CVSS: 4.3EPSS: 1%CPEs: 50EXPL: 0CVE-2009-2979 – acroread: Multiple DoS fixes in 8.1.7 (APSB09-15)
https://notcve.org/view.php?id=CVE-2009-2979
Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service via a crafted document. Adobe Reader y Acrobat v9.x anteriores a la v9.2, v8.x anteriores a la v8.1.7 y posiblemente v7.x hasta la v7.1.4 no realizan apropiadamente la expansión de entidades XMP-XML, lo que permite a atacantes remotos provacar una denegación de servicio a través de un documento modificado. • http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.securityfocus.com/bid/36638 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6280 https://access.redhat.com/security/cve/CVE-2009-2979 https://bugzilla.redhat.com/show_bug.cgi?id=528665 •
CVSS: 9.3EPSS: 1%CPEs: 50EXPL: 0CVE-2009-2986 – acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15)
https://notcve.org/view.php?id=CVE-2009-2986
Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. Múltiples desbordamientos de búfer basado en memoria dinámica (heap) en Adobe Reader y Acrobat v7.x anteriores a v7.1.4, v8.x anteriores a v8.1.7 y v9.x anteriores a v9.2 podría permitir a atacantes ejecutar código de su elección mediante vectores no especificados. • http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.securityfocus.com/bid/36638 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5888 https://access.redhat.com/security/cve/CVE-2009-2986 https://bugzilla.redhat.com/show_bug.cgi?id=528659 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 50EXPL: 0CVE-2009-2981 – acroread: Trust Manager restrictions bypass fixed in 8.1.7 (APSB09-15)
https://notcve.org/view.php?id=CVE-2009-2981
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to bypass intended Trust Manager restrictions via unspecified vectors. Adobe Reader y Acrobat v7.x anteriores a v7.1.4, v8.x anteriores a v8.1.7 y v9.x anteriores a v9.2 no valida adecuadamente la entrada, pudiendo permitir a atacantes mediante vectores no especificados saltar las restricciones implementadas por Trust Manager. • http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.securityfocus.com/bid/36638 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6284 https://access.redhat.com/security/cve/CVE-2009-2981 https://bugzilla.redhat.com/show_bug.cgi?id=528666 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 50EXPL: 0CVE-2009-3462 – acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15)
https://notcve.org/view.php?id=CVE-2009-3462
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug mode is enabled, allow attackers to execute arbitrary code via unspecified vectors, related to a "format bug." Adobe Reader y Acrobat v7.x anteriores a v7.1.4, 8.x anteriores a v8.1.7 y v9.x anteriores a v9.2 en Unix, cuando el modo Debug está activado, permite a atacantes ejecutar código de su elección a través de vectores de ataque sin especificar, relacionados con un "bug" (error o fallo de diseño) de formato. • http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.securityfocus.com/bid/36638 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6429 https://access.redhat.com/security/cve/CVE-2009-3462 https://bugzilla.redhat.com/show_bug.cgi?id=528659 •
CVSS: 9.3EPSS: 23%CPEs: 50EXPL: 0CVE-2009-2993 – acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15)
https://notcve.org/view.php?id=CVE-2009-2993
The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information. JavaScript en la API de Acrobat de Adobe Reader y Acrobat v7.x anteriores a v7.1.4, v8.x anteriores a v8.1.7 y v9.x anteriores a v9.2 no implementa apropiadamente el (1) "Privileged Context" (contexto privilegidado) y (2) restricciones de "Safe Path" (ruta segura) para métodos de JavaScript sin especificar. Lo que permite a atacantes remotos crear ficheros de su elección, y posiblemente ejecutar código de su elección, a través del parámetro cPath en un fichero PDF modificado. NOTA: algunos de estos detalles han sido obtenidos de información de terceras partes. • http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.kb.cert.org/vuls/id/257117 http://www.securityfocus.com/bid/36638 http://www.securityfocus.com/bid/36664 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5822 https://access.redhat.com/security/cve/CVE-2009-2993 https:/&#x • CWE-20: Improper Input Validation •