CVE-2010-4091 – Acrobat Reader 9.4 - Memory Corruption
https://notcve.org/view.php?id=CVE-2010-4091
The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information. El plugin EScript.api en Adobe Reader y Acrobat versión 10.x anterior a 10.0.1, versión 9.x anterior a 9.4.1 y versión 8.x anterior a 8.2.6 en Windows y Mac OS X, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de un documento PDF creado que desencadena una corrupción de memoria, que involucran a la función printSeps. NOTA: algunos de estos datos se consiguen de la información de terceros. • https://www.exploit-db.com/exploits/15419 http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.html http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html http://osvdb.org/69005 http://secunia.com/advisories/42095 http://secunia.com/advisories/42401 http://secunia.com/advisories/43025 http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-3654 – Adobe Flash Player < 10.1.53.64 - Action Script Type Confusion (ASLR + DEP Bypass)
https://notcve.org/view.php?id=CVE-2010-3654
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010. Flash Player de Adobe anterior a versión 9.0.289.0 y versiones 10.x anteriores a 10.1.102.64 en Windows, Mac OS X, Linux y Solaris y versión 10.1.95.1 en Android, y authplay.dll (también se conoce como AuthPlayLib.bundle o libauthplay.so.0.0.0) en Reader y Acrobat de Adobe versiones 9.x hasta 9.4, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y bloqueo de aplicación) por medio de contenido SWF diseñado, como se explotó “in the wild” en octubre de 2010. • https://www.exploit-db.com/exploits/17187 https://www.exploit-db.com/exploits/16667 http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1 http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html http://secunia.com/advisorie • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-3658 – acroread: multiple code execution flaws (APSB10-21)
https://notcve.org/view.php?id=CVE-2010-3658
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3632. Adobe Reader y Acrobat v9.x anterior a v9.4, y v8.x anterior a v8.2.5 en Windows y Mac OS X, permite a atacantes ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de vectores sin especificar. Una vulnerabilidad diferente de CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3632. • http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://secunia.com/advisories/43025 http://security.gentoo.org/glsa/glsa-201101-08.xml http://www.adobe.com/support/security/bulletins/apsb10-21.html http://www.redhat.com/support/errata/RHSA-2010-0743.html http://www.us-cert.gov/cas/techalerts/TA10-279A.html http://www.vupen.com/english/advisories/2011/0191 https://oval.cisecurit • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-2890 – acroread: multiple code execution flaws (APSB10-21)
https://notcve.org/view.php?id=CVE-2010-2890
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658. Adobe Reader y Acrobat v8.x anterior a v8.2.5 y v9.x anterior a v9.4 en Windows y Mac OS X, permite a atacantes ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. Una vulnerabilidad diferente de CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, y CVE-2010-3658. • http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://secunia.com/advisories/43025 http://security.gentoo.org/glsa/glsa-201101-08.xml http://www.adobe.com/support/security/bulletins/apsb10-21.html http://www.redhat.com/support/errata/RHSA-2010-0743.html http://www.us-cert.gov/cas/techalerts/TA10-279A.html http://www.vupen.com/english/advisories/2011/0191 https://oval.cisecurit • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-3624
https://notcve.org/view.php?id=CVE-2010-3624
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via a crafted image. Vulnerabilidad no especificada en Adobe Reader y Acrobat v8.x anterior a v8.2.5 y v9.x anterior a v9.4 en Mac OS X, permite a atacantes ejecutar código de su elección a través de una imagen manipulada. • http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://www.adobe.com/support/security/bulletins/apsb10-21.html http://www.us-cert.gov/cas/techalerts/TA10-279A.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14402 • CWE-20: Improper Input Validation •