CVE-2010-1240 – Adobe PDF - Embedded EXE Social Engineering
https://notcve.org/view.php?id=CVE-2010-1240
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message. Reader y Acrobat de Adobe versiones 9.x anteriores a 9.3.3, y versiones 8.x anteriores a 8.2.3, sobre Windows y Mac OS X, no restringen el contenido de un campo de texto en el cuadro de diálogo de advertencia Iniciar Archivo, lo que facilita a los atacantes remotos engañar a los usuarios para que ejecuten un programa local arbitrario que se especificó en un documento PDF, como es demostrado por un campo de texto que afirma que el botón Abrir permitirá al usuario leer un mensaje cifrado. • https://www.exploit-db.com/exploits/16671 https://www.exploit-db.com/exploits/16682 https://www.exploit-db.com/exploits/11987 https://github.com/asepsaepdin/CVE-2010-1240 http://blog.didierstevens.com/2010/03/29/escape-from-pdf http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf http://lists.immunitysec.com/pipermail/dailydave/2010-April/006075.html http://www.adobe.com/support/security/bulletins/apsb10-15.html http://www.securitytracker.com/id?1024159 http • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-4764
https://notcve.org/view.php?id=CVE-2009-4764
Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document, which makes it easier for remote attackers to trick users into executing arbitrary code via a crafted document. Adobe Reader v8.x y v9.x para Windows puede ejecutar ficheros EXE que estén incrustado en un documento PDF, esto facilita a los atacantes remotos engañar a los usuarios para que ejecuten código de su elección mediante un fichero manipulado. • http://lists.immunitysec.com/pipermail/dailydave/2010-April/006072.html http://lists.immunitysec.com/pipermail/dailydave/2010-April/006074.html http://www.metasploit.com/redmine/projects/framework/repository/revisions/8379/changes/modules/exploits/windows/fileformat/adobe_pdf_embedded_exe.rb https://exchange.xforce.ibmcloud.com/vulnerabilities/57994 https://forum.immunityinc.com/board/thread/1199/exploiting-pdf-files-without-vulnerabili/?page=1#post-1199 https://oval.cisecurity.org/repository/search/definition/oval% • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2010-0188 – Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0188
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad no específica en Adobe Reader y Acrobat v8.x anteriores a v8.2.1 y v9.x anteriores v9.3.1, permite a atacantes provocar una denegación de servicio (caidas de aplicación) o posiblemente ejecutar código de su elección a través de vectores no especificados. Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code. • https://www.exploit-db.com/exploits/21869 https://www.exploit-db.com/exploits/21868 https://www.exploit-db.com/exploits/16670 https://www.exploit-db.com/exploits/11787 http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://secunia.com/advisories/38639 http://secunia.com/advisories/38915 http://securitytracker.com/id?1023601 http://www.adobe.com/support/security/bulletins/apsb10-07.html http://www.redhat.com/support/errata/RHSA-2010-0114.html http: • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2010-0186 – flash-plugin: unauthorized cross-domain requests (APSB10-06)
https://notcve.org/view.php?id=CVE-2010-0186
Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors. Vulnerabilidad de tipo cross-domain en Adobe Flash Player anterior a versión 10.0.45.2, Adobe AIR anterior a 1.5.3.9130 y Adobe Reader y Acrobat 8.x anterior al 8.2.1 y 9.x anterior al 9.3.1 permite a los atacantes remotos omitir las restricciones de sandbox previstas y hacer peticiones de tipo cross-domain por medio de vectores no específicos. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://secunia.com/advisories/38547 http://secunia.com/advisories/38639 http://secunia.com/advisories/38915 http://secunia.com/advisories/40220 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://securitytracker.com/id?1023585 http://support.apple.com/kb/HT4188 http://www.adobe.com/sup •
CVE-2009-3957
https://notcve.org/view.php?id=CVE-2009-3957
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors. Adobe Reader y Acrobat v9.x anterior a v9.3, y 8.x anterior a v8.2, sobre Windows y Mac OS X, podría permitir a atacantes provocar una denegación de servicio (deferencia a puntero NULL) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://www.adobe.com/support/security/bulletins/apsb10-02.html http://www.securityfocus.com/bid/37760 http://www.securitytracker.com/id?1023446 http://www.us-cert.gov/cas/techalerts/TA10-013A.html http://www.vupen.com/english/advisories/2010/0103 https://exchange.xforce.ibmcloud.com/vulnerabilities/55555 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7975 •