Page 68 of 365 results (0.010 seconds)

CVSS: 9.3EPSS: 6%CPEs: 20EXPL: 1

CVE-2010-1241 – Acroread: Heap-based overflow by opening a specially-crafted PDF file (FG-VD-10-005)

https://notcve.org/view.php?id=CVE-2010-1241

Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005. El desbordamiento de búfer en la región heap de la memoria en el sistema de administración de la pila personalizado en Reader y Acrobat versiones 9.x anteriores a 9.3.2, y versiones 8.x anteriores a 8.2.2 de Adobe en Windows y Mac OS X, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) por medio de un documento PDF especialmente diseñado, también se conoce como FG-VD-10-005. • http://blog.fortinet.com/the-upcoming-blackhat-europe-2010-presentation http://lists.immunitysec.com/pipermail/dailydave/2010-April/006077.html http://www.adobe.com/support/security/bulletins/apsb10-09.html http://www.blackhat.com/html/bh-eu-10/bh-eu-10-briefings.html#Li http://www.securityfocus.com/bid/39227 http://www.securityfocus.com/bid/39329 http://www.us-cert.gov/cas/techalerts/TA10-103C.html http://www.vupen.com/english/advisories/2010/0873 http://www.youtube.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 16%CPEs: 16EXPL: 4

CVE-2010-0188 – Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2010-0188

Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad no específica en Adobe Reader y Acrobat v8.x anteriores a v8.2.1 y v9.x anteriores v9.3.1, permite a atacantes provocar una denegación de servicio (caidas de aplicación) o posiblemente ejecutar código de su elección a través de vectores no especificados. Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code. • https://www.exploit-db.com/exploits/21869 https://www.exploit-db.com/exploits/21868 https://www.exploit-db.com/exploits/16670 https://www.exploit-db.com/exploits/11787 http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://secunia.com/advisories/38639 http://secunia.com/advisories/38915 http://securitytracker.com/id?1023601 http://www.adobe.com/support/security/bulletins/apsb10-07.html http://www.redhat.com/support/errata/RHSA-2010-0114.html http: • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.8EPSS: 2%CPEs: 84EXPL: 0

CVE-2010-0186 – flash-plugin: unauthorized cross-domain requests (APSB10-06)

https://notcve.org/view.php?id=CVE-2010-0186

Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors. Vulnerabilidad de tipo cross-domain en Adobe Flash Player anterior a versión 10.0.45.2, Adobe AIR anterior a 1.5.3.9130 y Adobe Reader y Acrobat 8.x anterior al 8.2.1 y 9.x anterior al 9.3.1 permite a los atacantes remotos omitir las restricciones de sandbox previstas y hacer peticiones de tipo cross-domain por medio de vectores no específicos. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://secunia.com/advisories/38547 http://secunia.com/advisories/38639 http://secunia.com/advisories/38915 http://secunia.com/advisories/40220 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://securitytracker.com/id?1023585 http://support.apple.com/kb/HT4188 http://www.adobe.com/sup •

CVSS: 10.0EPSS: 65%CPEs: 101EXPL: 0

CVE-2009-3955 – acroread: multiple code execution flaws (APSB10-02)

https://notcve.org/view.php?id=CVE-2009-3955

Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption. Adobe Reader y Acrobat versión 9.x anterior a 9.3 y versión 8.x anterior a 8.2 en Windows y Mac OS X, permiten a los atacantes remotos ejecutar código arbitrario por medio de un marcador JPC_MS_RGN creado en la secuencia Jp2c de un flujo de datos codificado JpxDecode, lo que desencadena una extensión de signo entero que omite una comprobación de saneamiento, lo que conduce a la corrupción de memoria. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=836 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://secunia.com/advisories/38138 http://secunia.com/advisories/38215 http://www.adobe.com/support/security/bulletins/apsb10-02.html http://www.redhat.com/support/errata/RHSA-2010-0060.html http://www.securityfocus.com/bid/37757 http://www.securitytracker.com/id?1023446 http://www.us-cert.gov/cas/techalerts/TA10-013A.html http:// • CWE-399: Resource Management Errors •

CVSS: 10.0EPSS: 2%CPEs: 102EXPL: 0

CVE-2009-3954 – acroread: multiple code execution flaws (APSB10-02)

https://notcve.org/view.php?id=CVE-2009-3954

The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability." La implementación 3D en Adobe Reader y Acrobat v9.x anterior a v9.3, y v8.x anterior a v8.2 sobre Windows y Mac OS X, podría permitir a atacantes ejecutar código de su elección a través de vectores no especificados, relacionados con un "vulnerabilidad de carga DLL". • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://secunia.com/advisories/38138 http://secunia.com/advisories/38215 http://www.adobe.com/support/security/bulletins/apsb10-02.html http://www.redhat.com/support/errata/RHSA-2010-0060.html http://www.securityfocus.com/bid/37761 http://www.securitytracker.com/id?1023446 http://www.us-cert.gov/cas/techalerts/TA10-013A.html http://www.vupen.com/english/advisories/2010/0103 https://bugzilla.redhat.com&# • CWE-94: Improper Control of Generation of Code ('Code Injection') •