Page 67 of 335 results (0.005 seconds)

CVSS: 6.8EPSS: 0%CPEs: 40EXPL: 0

Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Adobe Reader y Acrobat v9.x anterior v9.3.2, y v8.x anteior v8.2.2 en Windows y Mac OS X, permite a atacantes remotos inyectar código web o HTML de su elección a través de vectores no especificados. • http://www.adobe.com/support/security/bulletins/apsb10-09.html http://www.securityfocus.com/bid/39329 http://www.us-cert.gov/cas/techalerts/TA10-103C.html http://www.vupen.com/english/advisories/2010/0873 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6986 https://access.redhat.com/security/cve/CVE-2010-0190 https://bugzilla.redhat.com/show_bug.cgi?id=581417 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 5%CPEs: 40EXPL: 0

Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0197, CVE-2010-0201, and CVE-2010-0204. Adobe Reader y Acrobat v9.x anterior v9.3.2, y v8.x anterior v8.2.2 en Windows y Mac OS X, permite a atacantes causar una denegación de servicio (caída de aplicación) o ejecutar código de su elección a través de vectores no especificados, una vulnerabilidad diferente que CVE-2010-0197, CVE-2010-0201, y CVE-2010-0204. • http://www.adobe.com/support/security/bulletins/apsb10-09.html http://www.securityfocus.com/bid/39329 http://www.us-cert.gov/cas/techalerts/TA10-103C.html http://www.vupen.com/english/advisories/2010/0873 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6823 https://access.redhat.com/security/cve/CVE-2010-0194 https://bugzilla.redhat.com/show_bug.cgi?id=581417 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 8%CPEs: 40EXPL: 0

Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, do not properly handle fonts, which allows attackers to execute arbitrary code via unspecified vectors. Adobe Reader y Acrobat v9.x anterior v9.3.2, y v8.x anterior v8.2.2 en Windows y Mac OS X, no maneja adecuadamente fuentes, lo que permite a atacantes ejecutar código de su elección a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe's Acrobat Reader. User interaction is required in that the victim must be coerced into opening a malicious document or visiting a malicious URL. The specific flaw exists within the parsing of embedded fonts inside a PDF document. Upon parsing particular tables out of a font file the application will miscalculate an index used for seeking into a buffer. • http://www.adobe.com/support/security/bulletins/apsb10-09.html http://www.securityfocus.com/bid/39329 http://www.us-cert.gov/cas/techalerts/TA10-103C.html http://www.vupen.com/english/advisories/2010/0873 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7420 https://access.redhat.com/security/cve/CVE-2010-0195 https://bugzilla.redhat.com/show_bug.cgi?id=581417 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 26%CPEs: 2EXPL: 5

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message. Reader y Acrobat de Adobe versiones 9.x anteriores a 9.3.3, y versiones 8.x anteriores a 8.2.3, sobre Windows y Mac OS X, no restringen el contenido de un campo de texto en el cuadro de diálogo de advertencia Iniciar Archivo, lo que facilita a los atacantes remotos engañar a los usuarios para que ejecuten un programa local arbitrario que se especificó en un documento PDF, como es demostrado por un campo de texto que afirma que el botón Abrir permitirá al usuario leer un mensaje cifrado. • https://www.exploit-db.com/exploits/16671 https://www.exploit-db.com/exploits/16682 https://www.exploit-db.com/exploits/11987 https://github.com/asepsaepdin/CVE-2010-1240 http://blog.didierstevens.com/2010/03/29/escape-from-pdf http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf http://lists.immunitysec.com/pipermail/dailydave/2010-April/006075.html http://www.adobe.com/support/security/bulletins/apsb10-15.html http://www.securitytracker.com/id?1024159 http&# • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 7%CPEs: 20EXPL: 1

Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005. El desbordamiento de búfer en la región heap de la memoria en el sistema de administración de la pila personalizado en Reader y Acrobat versiones 9.x anteriores a 9.3.2, y versiones 8.x anteriores a 8.2.2 de Adobe en Windows y Mac OS X, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) por medio de un documento PDF especialmente diseñado, también se conoce como FG-VD-10-005. • http://blog.fortinet.com/the-upcoming-blackhat-europe-2010-presentation http://lists.immunitysec.com/pipermail/dailydave/2010-April/006077.html http://www.adobe.com/support/security/bulletins/apsb10-09.html http://www.blackhat.com/html/bh-eu-10/bh-eu-10-briefings.html#Li http://www.securityfocus.com/bid/39227 http://www.securityfocus.com/bid/39329 http://www.us-cert.gov/cas/techalerts/TA10-103C.html http://www.vupen.com/english/advisories/2010/0873 http://www.youtube.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •