Page 50 of 391 results (0.015 seconds)

CVSS: 9.3EPSS: 4%CPEs: 75EXPL: 0

Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2094 and CVE-2011-2097. Desbordamiento de búfer en Adobe Reader y Acrobat v8.x antes de v8.3, v9.x antes de v9.4.5, y v10.x antes de v10.1 en Windows y Mac OS X permite a los atacantes ejecutar código de su elección a través de vectores no especificados, una vulnerabilidad diferente a CVE-2011-2094 y CVE-2011-2097. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application explicitly trusting a string's length embedded within a particular file that is loaded by the tesselate.x3d plugin. The application will duplicate an arbitrarily sized string from the file into a statically sized buffer located on the stack. • http://www.adobe.com/support/security/bulletins/apsb11-16.html http://www.securitytracker.com/id?1025658 http://www.us-cert.gov/cas/techalerts/TA11-166A.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13983 https://access.redhat.com/security/cve/CVE-2011-2095 https://bugzilla.redhat.com/show_bug.cgi?id=720622 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 4%CPEs: 75EXPL: 0

Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2095 and CVE-2011-2097. Desbordamiento de búfer en Adobe Reader 8.x, anterior de Acrobat 8.3, 9.x anterior de 9.4.5, y 10.x anteror de 10.1 en Windows y Mac OS X que permite a los atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente de CVE-2011 -2095 y CVE-2011-2097. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application explicitly trusting a string's length embedded within a particular file loaded by the 3difr.x3d component. The application will duplicate an arbitrarily sized string into a statically sized buffer located on the stack. • http://www.adobe.com/support/security/bulletins/apsb11-16.html http://www.securitytracker.com/id?1025658 http://www.us-cert.gov/cas/techalerts/TA11-166A.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13747 https://access.redhat.com/security/cve/CVE-2011-2094 https://bugzilla.redhat.com/show_bug.cgi?id=720622 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 138EXPL: 0

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site scripting vulnerability." Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Adobe Flash Player anteriores a v10.3.181.22 en Windows, Mac OS X, Linux, y Solaris, y v10.3.185.22 y anteriores en Android, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores desconocidos, relacionado con "vulnerabilidad universal de ejecución de comandos en sitios cruzados". • http://googlechromereleases.blogspot.com/2011/06/stable-channel-update.html http://secunia.com/advisories/44846 http://secunia.com/advisories/44847 http://secunia.com/advisories/44871 http://secunia.com/advisories/44872 http://secunia.com/advisories/44946 http://secunia.com/advisories/48308 http://www.adobe.com/support/security/bulletins/apsb11-13.html http://www.blackberry.com/btsc/KB27240 http://www.redhat.com/support/errata/RHSA-2011-0850.html http://www.securityfocus.com/bid&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 1%CPEs: 59EXPL: 0

The CoolType library in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. La librería CoolType v9.x en Adobe Reader antes de v9.4.4 y v10.x hasta v10.0.1 para Windows, Adobe Reader v9.x antes de v9.4.4 y v10.x antes de v10.0.3 para MacOS X, y Adobe Acrobat v9.x antes de v9.4.4 y v10.x antes de v10.0.3 para Windows y MacOS X permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. • http://www.adobe.com/support/security/bulletins/apsb11-08.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13967 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 97%CPEs: 28EXPL: 5

Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011. Adobe Flash Player anterior a la versión 10.2.154.27 en Windows, Mac OS X, Linux y Solaris y 10.2.156.12 y versiones anteriores en Android; Adobe AIR anterior a versión 2.6.19140; y Authplay.dll (también se conoce como AuthPlayLib.bundle) en Adobe Reader versión 9.x anterior a 9.4.4 y versión 10.x hasta 10.0.1 en Windows, Adobe Reader versión 9.x anterior a 9.4.4 y versión 10.x anterior a 10.0.3 en Mac OS X y Adobe Acrobat versión 9.x anterior a 9.4.4 y versión 10.x anterior a 10.0.3 en Windows y Mac OS X permiten a los atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (bloqueo de aplicación) por medio del contenido Flash creado; como lo demuestra un documento de Microsoft Office con un archivo.swf insertado que tiene una inconsistencia de tamaño en un "group of included constants", objeto de type confusion, ActionScript que agrega funciones personalizadas a los prototipos y date objects; y como explotados en la naturaleza en abril de 2011. Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content. • https://www.exploit-db.com/exploits/17473 https://www.exploit-db.com/exploits/17175 http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html http://lists.opensuse.org/open • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •