CVE-2016-0939 – Adobe Acrobat Reader DC Uninitialized Memory Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0939
Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946. Adobe Reader y Acrobat en versiones anteriores a 11.0.14, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 15.006.30119 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 15.010.20056 en Windows y OS X permiten a atacantes ejecutar código arbitrario o causar una denegación de servicio (referencia a puntero no inicializado y corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945 y CVE-2016-0946. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. By providing a malformed PDF file, an attacker can cause uninitialized memory to be dereferenced. • http://www.securitytracker.com/id/1034646 http://zerodayinitiative.com/advisories/ZDI-16-015 https://helpx.adobe.com/security/products/acrobat/apsb16-02.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-0937 – Adobe Acrobat Pro DC OCG Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0937
Use-after-free vulnerability in the OCG object implementation in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0932, CVE-2016-0934, CVE-2016-0940, and CVE-2016-0941. Vulnerabilidad de uso después de liberación de memoria en la implementación del objeto OCG en Adobe Reader y Acrobat en versiones anteriores a 11.0.14, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 15.006.30119 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 15.010.20056 en Windows y OS X permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-0932, CVE-2016-0934, CVE-2016-0940 y CVE-2016-0941. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of OCG objects. A specially crafted PDF with a specific OCG action can force a dangling pointer to be reused after it has been freed. • http://www.securitytracker.com/id/1034646 http://zerodayinitiative.com/advisories/ZDI-16-011 https://helpx.adobe.com/security/products/acrobat/apsb16-02.html •
CVE-2014-9150
https://notcve.org/view.php?id=CVE-2014-9150
Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568. Condición de carrera en la caracteristica 'MoveFileEx call hook' en Adobe Reader and Acrobat 11.x anterior a 11.0.09 en Windows permite a atacantes remotos evadir el mecanismo de protección de sandbox, y como consecuencia escribir a ficheros en localizaciones arbitrarias, a través de un ataque de unión NTFS, un problema similar a CVE-2014-0568. • http://helpx.adobe.com/security/products/reader/apsb14-28.html https://code.google.com/p/google-security-research/issues/detail?id=103 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2014-5315
https://notcve.org/view.php?id=CVE-2014-5315
Cross-site scripting (XSS) vulnerability in the Help page in Adobe Acrobat 9.5.2 and earlier and ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la página de ayuda en Adobe Acrobat 9.5.2 y anteriores y ColdFusion 8.0.1 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN84376800/244523/index.html http://jvn.jp/en/jp/JVN84376800/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000105 https://exchange.xforce.ibmcloud.com/vulnerabilities/95958 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-4374 – acroread: multiple code execution flaws (APSB11-24)
https://notcve.org/view.php?id=CVE-2011-4374
Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento de entero en Adobe Reader v9.x antes de v9.4.6 en Linux permite a los atacantes ejecutar código de su elección a través de vectores no especificados. • http://www.adobe.com/support/security/bulletins/apsb11-24.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14812 https://access.redhat.com/security/cve/CVE-2011-4374 https://bugzilla.redhat.com/show_bug.cgi?id=749381 • CWE-190: Integer Overflow or Wraparound •