CVSS: 10.0EPSS: 2%CPEs: 52EXPL: 0CVE-2012-0776
https://notcve.org/view.php?id=CVE-2012-0776
The installer in Adobe Reader 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors. El instalador en Adobe Reader v9.x anteriores a v9.5.1 y v10.x anterior a la v10.1.3 permite a atacantes evitar las restricciones de acceso y ejecutar código a través de vectores no especificados. • http://www.adobe.com/support/security/bulletins/apsb12-08.html http://www.securitytracker.com/id?1026908 http://www.us-cert.gov/cas/techalerts/TA12-101B.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15270 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 22%CPEs: 53EXPL: 0CVE-2011-4369 – acroread: unspecified vulnerability in PRC component (APSB11-30)
https://notcve.org/view.php?id=CVE-2011-4369
Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011. Vulnerabilidad sin especificar en el componente PRC de Adobe Reader y Acrobat 9.x en versiones anteriores a la 9.4.7 en Windows, Adobe Reader y Acrobat 9.x hasta la 9.4.6 en Mac OS X, Adobe Reader y Acrobat 10.x hasta la 10.1.1 en Windows y Mac OS X, y Adobe Reader 9.x hasta la 9.4.6 en UNIX. Permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de vectores desconocidos, como se ha explotado en diciembro del 2011. • http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html http://www.adobe.com/support/security/bulletins/apsb11-30.html http://www.adobe.com/support/security/bulletins/apsb12-01.html http://www.redhat.com/support/errata/RHSA-2012-0011.html http://www.securityfocus.com/bid/51092 http://www.us-cert.gov/cas/techalerts/TA11-350A.html https://oval.cisecurity.org/repository/search/definition/oval%3Ao •
CVSS: 10.0EPSS: 97%CPEs: 6EXPL: 1CVE-2011-2462 – Adobe Acrobat and Reader Universal 3D Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2011-2462
Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011. Vulnerabilidad no especificada en el componente de U3D en Adobe Reader y Acrobat v10.1.1 y versiones anteriores para Windows y Mac OS X, y Adobe Reader v9.x hasta v9.4.6 en UNIX, permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria) a través de vectores desconocidos, explotado "in the wild" en diciembre de 2011. The Universal 3D (U3D) component in Adobe Acrobat and Reader contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS). • https://www.exploit-db.com/exploits/18366 http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html http://www.adobe.com/support/security/advisories/apsa11-04.html http://www.adobe.com/support/security/bulletins/apsb11-30.html http://www.adobe.com/support/security/bulletins/apsb12-01.html http://www.redhat.com/support/errata/RHSA-2012-0011.html http://www.us-cert.gov/cas/techalerts/TA11-350A • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 1%CPEs: 74EXPL: 0CVE-2011-2438 – Adobe Reader BMP Image RLE Decoding Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2438
Multiple stack-based buffer overflows in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors. Múltiples desbordamientos de búfer basados en pila en la librería image-parsing en Adobe Reader y Acrobat v8.x antes de v8.3.1, v9.x antes de v9.4.6, y v10.x antes de v10.1.1, permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe Image parsing library. When Adobe Reader tries to parse an malformed .BMP image containing Run Length Encoded data it fails to perform sufficient boundary checks on the data. • http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html http://www.adobe.com/support/security/bulletins/apsb11-24.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13892 https://access.redhat.com/security/cve/CVE-2011-2438 https://bugzilla.redhat.com/show_bug.cgi?id=749381 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 74EXPL: 0CVE-2011-2442 – acroread: multiple code execution flaws (APSB11-24)
https://notcve.org/view.php?id=CVE-2011-2442
Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error vulnerability." Adobe Reader y Acrobat v8.x antes de v8.3.1, v9.x antes de v9.4.6, y v10.x antes de v10.1.1, permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados, relacionado con una "vulnerabilidad de error lógico". • http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html http://www.adobe.com/support/security/bulletins/apsb11-24.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14042 https://access.redhat.com/security/cve/CVE-2011-2442 https://bugzilla.redhat.com/show_bug.cgi?id=749381 • CWE-20: Improper Input Validation •