Page 40 of 222 results (0.008 seconds)

CVSS: 9.3EPSS: 31%CPEs: 8EXPL: 0

CVE-2008-4814 – Reader: arbitrary code execution via unspecified JavaScript method

https://notcve.org/view.php?id=CVE-2008-4814

Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an "input validation issue." Vulnerabilidad no especificada en un método JavaScript en Adobe Reader y Acrobat 8.1.2 y anteriores permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos. Esté relacionado con un "tema de validación de entrada". • http://download.oracle.com/sunalerts/1019937.1.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://secunia.com/advisories/32700 http://secunia.com/advisories/32872 http://www.adobe.com/support/security/bulletins/apsb08-19.html http://www.adobe.com/support/security/bulletins/apsb09-04.html http://www.redhat.com/support/errata/RHSA-2008-0974.html http://www.securityfocus.com/bid/32100 http://www.securitytracker.com/id?1021140 http://www.skyrecon • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

CVE-2008-4815 – Reader: insecure RPATH flaw

https://notcve.org/view.php?id=CVE-2008-4815

Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH. Vulnerabilidad de ruta de búsqueda no confiable en Adobe Reader y Acrobat 8.1.2 y anteriores en Unix y Linux; permite a los atacantes ganar privilegios mediante un programa troyano en un directorio no especificado que está asociado a una RPATH no segura. • http://download.oracle.com/sunalerts/1019937.1.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://secunia.com/advisories/32700 http://secunia.com/advisories/32872 http://www.adobe.com/support/security/bulletins/apsb08-19.html http://www.redhat.com/support/errata/RHSA-2008-0974.html http://www.securityfocus.com/bid/32100 http://www.securitytracker.com/id?1021140 http://www.us-cert.gov/cas/techalerts/TA08-309A.html http://www.vupen.com/eng • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 35%CPEs: 8EXPL: 0

CVE-2008-4812 – Reader: embedded font handling out-of-bounds array indexing

https://notcve.org/view.php?id=CVE-2008-4812

Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts. Error de índice de array en Adobe Reader y Acrobat, y la extensión de Explorer (también conocida como AcroRd32Info), v8.1.2, v8.1.1 y anteriores; permite a atacantes remotos ejecutar código de su elección a través de un documento PDF manipulado que provoca una escritura fuera de rango. Está relacionado con la validación de Tipo de fuentes 1. • http://download.oracle.com/sunalerts/1019937.1.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=755 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://secunia.com/advisories/32700 http://secunia.com/advisories/32872 http://secunia.com/advisories/35163 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609 http://www.adobe.com/support/security/bulletins/apsb08- • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 36%CPEs: 9EXPL: 0

CVE-2008-4817 – Reader: Download Manager input validation flaw

https://notcve.org/view.php?id=CVE-2008-4817

The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption. El Gestor de Descargas (Download Manager) de Adobe Acrobat Professional y Reader v8.1.2 y anteriores; permite a atacantes remotos ejecutar código de su elección a través de un documento PDF manipulado que llama a una función AcroJS con un argumento de cadena larga provocando una corrupción del montículo. • http://download.oracle.com/sunalerts/1019937.1.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=756 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://osvdb.org/49541 http://secunia.com/advisories/32700 http://secunia.com/advisories/32872 http://www.adobe.com/support/security/bulletins/apsb08-19.html http://www.redhat.com/support/errata/RHSA-2008-0974.html http://www.securitytracker.com/id?1021140 http://www.us-cert.gov/ca • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 97%CPEs: 64EXPL: 5

CVE-2008-2992 – Adobe Reader and Acrobat Input Validation Vulnerability

https://notcve.org/view.php?id=CVE-2008-2992

Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104. Un desbordamiento de búfer en la región stack de la memoria en Adobe Acrobat y Reader versión 8.1.2 y anteriores, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo PDF que llama a la función JavaScript util.printf con un argumento de cadena de formato creado, un problema relacionado con el CVE-2008-1104. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of embedded Javascript code when opening a PDF. Adobe Acrobat has defined it's own set of Javascript functions that can be used in a PDF file. • https://www.exploit-db.com/exploits/16504 https://www.exploit-db.com/exploits/16624 https://www.exploit-db.com/exploits/6994 https://www.exploit-db.com/exploits/7006 http://download.oracle.com/sunalerts/1019937.1.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://osvdb.org/49520 http://secunia.com/advisories/29773 http://secunia.com/advisories/32700 http://secunia.com/advisories/32872 http://secunia.com/advisories/35163 http://sec • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •