CVSS: 8.8EPSS: 3%CPEs: 38EXPL: 0CVE-2016-0931 – Adobe Reader DC FileAttachment point Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0931
Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FileAttachment annotation, a different vulnerability than CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946. Adobe Reader y Acrobat en versiones anteriores a 11.0.14, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 15.006.30119 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 15.010.20056 en Windows y OS X permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una anotación FileAttachment manipulada, una vulnerabilidad diferente a CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945 y CVE-2016-0946. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the handling of FileAttachment annotations. By setting the point attribute to a specific array, an attacker can force a dangling pointer to be reused after it has been freed. • http://www.securitytracker.com/id/1034646 http://zerodayinitiative.com/advisories/ZDI-16-009 https://helpx.adobe.com/security/products/acrobat/apsb16-02.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 17%CPEs: 38EXPL: 0CVE-2016-0937 – Adobe Acrobat Pro DC OCG Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0937
Use-after-free vulnerability in the OCG object implementation in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0932, CVE-2016-0934, CVE-2016-0940, and CVE-2016-0941. Vulnerabilidad de uso después de liberación de memoria en la implementación del objeto OCG en Adobe Reader y Acrobat en versiones anteriores a 11.0.14, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 15.006.30119 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 15.010.20056 en Windows y OS X permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-0932, CVE-2016-0934, CVE-2016-0940 y CVE-2016-0941. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of OCG objects. A specially crafted PDF with a specific OCG action can force a dangling pointer to be reused after it has been freed. • http://www.securitytracker.com/id/1034646 http://zerodayinitiative.com/advisories/ZDI-16-011 https://helpx.adobe.com/security/products/acrobat/apsb16-02.html •
CVSS: 6.4EPSS: 0%CPEs: 20EXPL: 0CVE-2014-9150
https://notcve.org/view.php?id=CVE-2014-9150
Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568. Condición de carrera en la caracteristica 'MoveFileEx call hook' en Adobe Reader and Acrobat 11.x anterior a 11.0.09 en Windows permite a atacantes remotos evadir el mecanismo de protección de sandbox, y como consecuencia escribir a ficheros en localizaciones arbitrarias, a través de un ataque de unión NTFS, un problema similar a CVE-2014-0568. • http://helpx.adobe.com/security/products/reader/apsb14-28.html https://code.google.com/p/google-security-research/issues/detail?id=103 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.3EPSS: 1%CPEs: 24EXPL: 0CVE-2014-5315
https://notcve.org/view.php?id=CVE-2014-5315
Cross-site scripting (XSS) vulnerability in the Help page in Adobe Acrobat 9.5.2 and earlier and ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la página de ayuda en Adobe Acrobat 9.5.2 y anteriores y ColdFusion 8.0.1 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN84376800/244523/index.html http://jvn.jp/en/jp/JVN84376800/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000105 https://exchange.xforce.ibmcloud.com/vulnerabilities/95958 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 62%CPEs: 14EXPL: 0CVE-2011-4373 – Adobe Reader BMP Resource Signedness Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4373
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372. Adobe Reader y Adobe Acrobat antes de v9.5, y v10.x antes de v10.1.2, en Windows y Mac OS X permite a los atacantes ejecutar código de su elección o causar una denegación de servicio (por corrupción de memoria) a través de vectores no especificados. Se trata de una vulnerabilidad diferente a CVE-2011-4370 y CVE-2011-4372. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within 2d.x3d, which is Adobe Reader's code responsible for processing BMP files. • http://www.adobe.com/support/security/bulletins/apsb12-01.html http://www.securityfocus.com/bid/51350 http://www.securitytracker.com/id?1026496 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14615 https://access.redhat.com/security/cve/CVE-2011-4373 https://bugzilla.redhat.com/show_bug.cgi?id=810397 • CWE-787: Out-of-bounds Write •