CVE-2011-0594 – acroread: critical APSB11-03
https://notcve.org/view.php?id=CVE-2011-0594
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a font. Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.x anterior a v8.2.6 en Windows y Mac OS X permite a atacantes remotos ejecutar código de su elección a través de una fuente. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/bid/46216 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 https://exchange.xforce.ibmcloud.com/vulnerabilities/65299 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12444 htt • CWE-20: Improper Input Validation •
CVE-2011-0586 – acroread: critical APSB11-03
https://notcve.org/view.php?id=CVE-2011-0586
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X do not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors. Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.x anterior a v8.2.6 en Windows y Mac OS X no valida correctamente la entrada de datos no especificados, que permite a los atacantes ejecutar código arbitrario a través de vectores desconocidos. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/bid/46214 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 https://exchange.xforce.ibmcloud.com/vulnerabilities/65291 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12535 htt • CWE-20: Improper Input Validation •
CVE-2011-0604 – acroread: multiple XSS flaws (APSB11-03)
https://notcve.org/view.php?id=CVE-2011-0604
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0587. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.0 anterior a v8.2.6 en Windows y Mac OS X permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, una vulnerabilidad diferente a CVE-2011-0587. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/bid/46217 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 https://exchange.xforce.ibmcloud.com/vulnerabilities/65307 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12592 htt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-0587 – acroread: multiple XSS flaws (APSB11-03)
https://notcve.org/view.php?id=CVE-2011-0587
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0604. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.x anterior a v8.2.6 en Windows y Mac OS X permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, una vulnerabilidad diferente de CVE-2011-0604. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/bid/46251 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 https://exchange.xforce.ibmcloud.com/vulnerabilities/65292 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12217 htt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-0605
https://notcve.org/view.php?id=CVE-2011-0605
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2 y v8.0 anterior a v8.2.6 en Mac OS X permiten a los atacantes ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria) a través de vectores sin especificar. • http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.securityfocus.com/bid/46200 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 https://exchange.xforce.ibmcloud.com/vulnerabilities/65308 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13890 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •