CVE-2009-2988 – acroread: Multiple DoS fixes in 8.1.7 (APSB09-15)
https://notcve.org/view.php?id=CVE-2009-2988
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which allows attackers to cause a denial of service via unspecified vectors. Adobe Reader y Acrobat v7.x anteriores a v7.1.4, v8.x anteriores a v8.1.7 y v9.x anteriores a v9.2 no valida adecuadamente la entrad, permitiendo a atacantes provocar una denegación de servicio mediante vectores no especificados. • http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.securityfocus.com/bid/36638 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6483 https://access.redhat.com/security/cve/CVE-2009-2988 https://bugzilla.redhat.com/show_bug.cgi?id=528665 • CWE-20: Improper Input Validation •
CVE-2009-2991 – acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15)
https://notcve.org/view.php?id=CVE-2009-2991
Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en el plug-in para Mozilla en Adobe Reader y Acrobat v8.x anteriores a v8.1.7 y posiblemente en v7.x anteriores a v7.1.4 y v9.x anteriores a v9.2, podría permitir a atacantes remotos ejecutar código de su elección mediante vectores desconocidos. • http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.securityfocus.com/bid/36638 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5557 https://access.redhat.com/security/cve/CVE-2009-2991 https://bugzilla.redhat.com/show_bug.cgi?id=528659 •
CVE-2009-2990 – Adobe Reader / Acrobat - '.U3D' File Invalid Array Index Overflow
https://notcve.org/view.php?id=CVE-2009-2990
Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors. Error de indice en vector en Adobe Reader y Acrobat v9.x anteriores a v9.2, v8.x anteriores a v8.1.7 y posiblemente en v7.x anteriores a v7.1.4 podría permitir a atacantes ejecutar código de su elección mediante vectores no especificados. When a U3D CLODProgressiveMeshContinuation (blocktype: 0xFFFFFF3C) is parsed by Adobe Acrobat Reader U3D plugin the split position index is read from the input without any validation. That index is then used for getting an object out of the limits of the array, object from which a function pointer is dereferenced and called. Adobe Acrobat Reader version 8.1.6 and below and 9.1.3 and below are affected. • https://www.exploit-db.com/exploits/9990 https://www.exploit-db.com/exploits/16309 http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.securityfocus.com/bid/36638 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6371 https://access.redhat.com/security/cve/CVE-2009-2990 https: • CWE-189: Numeric Errors •
CVE-2009-3459 – Adobe - FlateDecode Stream Predictor 02 Integer Overflow
https://notcve.org/view.php?id=CVE-2009-3459
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information. Un Desbordamiento de búfer en la región heap de la memoria en Adobe Reader y Acrobat versión 7.x anterior a versión 7.1.4, versión 8.x anterior a 8.1.7, y versión 9.x anterior a 9.2, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo PDF creado que desencadena la corrupción de memoria, tal y como fue explotado "in the wild" en octubre de 2009. NOTA: algunos de estos detalles se obtienen de información de terceros. • https://www.exploit-db.com/exploits/16546 https://www.exploit-db.com/exploits/16652 http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html http://isc.sans.org/diary.html?storyid=7300 http://secunia.com/advisories/36983 http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.iss.net/threats/348.html http://www.securityfocus.com/bid/36600 http://www.us-cert.gov/cas/techalerts/TA09-286B.ht • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-2985 – Adobe Reader Compact Font Format Malformed Index Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-2985
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2996. Adobe Reader y Acrobat v7.x anteriores a v7.1.4, v8.x anteriores a v8.1.7 y v9.x anteriores a v9.2 permite a atacantes provocar una denegación de servicio (consumo de memoria) o probablemente ejecutar código de su elección mediante vectores no especificados, siendo una vulnerabilidad diferente a CVE-2009-2996. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application parses a PDF file containing a malformed Compact Font Format stream. While decoding the font embedded in this stream, the application will explicitly trust a 16-bit value used to index into an array of elements. • http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.securityfocus.com/bid/36638 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6145 https://access.redhat.com/security/cve/CVE-2009-2985 https://bugzilla.redhat.com/show_bug.cgi?id=528659 • CWE-399: Resource Management Errors •