Page 54 of 300 results (0.008 seconds)

CVSS: 6.8EPSS: 0%CPEs: 50EXPL: 0

Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug mode is enabled, allow attackers to execute arbitrary code via unspecified vectors, related to a "format bug." Adobe Reader y Acrobat v7.x anteriores a v7.1.4, 8.x anteriores a v8.1.7 y v9.x anteriores a v9.2 en Unix, cuando el modo Debug está activado, permite a atacantes ejecutar código de su elección a través de vectores de ataque sin especificar, relacionados con un "bug" (error o fallo de diseño) de formato. • http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.securityfocus.com/bid/36638 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6429 https://access.redhat.com/security/cve/CVE-2009-3462 https://bugzilla.redhat.com/show_bug.cgi?id=528659 •

CVSS: 9.3EPSS: 23%CPEs: 50EXPL: 0

The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information. JavaScript en la API de Acrobat de Adobe Reader y Acrobat v7.x anteriores a v7.1.4, v8.x anteriores a v8.1.7 y v9.x anteriores a v9.2 no implementa apropiadamente el (1) "Privileged Context" (contexto privilegidado) y (2) restricciones de "Safe Path" (ruta segura) para métodos de JavaScript sin especificar. Lo que permite a atacantes remotos crear ficheros de su elección, y posiblemente ejecutar código de su elección, a través del parámetro cPath en un fichero PDF modificado. NOTA: algunos de estos detalles han sido obtenidos de información de terceras partes. • http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.kb.cert.org/vuls/id/257117 http://www.securityfocus.com/bid/36638 http://www.securityfocus.com/bid/36664 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5822 https://access.redhat.com/security/cve/CVE-2009-2993 https:/&#x • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 79%CPEs: 50EXPL: 0

Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998. Adobe Reader y Acrobat v7.x anteriores a v7.1.4, v8.x anteriores a v8.1.7 y v9.x anteriores a v9.2 no validan los datos de entrada apropiadamente, lo que puede permitir a los atacantes ejecutar código de su elección a través de vectores de ataque sin especificar. Es una vulnerabilidad distinta a la CVE-2009-2998. • http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.securityfocus.com/bid/36638 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6499 https://access.redhat.com/security/cve/CVE-2009-3458 https://bugzilla.redhat.com/show_bug.cgi?id=528659 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 1%CPEs: 50EXPL: 0

Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en memoria dinámica (heap) en Adobe Reader y Acrobat v7.x anteriores a v7.1.4, v8.x anteriores a v8.1.7, y v9.x anteriores a v9.2 permite a atacantes ejecutar código de su elección mediante vectores no especificados. • http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.securityfocus.com/bid/36638 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6481 https://access.redhat.com/security/cve/CVE-2009-2997 https://bugzilla.redhat.com/show_bug.cgi?id=528659 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 79%CPEs: 50EXPL: 0

Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458. Adobe Reader y Acrobat v7.x anteriores a v7.1.4, v8.x anteriores a v8.1.7, y v9.x anteriores a v9.2 no valida adecuadamente la entrada, permitiendo a atacantes ejecutar código de su elección mediante vectores no especificados, siendo una vulnerabilidad diferente que CVE-2009-3458. • http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.securityfocus.com/bid/36638 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6418 https://access.redhat.com/security/cve/CVE-2009-2998 https://bugzilla.redhat.com/show_bug.cgi?id=528659 • CWE-20: Improper Input Validation •