CVE-2014-0567 – Adobe Reader replace() Heap Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0567
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0561. Desbordamiento de buffer basado en memoria dinámica en Adobe Reader y Acrobat 10.x anterior a 10.1.12 y 11.x anterior a 11.0.09 en Windows y OS X permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-0561. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the replace() JavaScript function. By creating a specially crafted string followed by a replace call with specific arguments, an attacker can force a heap buffer to overflow. • http://helpx.adobe.com/security/products/reader/apsb14-20.html http://www.securityfocus.com/bid/69827 http://www.securitytracker.com/id/1030853 https://exchange.xforce.ibmcloud.com/vulnerabilities/95999 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-0546 – Adobe Acrobat and Reader Sandbox Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2014-0546
Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via unspecified vectors. Adobe Reader y Acrobat 10.x anterior a 10.1.11 y 11.x anterior a 11.0.08 en Windows permiten a atacantes evadir un mecanismo de protección sandbox, y como consecuencia ejecutar código nativo en un contexto privilegiado, a través de vectores no especificados. Adobe Acrobat and Reader on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context. • http://helpx.adobe.com/security/products/reader/apsb14-19.html http://www.securitytracker.com/id/1030711 •
CVE-2014-0523
https://notcve.org/view.php?id=CVE-2014-0523
Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0522, CVE-2014-0524, and CVE-2014-0526. Adobe Reader y Acrobat 10.x anterior a 10.1.10 y 11.x anterior a 11.0.07 en Windows y OS X permiten a atacantes ejecutar código arbitrario o causar una denegación de memoria (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-0522, CVE-2014-0524 y CVE-2014-0526. • http://helpx.adobe.com/security/products/reader/apsb14-15.html https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1074 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-0521
https://notcve.org/view.php?id=CVE-2014-0521
Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X do not properly implement JavaScript APIs, which allows remote attackers to obtain sensitive information via a crafted PDF document. Adobe Reader y Acrobat 10.x anterior a 10.1.10 y 11.x anterior a 11.0.07 en Windows y OS X no implementen debidamente APIs JavaScript, lo que permite a atacantes remotos obtener información sensible a través de un documento PDF manipulado. • http://helpx.adobe.com/security/products/reader/apsb14-15.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-0522
https://notcve.org/view.php?id=CVE-2014-0522
Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0523, CVE-2014-0524, and CVE-2014-0526. Adobe Reader y Acrobat 10.x anterior a 10.1.10 y 11.x anterior a 11.0.07 en Windows y OS X permiten a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-0523, CVE-2014-0524 y CVE-2014-0526. • http://helpx.adobe.com/security/products/reader/apsb14-15.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •