CVSS: 10.0EPSS: 3%CPEs: 8EXPL: 0CVE-2016-1065 – Adobe Acrobat Pro DC FileAttachment point Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1065
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107. Vulnerabilidad de uso después de liberación de memoria en Adobe Reader y Acrobat en versiones anteriores a 11.0.16, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 15.006.30172 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 15.016.20039 sobre Windows y OS X permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102 y CVE-2016-4107. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the handling of FileAttachment annotations. By setting the point attribute to a specific array, an attacker can force a dangling pointer to be reused after it has been freed. • http://www.securityfocus.com/bid/90512 http://www.securitytracker.com/id/1035828 http://www.zerodayinitiative.com/advisories/ZDI-16-312 https://helpx.adobe.com/security/products/acrobat/apsb16-14.html •
CVSS: 10.0EPSS: 1%CPEs: 81EXPL: 0CVE-2013-1376 – acroread: multiple code execution flaws (APSB13-02)
https://notcve.org/view.php?id=CVE-2013-1376
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0612, CVE-2013-0615, CVE-2013-0617, and CVE-2013-0621. Desbordamiento de búfer en Adobe Reader y Acrobat 9.x anterior a la versión 9.5.3, 10.x anterior a 10.1.5, y 11.x anterior a la versión 11.0.1 permite a atacantes remotos ejecutar código arbitrario a través de vectores sin especificar, una vulnerabilidad diferente a CVE-2013-0606, CVE-2013-0612, CVE-2013-0615, CVE-2013-0617, y CVE-2013-0621. • http://www.adobe.com/support/security/bulletins/apsb13-02.html https://access.redhat.com/security/cve/CVE-2013-1376 https://bugzilla.redhat.com/show_bug.cgi?id=893235 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 93EXPL: 0CVE-2013-3342
https://notcve.org/view.php?id=CVE-2013-3342
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 do not properly handle operating-system domain blacklists, which has unspecified impact and attack vectors. Adobe Reader y Acrobat v9.x antes de v9.5.5, v10.x antes de v10.1.7 y v11.x antes de v11.0.03 no maneja adecuadamente las listas negras de dominio del sistema operativo, lo cual tiene un impacto no especificado y vectores de ataque. • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html http://security.gentoo.org/glsa/glsa-201308-03.xml http://www.adobe.com/support/security/bulletins/apsb13-15.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16063 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 33%CPEs: 93EXPL: 0CVE-2013-2731 – acroread: multiple code execution flaws (APSB13-15)
https://notcve.org/view.php?id=CVE-2013-2731
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341. Adobe Reader y Acrobat v9.x anterior a v9.5.5, v10.x anterior a v10.1.7, y v11.x anterior a v11.0.03 permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) mediante vectores desconocidos, una vulnerabilidad diferente a CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, y CVE-2013-3341. • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html http://rhn.redhat.com/errata/RHSA-2013-0826.html http://security.gentoo.org/glsa/glsa-201308-03.xml http://www.adobe.com/support/security/bulletins/apsb13-15.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16787 https://access.redhat.com/security/cve/CVE-2013-2731 https://bugzilla.redhat.com/show_bug.cgi?id=962931 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 3%CPEs: 93EXPL: 0CVE-2013-2724 – acroread: multiple code execution flaws (APSB13-15)
https://notcve.org/view.php?id=CVE-2013-2724
Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en pila en Adobe Reader y Acrobat v9.x anterior a v9.5.5, v10.x anterior a v10.1.7, y v11.x anterior a v11.0.03 permite a atacantes remotos ejecutar código arbitrario mediante vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html http://rhn.redhat.com/errata/RHSA-2013-0826.html http://security.gentoo.org/glsa/glsa-201308-03.xml http://www.adobe.com/support/security/bulletins/apsb13-15.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16366 https://access.redhat.com/security/cve/CVE-2013-2724 https://bugzilla.redhat.com/show_bug.cgi?id=962931 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •