CVSS: 9.3EPSS: 29%CPEs: 74EXPL: 0CVE-2011-2435 – Adobe Reader PICT Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2435
Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búffer en Adobe Reader y Acrobat v8.x antes de v8.3.1, v9.x antes de v9.4.6, y v10.x antes de v10.1.1, permite a atacanes remotos ejecutar código de su elección a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe 2D.x3d PICT image parsing routines. When Adobe Reader parses an PICT image it uses a static buffer to store certain image header values. • http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html http://www.adobe.com/support/security/bulletins/apsb11-24.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14143 https://access.redhat.com/security/cve/CVE-2011-2435 https://bugzilla.redhat.com/show_bug.cgi?id=749381 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 29%CPEs: 74EXPL: 0CVE-2011-2441 – Adobe Reader Compound Glyph Index Sign Extension Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2441
Multiple stack-based buffer overflows in CoolType.dll in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors. Múltiples desbordamientos de búfer basados en pila en CoolType.dll in Adobe Reader y Acrobat v8.x antes de v8.3.1, v9.x antes de v9.4.6, y v10.x antes de v10.1.1, permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Adobe Reader handles compound glyphs. When a glyph has more then 0x7FFF 'numberOfContours' a sign extension occurs resulting in a buffer under-read. • http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html http://www.adobe.com/support/security/bulletins/apsb11-24.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14044 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 74EXPL: 0CVE-2011-2439 – acroread: multiple code execution flaws (APSB11-24)
https://notcve.org/view.php?id=CVE-2011-2439
Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "memory leakage condition vulnerability." Adobe Reader y Acrobat v8.x antes de v8.3.1, v9.x antes de v9.4.6 y v10.x antes de v10.1.1, permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados, relacionado con una "vulnerabilidad de condición de pérdida de memoria". • http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html http://www.adobe.com/support/security/bulletins/apsb11-24.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14041 https://access.redhat.com/security/cve/CVE-2011-2439 https://bugzilla.redhat.com/show_bug.cgi?id=749381 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 2%CPEs: 74EXPL: 0CVE-2011-2431 – acroread: multiple code execution flaws (APSB11-24)
https://notcve.org/view.php?id=CVE-2011-2431
Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "security bypass vulnerability." Adobe Reader y Acrobat v8.x antes de v8.3.1, v9.x antes de v9.4.6, y v10.x antes de v10.1.1, permite a atacanes remotos ejecutar código de su elección a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html http://www.adobe.com/support/security/bulletins/apsb11-24.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14022 https://access.redhat.com/security/cve/CVE-2011-2431 https://bugzilla.redhat.com/show_bug.cgi?id=749381 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 29%CPEs: 74EXPL: 0CVE-2011-2432 – Adobe Reader U3D TIFF Resource Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2432
Buffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búffer en U3D TIFF Resource en Adobe Reader y Acrobat v8.x antes de v8.3.1, v9.x antes de v9.4.6, y v10.x antes de v10.1.1, permite a atacanes remotos ejecutar código de su elección a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within because Adobe Reader X includes an old version of libtiff. Adobe can be tricked in using this library by parsing a specially crafted PDF file containing U3D data. • http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html http://www.adobe.com/support/security/bulletins/apsb11-24.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14031 https://access.redhat.com/security/cve/CVE-2011-2432 https://bugzilla.redhat.com/show_bug.cgi?id=749381 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •