Page 60 of 356 results (0.009 seconds)

CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 1

CVE-2009-1597

https://notcve.org/view.php?id=CVE-2009-1597

Mozilla Firefox executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content." Mozilla Firefox ejecuta llamadas a DOM en respuesta a un "javascript: URI" en el atributo target de un elemento submit en un formulario contenido en un fichero PDF, lo que podría permitir a atacantes remotos eludir las restricciones JavaScript al acceder al objeto de documento, como lo demuestran un sitio web que permite subir archivos PDF por usuarios no confiables, y por lo tanto disponer de un document.domain compartido entre el sitio web y este "javascript: URI". NOTA: El investigador informa de que la posición de Adobe es "un archivo PDF es contenido activo". • http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf http://www.securityfocus.com/archive/1/503183/100/0/threaded • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 96%CPEs: 6EXPL: 3

CVE-2009-1492 – Adobe Reader 8.1.4/9.1 - 'GetAnnots()' Remote Code Execution

https://notcve.org/view.php?id=CVE-2009-1492

The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments. El método getAnnots Doc en la API de JavaScript en Adobe Reader y Acrobat v9.1, v8.1.4, v7.1.1 y anteriores permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o ejecutar código arbitrario a través de un archivo PDF que contiene una anotación, y tiene una entrada OpenAction con el código JavaScript que llama a este método con argumentos enteros elaborados. • https://www.exploit-db.com/exploits/8569 http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://osvdb.org/54130 http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt& • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 8%CPEs: 3EXPL: 0

CVE-2009-1061 – acroread: multiple JBIG2-related security flaws

https://notcve.org/view.php?id=CVE-2009-1061

Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via unknown attack vectors related to JBIG2 and "input validation," a different vulnerability than CVE-2009-0193 and CVE-2009-1062. Vulnerabilidad inespecífica en Adobe Acrobat Reader v9 anteriores a v9.1, v8 anteriores a v8.1.4, y v7 anteriores a v7.1.1 permitiría a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos relacionados con JBIG2 y la "validación de entrada", una vulnerabilidad diferente de CVE-2009-0193 y CVE-2009-1062. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://secunia.com/advisories/34392 http://secunia.com/advisories/34490 http://secunia.com/advisories/34706 http://secunia.com/advisories/34790 http://security.gentoo.org/glsa/glsa-200904-17.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1 http://www.adobe.com/support/security/bulletins/apsb09-04.html http://w • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 56%CPEs: 99EXPL: 0

CVE-2009-0928 – acroread: multiple JBIG2-related security flaws

https://notcve.org/view.php?id=CVE-2009-0928

Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat Professional 7.1.0, 8.1.3, 9.0.0, and other versions allows remote attackers to execute arbitrary code via a PDF file containing a JBIG2 stream with a size inconsistency related to an unspecified table. Desbordamiento de búfer basado en montículo en Adobe Acrobat Reader y Acrobat Professional v7.1.0, v8.1.3, v9.0.0 y otras versiones, permite a atacantes remotos ejecutar código de su elección a través de un archivo PDF que contiene una cadena JBIG2 con un tamaño inconsistente relacionado con una tabla sin especificar. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=776 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://secunia.com/advisories/34392 http://secunia.com/advisories/34490 http://secunia.com/advisories/34706 http://secunia.com/advisories/34790 http://security.gentoo.org/glsa/glsa-200904-17.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 12%CPEs: 70EXPL: 0

CVE-2009-1062 – acroread: multiple JBIG2-related security flaws

https://notcve.org/view.php?id=CVE-2009-1062

Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061. Adobe Acrobat Reader versión 9 anterior a 9.1, versión 8 anterior a 8.1.4 y versión 7 anterior a 7.1.1 podría permitir a los atacantes remotos desencadenar una corrupción de memoria y posiblemente ejecutar código arbitrario por medio de vectores de ataque desconocidos relacionados con JBIG2, una vulnerabilidad diferente a las CVE-2009-0193 y CVE-2009-1061. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://secunia.com/advisories/34392 http://secunia.com/advisories/34490 http://secunia.com/advisories/34706 http://secunia.com/advisories/34790 http://security.gentoo.org/glsa/glsa-200904-17.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1 http://www.adobe.com/support/security/bulletins/apsb09-04.html http://w • CWE-20: Improper Input Validation •