CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-5666 – acroread JavaScript Insecure Libary Search Path
https://notcve.org/view.php?id=CVE-2007-5666
12 Feb 2008 — Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current working directory. NOTE: this issue might be subsumed by CVE-2008-0655. Vulnerabilidad de ruta de búsqueda no confiable en Adobe Reader y Acrobat 8.1.1 y anteriores permite a usuarios locales ejecutar código de su elección a través de una librería maliciosa del proveedor de Seguridad en el directorio de trabajo actual... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=655 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 47%CPEs: 2EXPL: 0CVE-2008-0726 – Adobe Acrobat Javascript for PDF Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-0726
11 Feb 2008 — Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption. Desbordamiento de tipo integer en Adobe Reader y Acrobat 8.1.1 y anteriores. Permite a atacantes remotos ejecutar código de su elección a través de argumentos manipulados a los printSepsWithParams, lo que dispara corrupción de memoria. This vulnerability allows remote attackers to execute arbitrary code on vulnera... • http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00007.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 40%CPEs: 2EXPL: 1CVE-2008-0655 – Adobe Acrobat and Reader Unspecified Vulnerability
https://notcve.org/view.php?id=CVE-2008-0655
07 Feb 2008 — Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors. Múltiples vulnerabilidades no especificadas en Adobe Reader y Acrobat anterior a la versión 8.1.2 tienen vectores de impacto y ataque desconocidos. Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times. • http://blogs.adobe.com/acroread/2008/02/adobe_reader_812_for_linux_and.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 24%CPEs: 2EXPL: 0CVE-2007-5020
https://notcve.org/view.php?id=CVE-2007-5020
21 Sep 2007 — Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vague pre-advisory by a reliable researcher. Una vulnerabilidad no especificada en Adobe Acrobat y Reader versión 8.1 en Windows, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo PDF diseñado, relacionado con la opción mailto: e In... • http://www.adobe.com/support/security/advisories/apsa07-04.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 36%CPEs: 36EXPL: 1CVE-2007-0048
https://notcve.org/view.php?id=CVE-2007-0048
03 Jan 2007 — Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue." El Plugin de Adobe Acrobat Reader anterior al 8.0.0., cuando se usa con el Internet Explorer, permite a atacantes remo... • http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf •
CVSS: 6.1EPSS: 88%CPEs: 36EXPL: 5CVE-2007-0045
https://notcve.org/view.php?id=CVE-2007-0045
03 Jan 2007 — Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, o... • http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 56%CPEs: 36EXPL: 2CVE-2007-0044 – Adobe Reader 9.1.3 Plugin - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-0044
03 Jan 2007 — Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding." Adobe Acrobat Reader Plugin anterior a la versión 8.0.0 para los navegadores Firefox, Internet Explorer y Opera permite a atacantes remotos forzar al navegador a realizar... • https://www.exploit-db.com/exploits/29383 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.3EPSS: 88%CPEs: 54EXPL: 0CVE-2006-5857
https://notcve.org/view.php?id=CVE-2006-5857
31 Dec 2006 — Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering. Adobe Reader y Acrobat 7.0.8 y anteriores permite a atacantes remotos con la intervención del usuario ejecutar código mediante un archivo PDF manipulado que dispara una corrupción de memoria y sobrescribe un puntero de subrutina durante el dibujado. • http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0200.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 18%CPEs: 5EXPL: 0CVE-2006-3453
https://notcve.org/view.php?id=CVE-2006-3453
13 Jul 2006 — Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers to execute arbitrary code via unknown vectors in a document that triggers the overflow when it is distilled to PDF. Desbordamiento de búfer en Adobe Acrobat 6.0 hasta 6.0.4 permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos en un documento que dispara el desbordamiento cuando se convierte a PDF. • http://secunia.com/advisories/21014 •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2006-3452
https://notcve.org/view.php?id=CVE-2006-3452
12 Jul 2006 — Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure file and directory permissions, which allows local users to gain privileges by overwriting program files. Adobe Reader y Acrobat 6.0.4 y anteriores en Mac OSX, tiene un archivo y permisos de directorio inseguros, lo que permite a usuarios locales obtener privilegios sobrescribiendo archivos de programa. • http://secunia.com/advisories/21016 •