CVSS: 9.3EPSS: 33%CPEs: 9EXPL: 0CVE-2008-4817 – Reader: Download Manager input validation flaw
https://notcve.org/view.php?id=CVE-2008-4817
05 Nov 2008 — The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption. El Gestor de Descargas (Download Manager) de Adobe Acrobat Professional y Reader v8.1.2 y anteriores; permite a atacantes remotos ejecutar código de su elección a través de un documento PDF manipulado que llama a una función AcroJS con un argumento de cadena larga pro... • http://download.oracle.com/sunalerts/1019937.1.html • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2008-4816
https://notcve.org/view.php?id=CVE-2008-4816
05 Nov 2008 — Unspecified vulnerability in the Download Manager in Adobe Reader 8.1.2 and earlier on Windows allows remote attackers to change Internet Security options on a client machine via unknown vectors. Vulnerabilidad no especificada en el Gestor de Descargas de Adobe Reader v8.1.2 y anteriores en Windows; permite a atacantes remotos modificar las opciones de Seguridad de Internet en una máquina cliente a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html •
CVSS: 9.3EPSS: 32%CPEs: 8EXPL: 0CVE-2008-4812 – Reader: embedded font handling out-of-bounds array indexing
https://notcve.org/view.php?id=CVE-2008-4812
05 Nov 2008 — Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts. Error de índice de array en Adobe Reader y Acrobat, y la extensión de Explorer (también conocida como AcroRd32Info), v8.1.2, v8.1.1 y anteriores; permite a atacantes remotos ejecutar código de su elección a través de un documento PDF manipul... • http://download.oracle.com/sunalerts/1019937.1.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2008-4815 – Reader: insecure RPATH flaw
https://notcve.org/view.php?id=CVE-2008-4815
05 Nov 2008 — Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH. Vulnerabilidad de ruta de búsqueda no confiable en Adobe Reader y Acrobat 8.1.2 y anteriores en Unix y Linux; permite a los atacantes ganar privilegios mediante un programa troyano en un directorio no especificado que está asociado a una RPATH no segura. • http://download.oracle.com/sunalerts/1019937.1.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 70%CPEs: 8EXPL: 0CVE-2008-4813 – Adobe Acrobat PDF Javascript getCosObj Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-4813
04 Nov 2008 — Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj method; or (2) contains a malformed PDF object that triggers memory corruption during parsing. Adobe Reader y Acrobat v8.1.2 y anteriores; permiten a atacantes remotos ejecutar código de su elección a través de un PDF manipulado que (1) realiza acciones no espec... • http://download.oracle.com/sunalerts/1019937.1.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 93%CPEs: 64EXPL: 5CVE-2008-2992 – Adobe Reader and Acrobat Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2008-2992
04 Nov 2008 — Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104. Un desbordamiento de búfer en la región stack de la memoria en Adobe Acrobat y Reader versión 8.1.2 y anteriores, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo PDF que llama a la función JavaScript util.printf con un... • https://www.exploit-db.com/exploits/16504 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 5%CPEs: 3EXPL: 1CVE-2008-4071 – Adobe Acrobat 9 - ActiveX Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-4071
15 Sep 2008 — A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL. Un determinado control ActiveX en Adobe Acrobat 9, cuando es utilizado con Microsoft Windows Vista e Internet Explorer 7, permite a atacantes remotos provocar una denegación de servicio (caída del navegador) a través de un valor de la propiedad src con una URL acroie:// no vá... • https://www.exploit-db.com/exploits/6424 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 1%CPEs: 76EXPL: 0CVE-2008-2042
https://notcve.org/view.php?id=CVE-2008-2042
08 May 2008 — The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function. La API de JavaScript en Adobe Acrobat Professional versiones 7.0.9 y posiblemente 8.1.1 se expone a un método peligroso, el cual permite a atacantes remotos (1) ejecutar comandos de arbitrarios o (2) provocar un desbordamiento de ... • http://secunia.com/advisories/30840 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 95%CPEs: 2EXPL: 2CVE-2007-5659 – Adobe Acrobat and Reader Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-5659
12 Feb 2008 — Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655. Múltiples desbordamientos de búfer en Adobe Reader and Acrobat 8.1.1 y anteriores permiten a atacantes remotos ejecutar código de su elección a través de ficheros PDF con argumentos largos de métodos no especificados de JavaScript. NOTA: esta cuestión podría ser subsu... • https://www.exploit-db.com/exploits/31114 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.3EPSS: 32%CPEs: 2EXPL: 0CVE-2007-5663 – acroread JavaScript Insecure Method Exposure
https://notcve.org/view.php?id=CVE-2007-5663
12 Feb 2008 — Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655. Adobe Reader y Acrobat 8.1.1 y anteriores permite a atacantes remotos ejecutar código de su elección a través de un archivo PDF manipulado que llama a un método JavaScript inseguro en el complemento EScript.api. NOTA: este problema podría estar incluido en CVE-2008-0655. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=656 • CWE-94: Improper Control of Generation of Code ('Code Injection') •