CVSS: 9.3EPSS: 11%CPEs: 48EXPL: 0CVE-2010-2206 – acroread: multiple code execution flaws (APSB10-15)
https://notcve.org/view.php?id=CVE-2010-2206
Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and triggers a heap-based buffer overflow. Error de índice de matriz en archivo AcroForm.api en Adobe Reader y Acrobat versión 9.x anterior a 9.3.3 y versión 8.x anterior a 8.2.3 en Windows y Mac OS X, permite a los atacantes remotos ejecutar código arbitrario por medio de una imagen GIF creada en un archivo PDF, lo que omite una comprobación de tamaño y desencadena un desbordamiento de búfer en la región heap de la memoria. • http://secunia.com/secunia_research/2010-88 http://www.adobe.com/support/security/bulletins/apsb10-15.html http://www.securityfocus.com/archive/1/512092/100/0/threaded http://www.securityfocus.com/bid/41241 http://www.securitytracker.com/id?1024159 http://www.vupen.com/english/advisories/2010/1636 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7200 https://access.redhat.com/security/cve/CVE-2010-2206 https://bugzilla.redhat.com/show_bug.cg • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 29%CPEs: 48EXPL: 0CVE-2010-2210 – acroread: multiple code execution flaws (APSB10-15)
https://notcve.org/view.php?id=CVE-2010-2210
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2211, and CVE-2010-2212. Vulnerabilidad en Adobe Reader y Acrobat v9.x anteriores a v9.3.3, y v8.x anteriores a v8.2.3 en Windows y Mac OS X, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores desconocidos, una vulnerabilidad distinta a CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2211, and CVE-2010-2212. • http://www.adobe.com/support/security/bulletins/apsb10-15.html http://www.securityfocus.com/bid/41242 http://www.securitytracker.com/id?1024159 http://www.vupen.com/english/advisories/2010/1636 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6929 https://access.redhat.com/security/cve/CVE-2010-2210 https://bugzilla.redhat.com/show_bug.cgi?id=609203 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 2%CPEs: 48EXPL: 1CVE-2010-2204 – Adobe Reader 9.3.2 - 'CoolType.dll' Remote Memory Corruption / Denial of Service
https://notcve.org/view.php?id=CVE-2010-2204
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Vulnerabilidad sin especificar en Adobe Reader y Acrobat v9.x anteriores a v9.3.3, y v8.x anteriores a v8.2.3 en Windows y Mac OS X, permite a atacantes generar una denegación de servicio o ejecutar código arbitrario mediante vectores desconocidos Adobe Reader suffers from a remote memory corruption vulnerability that causes the application to crash while processing the malicious .PDF file. The issue is triggered when the reader tries to initialize the CoolType Typography Engine (cooltype.dll). Version 9.3.2 is affected. • https://www.exploit-db.com/exploits/14121 http://www.adobe.com/support/security/bulletins/apsb10-15.html http://www.securityfocus.com/bid/41231 http://www.securitytracker.com/id?1024159 http://www.vupen.com/english/advisories/2010/1636 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7242 https://access.redhat.com/security/cve/CVE-2010-2204 https://bugzilla.redhat.com/show_bug.cgi?id=609203 •
CVSS: 10.0EPSS: 27%CPEs: 48EXPL: 0CVE-2010-2202 – Adobe Reader CLOD Progressive Mesh Continuation Resolution Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2202
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. Vulnerabilidad en Adobe Reader y Acrobat v9.x anteriores a v9.3.3, y v8.x anteriores a v8.2.3 en Windows y Mac OS X, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores desconocidos, una vulnerabilidad distinta a CVE-2010-1295, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application parses a PDF file containing a malformed CLOD Progressive Mesh Continuation Resolution Update. Specific values can cause a memory corruption during floating point operations which can be subsequently leveraged to achieve arbitrary code execution under the privileges of the current user. • http://www.adobe.com/support/security/bulletins/apsb10-15.html http://www.securityfocus.com/bid/41234 http://www.securitytracker.com/id?1024159 http://www.vupen.com/english/advisories/2010/1636 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7336 https://access.redhat.com/security/cve/CVE-2010-2202 https://bugzilla.redhat.com/show_bug.cgi?id=609203 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 43%CPEs: 28EXPL: 0CVE-2010-1278 – Adobe Download Manager Atlcom.get_atlcom ActiveX Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1278
Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in Adobe Download Manager, as used in Adobe Reader and Acrobat 8.x before 8.2 and 9.x before 9.3, allows remote attackers to execute arbitrary code via unspecified parameters. Desbordamiento de búfer en el control ActiveX Atlcom.get_atlcom de gp.ocx de Adobe Download Manager, como el que se utiliza en Adobe Reader y Acrobat v8.x anterior a 8.2 y v9.x anterior a 9.3, permite a atacantes remotos ejecutar código de su elección mediante parámetros no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Download Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the gp.ocx ActiveX control. This control has a CLSID of {E2883E8F-472F-4fb0-9522-AC9BF37916A7} and the ProgID Atlcom.get_atlcom. • http://www.adobe.com/support/security/bulletins/apsb10-02.html http://www.securityfocus.com/archive/1/510868/100/0/threaded http://www.securitytracker.com/id?1023908 http://www.zerodayinitiative.com/advisories/ZDI-10-077 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7500 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •