CVSS: 6.9EPSS: 0%CPEs: 57EXPL: 0CVE-2011-0562 – acroread: critical APSB11-03
https://notcve.org/view.php?id=CVE-2011-0562
Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0570 and CVE-2011-0588. Vulnerabilidad de ruta de búsqueda no confiable en Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.x anterior a v8.2.6 en Windows permite a usuarios locales conseguir privilegios a través de un archivo DLL Caballo de Troya en el directorio de trabajo actual, una vulnerabilidad diferente de CVE-2011-0570 y CVE-2011-0588. • http://secunia.com/advisories/43470 http://www.acrossecurity.com/aspr/ASPR-2011-02-11-1-PUB.txt http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/archive/1/516399/100/0/threaded http://www.securityfocus.com/bid/46252 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 https://ov •
CVSS: 9.3EPSS: 0%CPEs: 57EXPL: 0CVE-2011-0564
https://notcve.org/view.php?id=CVE-2011-0564
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows use weak permissions for unspecified files, which allows attackers to gain privileges via unknown vectors. Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.x anterior a v8.2.6 en Windows utiliza permisos débiles para archivos sin especificar, que permite a los atacantes obtener privilegios a través de vectores desconocidos. • http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12548 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 59EXPL: 0CVE-2011-0587 – acroread: multiple XSS flaws (APSB11-03)
https://notcve.org/view.php?id=CVE-2011-0587
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0604. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.x anterior a v8.2.6 en Windows y Mac OS X permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, una vulnerabilidad diferente de CVE-2011-0604. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/bid/46251 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 https://exchange.xforce.ibmcloud.com/vulnerabilities/65292 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12217 htt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.9EPSS: 0%CPEs: 57EXPL: 0CVE-2011-0588
https://notcve.org/view.php?id=CVE-2011-0588
Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0562 and CVE-2011-0570. Vulnerabilidad de búsqueda en ruta no confiable en Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.x anterior a v8.2.6 en Windows permite a usuarios locales conseguir privilegios a través de un archivo DLL caballo de Troya en el directorio de trabajo actual, una vulnerabilidad diferente de CVE-2011-0562 y CVE-2011-0570. • http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.securityfocus.com/bid/46254 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 https://exchange.xforce.ibmcloud.com/vulnerabilities/65293 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12378 •
CVSS: 4.3EPSS: 0%CPEs: 59EXPL: 0CVE-2011-0604 – acroread: multiple XSS flaws (APSB11-03)
https://notcve.org/view.php?id=CVE-2011-0604
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0587. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.0 anterior a v8.2.6 en Windows y Mac OS X permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, una vulnerabilidad diferente a CVE-2011-0587. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/bid/46217 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 https://exchange.xforce.ibmcloud.com/vulnerabilities/65307 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12592 htt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •