CVSS: 9.3EPSS: 95%CPEs: 2EXPL: 2CVE-2007-5659 – Adobe Acrobat and Reader Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-5659
12 Feb 2008 — Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655. Múltiples desbordamientos de búfer en Adobe Reader and Acrobat 8.1.1 y anteriores permiten a atacantes remotos ejecutar código de su elección a través de ficheros PDF con argumentos largos de métodos no especificados de JavaScript. NOTA: esta cuestión podría ser subsu... • https://www.exploit-db.com/exploits/31114 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.3EPSS: 32%CPEs: 2EXPL: 0CVE-2007-5663 – acroread JavaScript Insecure Method Exposure
https://notcve.org/view.php?id=CVE-2007-5663
12 Feb 2008 — Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655. Adobe Reader y Acrobat 8.1.1 y anteriores permite a atacantes remotos ejecutar código de su elección a través de un archivo PDF manipulado que llama a un método JavaScript inseguro en el complemento EScript.api. NOTA: este problema podría estar incluido en CVE-2008-0655. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=656 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-5666 – acroread JavaScript Insecure Libary Search Path
https://notcve.org/view.php?id=CVE-2007-5666
12 Feb 2008 — Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current working directory. NOTE: this issue might be subsumed by CVE-2008-0655. Vulnerabilidad de ruta de búsqueda no confiable en Adobe Reader y Acrobat 8.1.1 y anteriores permite a usuarios locales ejecutar código de su elección a través de una librería maliciosa del proveedor de Seguridad en el directorio de trabajo actual... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=655 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 47%CPEs: 2EXPL: 0CVE-2008-0726 – Adobe Acrobat Javascript for PDF Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-0726
11 Feb 2008 — Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption. Desbordamiento de tipo integer en Adobe Reader y Acrobat 8.1.1 y anteriores. Permite a atacantes remotos ejecutar código de su elección a través de argumentos manipulados a los printSepsWithParams, lo que dispara corrupción de memoria. This vulnerability allows remote attackers to execute arbitrary code on vulnera... • http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00007.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 40%CPEs: 2EXPL: 1CVE-2008-0655 – Adobe Acrobat and Reader Unspecified Vulnerability
https://notcve.org/view.php?id=CVE-2008-0655
07 Feb 2008 — Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors. Múltiples vulnerabilidades no especificadas en Adobe Reader y Acrobat anterior a la versión 8.1.2 tienen vectores de impacto y ataque desconocidos. Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times. • http://blogs.adobe.com/acroread/2008/02/adobe_reader_812_for_linux_and.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 36%CPEs: 36EXPL: 1CVE-2007-0048
https://notcve.org/view.php?id=CVE-2007-0048
03 Jan 2007 — Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue." El Plugin de Adobe Acrobat Reader anterior al 8.0.0., cuando se usa con el Internet Explorer, permite a atacantes remo... • http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf •
CVSS: 6.1EPSS: 88%CPEs: 36EXPL: 5CVE-2007-0045
https://notcve.org/view.php?id=CVE-2007-0045
03 Jan 2007 — Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, o... • http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 56%CPEs: 36EXPL: 2CVE-2007-0044 – Adobe Reader 9.1.3 Plugin - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-0044
03 Jan 2007 — Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding." Adobe Acrobat Reader Plugin anterior a la versión 8.0.0 para los navegadores Firefox, Internet Explorer y Opera permite a atacantes remotos forzar al navegador a realizar... • https://www.exploit-db.com/exploits/29383 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.3EPSS: 88%CPEs: 54EXPL: 0CVE-2006-5857
https://notcve.org/view.php?id=CVE-2006-5857
31 Dec 2006 — Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering. Adobe Reader y Acrobat 7.0.8 y anteriores permite a atacantes remotos con la intervención del usuario ejecutar código mediante un archivo PDF manipulado que dispara una corrupción de memoria y sobrescribe un puntero de subrutina durante el dibujado. • http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0200.html • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2006-3452
https://notcve.org/view.php?id=CVE-2006-3452
12 Jul 2006 — Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure file and directory permissions, which allows local users to gain privileges by overwriting program files. Adobe Reader y Acrobat 6.0.4 y anteriores en Mac OSX, tiene un archivo y permisos de directorio inseguros, lo que permite a usuarios locales obtener privilegios sobrescribiendo archivos de programa. • http://secunia.com/advisories/21016 •