Page 55 of 279 results (0.020 seconds)

CVSS: 9.3EPSS: 27%CPEs: 59EXPL: 0

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to Texture and rgba, a different vulnerability than CVE-2011-0590, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600. Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.x anterior a v8.2.6 en Windows y Mac OS X permite a atacantes remotos ejecutar código de su elección a través de un archivo 3D, una vulnerabilidad diferente de CVE-2011-0590, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, y CVE-2011-0600. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of an image format supported by the Universal 3D compressed file format. When decoding the image data provided by the file, the application will one size for allocating space for the destination buffer and then trust the data when decompressing into that buffer. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/bid/46209 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 http://www.zerodayinitiative.com/advisories/ZDI-11-067 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12558 htt • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 72%CPEs: 59EXPL: 0

AcroRd32.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image that triggers an incorrect pointer calculation, leading to heap memory corruption, a different vulnerability than CVE-2011-0566 and CVE-2011-0603. Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.x anterior a v8.2.6 en Windows y Mac OS X permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una imagen manipulada, una vulnerabilidad diferente de CVE-2011-0566 y CVE-2011-0603. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within AcroRd32.dll. Initially, a pointer passed to memset can be miscalculated and the resulting copy operation corrupts heap memory. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/bid/46199 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 http://www.zerodayinitiative.com/advisories/ZDI-11-065 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12248 htt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 34%CPEs: 59EXPL: 0

The Bitmap parsing component in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted image that causes an invalid pointer calculation related to 4/8-bit RLE compression, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0602. Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.x anterior a v8.2.6 en Windows y Mac OS X permite a atacantes remotos ejecutar código de su elección a través de una imagen, una vulnerabilidad diferente de CVE-2011-0596, CVE-2011-0598, y CVE-2011 0602. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the Bitmap parsing component of rt3d.dll. When allocating a destination buffer for handling 4/8-bit RLE compressed bitmaps, the process uses the bitmap bits per pixel and number of colors values directly. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/archive/1/516314 http://www.securityfocus.com/bid/46220 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 http://www.zerodayinitiative.com/advisories/ZDI-11-072 https://oval.cisecurity.org/repository/sear • CWE-20: Improper Input Validation •

CVSS: 9.7EPSS: 33%CPEs: 59EXPL: 0

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0600. Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.x anterior a v8.2.6 en Windows y Mac OS X permite a atacantes remotos ejecutar código de su elección a través de un archivo 3D, una vulnerabilidad diferente de CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, y CVE-2011-0600. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of an image format supported by the Universal 3D compressed file format. When decoding the image data provided by the file, the application will use one size for allocating space for the destination buffer and then trust the data when decompressing into that buffer. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/archive/1/516312 http://www.securityfocus.com/bid/46212 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 http://www.zerodayinitiative.com/advisories/ZDI-11-070 https://oval.cisecurity.org/repository/sear • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 46%CPEs: 59EXPL: 0

The U3D component in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file with an invalid Parent Node count that triggers an incorrect size calculation and memory corruption, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0595. El componente U3D de Adobe Reader y Acrobat versión 10.x anterior a 10.0.1, versión 9.x anterior a 9.4.2 y versión 8.x anterior a 8.2.6 en Windows y Mac OS X, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo 3D con un recuento de nodos principales no válido que activa un cálculo de tamaño inapropiado y la corrupción de memoria, esta es una vulnerabilidad diferente a los CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593 y CVE-2011-0595. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader on Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the U3D component distributed with the Reader. The application uses the Parent Node count to calculate the size of an allocation. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/archive/1/516316/100/0/threaded http://www.securityfocus.com/bid/46213 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 http://www.zerodayinitiative.com/advisories/ZDI-11-074 https://oval.cisecurity. • CWE-20: Improper Input Validation •