. • http://download.oracle.com/sunalerts/1019937.1.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=756 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://osvdb.org/49541 http://secunia.com/advisories/32700 http://secunia.com/advisories/32872 http://www.adobe.com/support/security/bulletins/apsb08-19.html http://www.redhat.com/support/errata/RHSA-2008-0974.html http://www.securitytracker.com/id?1021140 http://www.us-cert.gov/ca • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 76%CPEs: 8EXPL: 0

Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj method; or (2) contains a malformed PDF object that triggers memory corruption during parsing. Adobe Reader y Acrobat v8.1.2 y anteriores; permiten a atacantes remotos ejecutar código de su elección a través de un PDF manipulado que (1) realiza acciones no especificadas en un objecto Collab que provoca una corrupción de memoria, relacionado con le método GetCosObj; o (2) contiene un objecto PDF mal formado que provoca una corrupción de memoria en una validación. This vulnerability allows remote attackers to execute code on vulnerable installations of Adobe Acrobat. User interaction is required in that a user must visit a malicious web site. The specific flaw exists when processing malicious javascript contained in a PDF document. When creating a Collab object and performing a specific sequence of actions on it, memory corruption occurs potentially resulting in remote code execution. • http://download.oracle.com/sunalerts/1019937.1.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://secunia.com/advisories/32700 http://secunia.com/advisories/32872 http://securityreason.com/securityalert/4564 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801 http://www.adobe.com/support/security/bulletins/apsb08-19.html http://www.adobe.com/support/security/bulletins/apsb09-04.html http://www.redhat.com/support/errata/RHSA-2008-0974.htm • CWE-399: Resource Management Errors •