Page 54 of 279 results (0.012 seconds)

CVSS: 6.9EPSS: 0%CPEs: 57EXPL: 0

Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0570 and CVE-2011-0588. Vulnerabilidad de ruta de búsqueda no confiable en Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.x anterior a v8.2.6 en Windows permite a usuarios locales conseguir privilegios a través de un archivo DLL Caballo de Troya en el directorio de trabajo actual, una vulnerabilidad diferente de CVE-2011-0570 y CVE-2011-0588. • http://secunia.com/advisories/43470 http://www.acrossecurity.com/aspr/ASPR-2011-02-11-1-PUB.txt http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/archive/1/516399/100/0/threaded http://www.securityfocus.com/bid/46252 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 https://ov •

CVSS: 9.3EPSS: 9%CPEs: 59EXPL: 0

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via crafted JP2K record types in a JPEG2000 image in a PDF file, which causes heap corruption, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0599. Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.x anterior a v8.2.6 en Windows y Mac OS X permite a atacantes remotos ejecutar código de su elección a través de una imagen, una vulnerabilidad diferente de CVE-2011-0596, CVE-2011-0598, y CVE-2011 0599. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=891 http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/bid/46221 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 33%CPEs: 59EXPL: 0

Stack-based buffer overflow in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to a crafted length value, a different vulnerability than CVE-2011-0563 and CVE-2011-0589. Un desbordamiento de búfer en la región stack de la memoria en la biblioteca rt3d.dll en Adobe Reader y Acrobat versión 10.x anterior a 10.0.1, versión 9.x anterior a 9.4.2 y versión 8.x anterior a 8.2.6 en Windows y Mac OS X, permiten a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) por medio de vectores no especificados relacionados con un valor de longitud creado, esta es una vulnerabilidad diferente a los CVE-2011-0563 y CVE-2011-0589. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rt3d.dll component explicitly trusting a length embedded within a particular file in order to calculate the length of a buffer. The application will then duplicate an arbitrarily sized string into a statically sized buffer located on the stack. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/archive/1/516317/100/0/threaded http://www.securityfocus.com/bid/46201 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 https://exchange.xforce.ibmcloud.com/vulnerabilities/65309 https://oval.cisecurity. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 22%CPEs: 59EXPL: 0

The Bitmap parsing component in 2d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via an image with crafted (1) height and (2) width values for an RLE_8 compressed bitmap, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2011-0598, CVE-2011-0599, and CVE-2011-0602. Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.x anterior a v8.2.6 en Windows y Mac OS X permite a atacantes remotos ejecutar código de su elección a través de una imagen, una vulnerabilidad diferente de CVE-2011-0598, CVE-2011-0599, y CVE-2011-0602. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the Bitmap parsing component of 2d.dll. When allocating a destination buffer for handling RLE_8 compressed bitmaps the process uses the bitmap height and width values directly. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11921 https://access.redhat.com/security/cve/CVE-2011-0596 https://bugzilla.redhat.com/show_bug.cgi • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 37%CPEs: 59EXPL: 0

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600. Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.x anterior a v8.2.6 en Windows y Mac OS X permite a atacantes remotos ejecutar código de su elección a través de un archivo 3D, una vulnerabilidad diferente de CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595 y CVE-2011-0600. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of an image format supported by the Universal 3D compressed file format. When parsing a particular texture file specified by the format, the application will explicitly trust fields within the file in a multiply used to allocate space for the image data. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12621 https://access.redhat.com/security/cve/CVE-2011-0590 https://bugzilla.redhat.com/show_bug.cgi • CWE-20: Improper Input Validation •