Page 44 of 301 results (0.007 seconds)

CVSS: 9.3EPSS: 17%CPEs: 49EXPL: 0

CVE-2010-3621 – Adobe Reader ICC Parsing Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2010-3621

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658. Adobe Reader y Acrobat v8.x anterior a v8.2.5 y v9.x anterior a v9.4 en Windows y Mac OS X, permite a atacantes ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. Una vulnerabilidad diferente de CVE-2010-2890, CVE-2010-3619, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, y CVE-2010-3658. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required in that a target must be coerced into opening a file or visiting a web page. The specific flaw exists within the ACE.dll module responsible for parsing ICC streams. • http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://secunia.com/advisories/43025 http://security.gentoo.org/glsa/glsa-201101-08.xml http://www.adobe.com/support/security/bulletins/apsb10-21.html http://www.redhat.com/support/errata/RHSA-2010-0743.html http://www.us-cert.gov/cas/techalerts/TA10-279A.html http://www.vupen.com/english/advisories/2011/0191 https://oval.cisecurit • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 17%CPEs: 49EXPL: 0

CVE-2010-3622 – Adobe Acrobat Reader ICC mluc Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2010-3622

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658. Vulnerabilidad no especificada en Adobe Reader y Acrobat v8.x anterior a v8.2.5 y v9.x anterior a v9.4 permite a atacantes ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente de CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3628, CVE-2010-3632, y CVE-2010-3658. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required in that a target must be coerced into opening a file or visiting a web page. The specific flaw exists within the ACE.dll module responsible for parsing ICC streams. Within the 'desc' tag there exists an embedded 'mluc' data structure. • http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://secunia.com/advisories/43025 http://security.gentoo.org/glsa/glsa-201101-08.xml http://www.adobe.com/support/security/bulletins/apsb10-21.html http://www.redhat.com/support/errata/RHSA-2010-0743.html http://www.us-cert.gov/cas/techalerts/TA10-279A.html http://www.vupen.com/english/advisories/2011/0191 https://oval.cisecurit • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 83%CPEs: 164EXPL: 0

CVE-2010-2884 – Flash: crash or potential arbitrary code execution (APSB10-22)

https://notcve.org/view.php?id=CVE-2010-2884

Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010. Vulnerabilidad sin especificar en Adobe Flash Player v10.1.82.76 y anteriores para Windows, Macintosh, Linux, Solaris; Flash Player v10.1.92.10 para Android; Reader v9.3.4 para Windows, Macintosh and UNIX; y Acrobat v9.3.4 y anteriores para Windows y Macintosh permite a los atacantes remotos causar una denegación de servicio (caída) y ejecutar código a su elección a través de vectores desconocidos, se explota activamente desde Septiembre de 2010. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://secunia.com/advisories/41434 http://secunia.com/advisories/41435 http://secunia.com/advisories/41443 http://secunia.com/advisories/41526 http://secunia.com/advisories/43025 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-08. •

CVSS: 9.3EPSS: 96%CPEs: 8EXPL: 2

CVE-2010-2883 – Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2010-2883

Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information. Un desbordamiento de búfer en la región stack de la memoria en la biblioteca CoolType.dll en Adobe Reader y Acrobat versión 9.x anterior a 9.4 y versión 8.x anterior a 8.2.5 en Windows y Mac OS X, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de un documento PDF con un campo largo en una tabla Smart INdependent Glyphlets (SING) en una fuente TTF, tal y como se explotó “in the wild” en septiembre de 2010. NOTA: algunos de estos datos se consiguen de la información de terceros. Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS). • https://www.exploit-db.com/exploits/16619 https://www.exploit-db.com/exploits/16494 http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html http://community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspx http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://secunia.com/advisories/41340 http:/ • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 9.3EPSS: 5%CPEs: 48EXPL: 0

CVE-2010-1285 – acroread: multiple code execution flaws (APSB10-15)

https://notcve.org/view.php?id=CVE-2010-1285

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified manipulations involving the newclass (0x58) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-2168 and CVE-2010-2201. Adobe Reader y Acrobat versión 9.x anterior a 9.3.3 y versión 8.x anterior a 8.2.3 en Windows y Mac OS X, permiten a los atacantes ejecutar código arbitrario por medio de manipulaciones no especificadas que involucre el operador newclass (0x58) y una "invalid pointer vulnerability" que desencadena corrupción de memoria, esta es una vulnerabilidad diferente a los CVE-2010-2168 y CVE-2010-2201. • http://www.adobe.com/support/security/bulletins/apsb10-15.html http://www.securityfocus.com/archive/1/512099 http://www.securityfocus.com/bid/41232 http://www.securitytracker.com/id?1024159 http://www.vupen.com/english/advisories/2010/1636 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6725 https://access.redhat.com/security/cve/CVE-2010-1285 https://bugzilla.redhat.com/show_bug.cgi?id=609203 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •