Page 67 of 391 results (0.043 seconds)

CVSS: 9.3EPSS: 2%CPEs: 40EXPL: 0

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0199, CVE-2010-0202, and CVE-2010-0203. Desbordamiento de búfer en Adobe Reader y Acrobat v9.x anterior v9.3.2, y v8.x anterior v8.2.2 en Windows y Mac OS X, permite a atacantes ejecutar código de su elecicón a través de vectores no especificados, una vulnerabilidad diferente que CVE-2010-0199, CVE-2010-0202, y CVE-2010-0203. • http://www.adobe.com/support/security/bulletins/apsb10-09.html http://www.securityfocus.com/bid/39329 http://www.us-cert.gov/cas/techalerts/TA10-103C.html http://www.vupen.com/english/advisories/2010/0873 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7106 https://access.redhat.com/security/cve/CVE-2010-0198 https://bugzilla.redhat.com/show_bug.cgi?id=581417 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 0%CPEs: 40EXPL: 0

Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Adobe Reader y Acrobat v9.x anterior v9.3.2, y v8.x anteior v8.2.2 en Windows y Mac OS X, permite a atacantes remotos inyectar código web o HTML de su elección a través de vectores no especificados. • http://www.adobe.com/support/security/bulletins/apsb10-09.html http://www.securityfocus.com/bid/39329 http://www.us-cert.gov/cas/techalerts/TA10-103C.html http://www.vupen.com/english/advisories/2010/0873 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6986 https://access.redhat.com/security/cve/CVE-2010-0190 https://bugzilla.redhat.com/show_bug.cgi?id=581417 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 5%CPEs: 40EXPL: 0

Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0197, CVE-2010-0201, and CVE-2010-0204. Adobe Reader y Acrobat v9.x anterior v9.3.2, y v8.x anterior v8.2.2 en Windows y Mac OS X, permite a atacantes causar una denegación de servicio (caída de aplicación) o ejecutar código de su elección a través de vectores no especificados, una vulnerabilidad diferente que CVE-2010-0197, CVE-2010-0201, y CVE-2010-0204. • http://www.adobe.com/support/security/bulletins/apsb10-09.html http://www.securityfocus.com/bid/39329 http://www.us-cert.gov/cas/techalerts/TA10-103C.html http://www.vupen.com/english/advisories/2010/0873 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6823 https://access.redhat.com/security/cve/CVE-2010-0194 https://bugzilla.redhat.com/show_bug.cgi?id=581417 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 8%CPEs: 40EXPL: 0

Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, do not properly handle fonts, which allows attackers to execute arbitrary code via unspecified vectors. Adobe Reader y Acrobat v9.x anterior v9.3.2, y v8.x anterior v8.2.2 en Windows y Mac OS X, no maneja adecuadamente fuentes, lo que permite a atacantes ejecutar código de su elección a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe's Acrobat Reader. User interaction is required in that the victim must be coerced into opening a malicious document or visiting a malicious URL. The specific flaw exists within the parsing of embedded fonts inside a PDF document. Upon parsing particular tables out of a font file the application will miscalculate an index used for seeking into a buffer. • http://www.adobe.com/support/security/bulletins/apsb10-09.html http://www.securityfocus.com/bid/39329 http://www.us-cert.gov/cas/techalerts/TA10-103C.html http://www.vupen.com/english/advisories/2010/0873 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7420 https://access.redhat.com/security/cve/CVE-2010-0195 https://bugzilla.redhat.com/show_bug.cgi?id=581417 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 2%CPEs: 16EXPL: 0

Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document, which makes it easier for remote attackers to trick users into executing arbitrary code via a crafted document. Adobe Reader v8.x y v9.x para Windows puede ejecutar ficheros EXE que estén incrustado en un documento PDF, esto facilita a los atacantes remotos engañar a los usuarios para que ejecuten código de su elección mediante un fichero manipulado. • http://lists.immunitysec.com/pipermail/dailydave/2010-April/006072.html http://lists.immunitysec.com/pipermail/dailydave/2010-April/006074.html http://www.metasploit.com/redmine/projects/framework/repository/revisions/8379/changes/modules/exploits/windows/fileformat/adobe_pdf_embedded_exe.rb https://exchange.xforce.ibmcloud.com/vulnerabilities/57994 https://forum.immunityinc.com/board/thread/1199/exploiting-pdf-files-without-vulnerabili/?page=1#post-1199 https://oval.cisecurity.org/repository/search/definition/oval% • CWE-94: Improper Control of Generation of Code ('Code Injection') •