CVSS: 9.3EPSS: 11%CPEs: 48EXPL: 0CVE-2010-2212 – acroread: multiple code execution flaws (APSB10-15)
https://notcve.org/view.php?id=CVE-2010-2212
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containing Flash content with a crafted #1023 (3FFh) tag, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2211. Un desbordamiento de búfer en Adobe Reader y Acrobat versión 9.x anterior a 9.3.3 y versión 8.x anterior a 8.2.3 en Windows y Mac OS X, permite a los atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) por medio de un archivo PDF que contiene contenido Flash con una etiqueta #1023 (3FFh) creada, esta es una vulnerabilidad diferente a los CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210 y CVE-2010-2211. • http://www.adobe.com/support/security/bulletins/apsb10-15.html http://www.securityfocus.com/archive/1/512095/100/0/threaded http://www.securitytracker.com/id?1024159 http://www.vupen.com/english/advisories/2010/1636 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6798 https://access.redhat.com/security/cve/CVE-2010-2212 https://bugzilla.redhat.com/show_bug.cgi?id=609203 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 2%CPEs: 48EXPL: 1CVE-2010-2204 – Adobe Reader 9.3.2 - 'CoolType.dll' Remote Memory Corruption / Denial of Service
https://notcve.org/view.php?id=CVE-2010-2204
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Vulnerabilidad sin especificar en Adobe Reader y Acrobat v9.x anteriores a v9.3.3, y v8.x anteriores a v8.2.3 en Windows y Mac OS X, permite a atacantes generar una denegación de servicio o ejecutar código arbitrario mediante vectores desconocidos Adobe Reader suffers from a remote memory corruption vulnerability that causes the application to crash while processing the malicious .PDF file. The issue is triggered when the reader tries to initialize the CoolType Typography Engine (cooltype.dll). Version 9.3.2 is affected. • https://www.exploit-db.com/exploits/14121 http://www.adobe.com/support/security/bulletins/apsb10-15.html http://www.securityfocus.com/bid/41231 http://www.securitytracker.com/id?1024159 http://www.vupen.com/english/advisories/2010/1636 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7242 https://access.redhat.com/security/cve/CVE-2010-2204 https://bugzilla.redhat.com/show_bug.cgi?id=609203 •
CVSS: 10.0EPSS: 27%CPEs: 48EXPL: 0CVE-2010-2202 – Adobe Reader CLOD Progressive Mesh Continuation Resolution Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2202
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. Vulnerabilidad en Adobe Reader y Acrobat v9.x anteriores a v9.3.3, y v8.x anteriores a v8.2.3 en Windows y Mac OS X, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores desconocidos, una vulnerabilidad distinta a CVE-2010-1295, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application parses a PDF file containing a malformed CLOD Progressive Mesh Continuation Resolution Update. Specific values can cause a memory corruption during floating point operations which can be subsequently leveraged to achieve arbitrary code execution under the privileges of the current user. • http://www.adobe.com/support/security/bulletins/apsb10-15.html http://www.securityfocus.com/bid/41234 http://www.securitytracker.com/id?1024159 http://www.vupen.com/english/advisories/2010/1636 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7336 https://access.redhat.com/security/cve/CVE-2010-2202 https://bugzilla.redhat.com/show_bug.cgi?id=609203 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 43%CPEs: 28EXPL: 0CVE-2010-1278 – Adobe Download Manager Atlcom.get_atlcom ActiveX Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1278
Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in Adobe Download Manager, as used in Adobe Reader and Acrobat 8.x before 8.2 and 9.x before 9.3, allows remote attackers to execute arbitrary code via unspecified parameters. Desbordamiento de búfer en el control ActiveX Atlcom.get_atlcom de gp.ocx de Adobe Download Manager, como el que se utiliza en Adobe Reader y Acrobat v8.x anterior a 8.2 y v9.x anterior a 9.3, permite a atacantes remotos ejecutar código de su elección mediante parámetros no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Download Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the gp.ocx ActiveX control. This control has a CLSID of {E2883E8F-472F-4fb0-9522-AC9BF37916A7} and the ProgID Atlcom.get_atlcom. • http://www.adobe.com/support/security/bulletins/apsb10-02.html http://www.securityfocus.com/archive/1/510868/100/0/threaded http://www.securitytracker.com/id?1023908 http://www.zerodayinitiative.com/advisories/ZDI-10-077 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7500 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 40EXPL: 0CVE-2010-0190 – Acroread: Multiple code execution flaws (APSB10-09)
https://notcve.org/view.php?id=CVE-2010-0190
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Adobe Reader y Acrobat v9.x anterior v9.3.2, y v8.x anteior v8.2.2 en Windows y Mac OS X, permite a atacantes remotos inyectar código web o HTML de su elección a través de vectores no especificados. • http://www.adobe.com/support/security/bulletins/apsb10-09.html http://www.securityfocus.com/bid/39329 http://www.us-cert.gov/cas/techalerts/TA10-103C.html http://www.vupen.com/english/advisories/2010/0873 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6986 https://access.redhat.com/security/cve/CVE-2010-0190 https://bugzilla.redhat.com/show_bug.cgi?id=581417 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •