CVSS: 9.3EPSS: 29%CPEs: 74EXPL: 0CVE-2011-2432 – Adobe Reader U3D TIFF Resource Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2432
Buffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búffer en U3D TIFF Resource en Adobe Reader y Acrobat v8.x antes de v8.3.1, v9.x antes de v9.4.6, y v10.x antes de v10.1.1, permite a atacanes remotos ejecutar código de su elección a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within because Adobe Reader X includes an old version of libtiff. Adobe can be tricked in using this library by parsing a specially crafted PDF file containing U3D data. • http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html http://www.adobe.com/support/security/bulletins/apsb11-24.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14031 https://access.redhat.com/security/cve/CVE-2011-2432 https://bugzilla.redhat.com/show_bug.cgi?id=749381 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 29%CPEs: 74EXPL: 0CVE-2011-2437 – Adobe Reader U3D PCX Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2437
Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2434. Múltiples desbordamientos de búfer basados en memoria dinámica en Adobe Reader y Acrobat v8.x antes de v8.3.1, v9.x antes de v9.4.6, y v10.x antes de v10.1.1, permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos, una vulnerabilidad diferente de CVE-2011-2433 y CVE-2011-2434. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe Image parsing library. When Adobe Reader tries to parse an .PCX image it creates a 32 bits loop counter based on the height and width of the image. • http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html http://www.adobe.com/support/security/bulletins/apsb11-24.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13984 https://access.redhat.com/security/cve/CVE-2011-2437 https://bugzilla.redhat.com/show_bug.cgi?id=749381 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 74EXPL: 0CVE-2011-2440 – acroread: multiple code execution flaws (APSB11-24)
https://notcve.org/view.php?id=CVE-2011-2440
Use-after-free vulnerability in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad "use-after-free" en Adobe Reader y Acrobat v8.x antes de v8.3.1, v9.x antes de v9.4.6 y v10.x antes de v10.1.1, permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html http://www.adobe.com/support/security/bulletins/apsb11-24.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14149 https://access.redhat.com/security/cve/CVE-2011-2440 https://bugzilla.redhat.com/show_bug.cgi?id=749381 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 6%CPEs: 12EXPL: 0CVE-2011-2102
https://notcve.org/view.php?id=CVE-2011-2102
Unspecified vulnerability in Adobe Reader and Acrobat before 10.1 on Windows and Mac OS X allows attackers to bypass intended access restrictions via unknown vectors. Vulnerabilidad no especificada en Adobe Reader y Acrobat antes de v10.1 en Windows y Mac OS X permite a los atacantes eludir restricciones de acceso previsto a través de vectores desconocidos. • http://osvdb.org/73064 http://www.adobe.com/support/security/bulletins/apsb11-16.html http://www.securityfocus.com/bid/48253 http://www.securitytracker.com/id?1025658 http://www.us-cert.gov/cas/techalerts/TA11-166A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/68016 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14004 •
CVSS: 6.9EPSS: 0%CPEs: 73EXPL: 0CVE-2011-2100
https://notcve.org/view.php?id=CVE-2011-2100
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory. Vulnerabilidad en la búsqueda de una ruta no confiable en Adobe Reader y Acrobat 8.x anterior a v8.3, 9.x anterior a 9.4.5 y 10.x anterior a 10.1 sobre Windows, permite a usuarios locales elevar sus privilegios a través de una dll troyanizada en el directorios actual de trabajo. • http://osvdb.org/73062 http://www.adobe.com/support/security/bulletins/apsb11-16.html http://www.securityfocus.com/bid/48252 http://www.securitytracker.com/id?1025658 http://www.us-cert.gov/cas/techalerts/TA11-166A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/68014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14057 •