CVE-2011-0592 – Adobe Acrobat Reader U3D Texture bmp RLE Decompression Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0592
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to "Texture bmp," a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600. Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.x anterior a v8.2.6 en Windows y Mac OS X permite a atacantes remotos ejecutar código de su elección a través de un archivo 3D, una vulnerabilidad diferente de CVE-2011-0590, CVE-2011-0591, CVE-2011-0593, CVE-2011-0595, y CVE-2011-0600. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of an image format supported by the Universal 3D compressed file format. When decoding the image data provided by the file, the application will one size for allocating space for the destination buffer and then trust the data when decompressing into that buffer. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/bid/46210 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 http://www.zerodayinitiative.com/advisories/ZDI-11-068 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11819 htt • CWE-20: Improper Input Validation •
CVE-2010-4091 – Acrobat Reader 9.4 - Memory Corruption
https://notcve.org/view.php?id=CVE-2010-4091
The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information. El plugin EScript.api en Adobe Reader y Acrobat versión 10.x anterior a 10.0.1, versión 9.x anterior a 9.4.1 y versión 8.x anterior a 8.2.6 en Windows y Mac OS X, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de un documento PDF creado que desencadena una corrupción de memoria, que involucran a la función printSeps. NOTA: algunos de estos datos se consiguen de la información de terceros. • https://www.exploit-db.com/exploits/15419 http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.html http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html http://osvdb.org/69005 http://secunia.com/advisories/42095 http://secunia.com/advisories/42401 http://secunia.com/advisories/43025 http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-3658 – acroread: multiple code execution flaws (APSB10-21)
https://notcve.org/view.php?id=CVE-2010-3658
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3632. Adobe Reader y Acrobat v9.x anterior a v9.4, y v8.x anterior a v8.2.5 en Windows y Mac OS X, permite a atacantes ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de vectores sin especificar. Una vulnerabilidad diferente de CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3632. • http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://secunia.com/advisories/43025 http://security.gentoo.org/glsa/glsa-201101-08.xml http://www.adobe.com/support/security/bulletins/apsb10-21.html http://www.redhat.com/support/errata/RHSA-2010-0743.html http://www.us-cert.gov/cas/techalerts/TA10-279A.html http://www.vupen.com/english/advisories/2011/0191 https://oval.cisecurit • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-2890 – acroread: multiple code execution flaws (APSB10-21)
https://notcve.org/view.php?id=CVE-2010-2890
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658. Adobe Reader y Acrobat v8.x anterior a v8.2.5 y v9.x anterior a v9.4 en Windows y Mac OS X, permite a atacantes ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. Una vulnerabilidad diferente de CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, y CVE-2010-3658. • http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://secunia.com/advisories/43025 http://security.gentoo.org/glsa/glsa-201101-08.xml http://www.adobe.com/support/security/bulletins/apsb10-21.html http://www.redhat.com/support/errata/RHSA-2010-0743.html http://www.us-cert.gov/cas/techalerts/TA10-279A.html http://www.vupen.com/english/advisories/2011/0191 https://oval.cisecurit • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-3624
https://notcve.org/view.php?id=CVE-2010-3624
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via a crafted image. Vulnerabilidad no especificada en Adobe Reader y Acrobat v8.x anterior a v8.2.5 y v9.x anterior a v9.4 en Mac OS X, permite a atacantes ejecutar código de su elección a través de una imagen manipulada. • http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://www.adobe.com/support/security/bulletins/apsb10-21.html http://www.us-cert.gov/cas/techalerts/TA10-279A.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14402 • CWE-20: Improper Input Validation •