CVSS: 5.0EPSS: 1%CPEs: 54EXPL: 0CVE-2015-3058 – Adobe Acrobat Pro Spell customDictionaryExport Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-3058
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors. Adobe Reader y Acrobat 10.x anterior a 10.1.14 y 11.x anterior a 11.0.11 en Windows y OS X permiten a atacantes obtener información sensible de la memoria de procesos a través de vectores no especificados. This vulnerability allows remote attackers to leak memory addresses from Spell.api on vulnerable installations of Adobe Acrobat Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Spell object. By creating and exporting a custom dictionary, it is possible to leak memory addresses from Spell.api. • http://www.securityfocus.com/bid/74618 http://www.securitytracker.com/id/1032284 http://www.zerodayinitiative.com/advisories/ZDI-15-211 https://helpx.adobe.com/security/products/reader/apsb15-10.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 7%CPEs: 54EXPL: 0CVE-2015-3057 – Adobe Acrobat Reader Uninitialized Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3057
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3056, CVE-2015-3070, and CVE-2015-3076. Adobe Reader y Acrobat 10.x anterior a 10.1.14 y 11.x anterior a 11.0.11 en Windows y OS X permiten a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3056, CVE-2015-3070, y CVE-2015-3076. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue lies in the failure to properly initialize a variable prior to using it, leading to memory corruption. • http://www.securityfocus.com/bid/74600 http://www.securitytracker.com/id/1032284 http://www.zerodayinitiative.com/advisories/ZDI-15-210 https://helpx.adobe.com/security/products/reader/apsb15-10.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 54EXPL: 0CVE-2015-3056 – Adobe Acrobat Reader Line Annotations Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3056
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3057, CVE-2015-3070, and CVE-2015-3076. Adobe Reader y Acrobat 10.x anterior a 10.1.14 y 11.x anterior a 11.0.11 en Windows y OS X permiten a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3057, CVE-2015-3070, y CVE-2015-3076. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Line Annotations. A specially crafted Line Annotation can force Adobe Acrobat Reader to read memory past the end of an allocated object. • http://www.securityfocus.com/bid/74600 http://www.securitytracker.com/id/1032284 http://www.zerodayinitiative.com/advisories/ZDI-15-209 https://helpx.adobe.com/security/products/reader/apsb15-10.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 4%CPEs: 54EXPL: 0CVE-2015-3060 – Adobe Acrobat Reader indexOfNextEssential Javascript API Restrictions Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-3060
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074. Adobe Reader y Acrobat 10.x anterior a 10.1.14 y 11.x anterior a 11.0.11 en Windows y OS X permite a atacantes evadir restricciones intencionadas en la ejecución de la API JavaScript a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073 y CVE-2015-3074. This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the indexOfNextEssential method. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the JavaScript API restrictions. • http://www.securityfocus.com/bid/74604 http://www.securitytracker.com/id/1032284 http://www.zerodayinitiative.com/advisories/ZDI-15-208 https://helpx.adobe.com/security/products/reader/apsb15-10.html • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 4%CPEs: 54EXPL: 0CVE-2015-3065 – Adobe Acrobat Reader Matrix2D transform Javascript API Restrictions Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-3065
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074. Adobe Reader y Acrobat 10.x anterior a 10.1.14 y 11.x anterior a 11.0.11 en Windows y OS X permite a atacantes evadir restricciones intencionadas en la ejecución de la API JavaScript a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073 y CVE-2015-3074. This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Matrix2D transform method. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the JavaScript API restrictions. • http://www.securityfocus.com/bid/74604 http://www.securitytracker.com/id/1032284 http://www.zerodayinitiative.com/advisories/ZDI-15-199 https://helpx.adobe.com/security/products/reader/apsb15-10.html • CWE-284: Improper Access Control •