CVSS: 10.0EPSS: 87%CPEs: 1EXPL: 0CVE-2014-0511 – Adobe Reader PDF417 Barcode Parsing Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0511
Heap-based buffer overflow in Adobe Reader 11.0.06 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. Desbordamiento de buffer basado en memoria dinámica en Adobe Reader 11.0.06 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, como fue demostrado por VUPEN durante una competición Pwn2Own en CanSecWest 2014. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF417 barcodes. The issue lies in the failure to properly sanitize a user-supplied value. • http://helpx.adobe.com/security/products/reader/apsb14-15.html http://twitter.com/thezdi/statuses/443827076580122624 http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2014-0512 – Adobe Reader Sandbox Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0512
Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. Adobe Reader 11.0.06 permite a atacantes evadir un mecanismo de protección sandbox a través de vectores no especificados, como fue demostrado por VUPEN durante una competición Pwn2Own en CanSecWest 2014. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file writes. The issue lies in the failure to properly validate user-supplied paths. • http://helpx.adobe.com/security/products/reader/apsb14-15.html http://twitter.com/thezdi/statuses/443827076580122624 http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 11EXPL: 0CVE-2013-5325
https://notcve.org/view.php?id=CVE-2013-5325
Adobe Reader and Acrobat 11.x before 11.0.05 on Windows allow remote attackers to execute arbitrary JavaScript code in a javascript: URL via a crafted PDF document. Adobe Reader y Acrobat 11.x anterior a la versión 11.0.05 en Windows permite a atacantes remotos ejecutar código JavaScript arbitrario en una URL tipo javascript: a través de un documento PDF diseñado. • http://www.adobe.com/support/security/bulletins/apsb13-25.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19053 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 42EXPL: 0CVE-2013-3355
https://notcve.org/view.php?id=CVE-2013-3355
Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3352 and CVE-2013-3354. Adobe reader y Acrobat anteriores a 10.1.8 y 11.x anteriores a 11.0.04 en Windows y Mac OS X permite a atacantes ejecutar código a discrección o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2013-3352 and CVE-2013-3354. • http://www.adobe.com/support/security/bulletins/apsb13-22.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18826 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 6%CPEs: 42EXPL: 0CVE-2013-3353
https://notcve.org/view.php?id=CVE-2013-3353
Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-3356. Desbordamiento de buffer en Adobe Reader y Acrobat anteriores a 10.1.8 y 11.x (anteriores a 11.0.04) en Windows y Mac OS X permite a atacantes ejecutar código a discrección a través de vectores no especificados, una vulnerabilidad diferente a CVE-2013-3356. • http://www.adobe.com/support/security/bulletins/apsb13-22.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18369 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •