CVE-2016-0931 – Adobe Reader DC FileAttachment point Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0931
Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FileAttachment annotation, a different vulnerability than CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946. Adobe Reader y Acrobat en versiones anteriores a 11.0.14, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 15.006.30119 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 15.010.20056 en Windows y OS X permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una anotación FileAttachment manipulada, una vulnerabilidad diferente a CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945 y CVE-2016-0946. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the handling of FileAttachment annotations. By setting the point attribute to a specific array, an attacker can force a dangling pointer to be reused after it has been freed. • http://www.securitytracker.com/id/1034646 http://zerodayinitiative.com/advisories/ZDI-16-009 https://helpx.adobe.com/security/products/acrobat/apsb16-02.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-0939 – Adobe Acrobat Reader DC Uninitialized Memory Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0939
Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946. Adobe Reader y Acrobat en versiones anteriores a 11.0.14, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 15.006.30119 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 15.010.20056 en Windows y OS X permiten a atacantes ejecutar código arbitrario o causar una denegación de servicio (referencia a puntero no inicializado y corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945 y CVE-2016-0946. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. By providing a malformed PDF file, an attacker can cause uninitialized memory to be dereferenced. • http://www.securitytracker.com/id/1034646 http://zerodayinitiative.com/advisories/ZDI-16-015 https://helpx.adobe.com/security/products/acrobat/apsb16-02.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-0937 – Adobe Acrobat Pro DC OCG Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0937
Use-after-free vulnerability in the OCG object implementation in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0932, CVE-2016-0934, CVE-2016-0940, and CVE-2016-0941. Vulnerabilidad de uso después de liberación de memoria en la implementación del objeto OCG en Adobe Reader y Acrobat en versiones anteriores a 11.0.14, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 15.006.30119 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 15.010.20056 en Windows y OS X permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-0932, CVE-2016-0934, CVE-2016-0940 y CVE-2016-0941. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of OCG objects. A specially crafted PDF with a specific OCG action can force a dangling pointer to be reused after it has been freed. • http://www.securitytracker.com/id/1034646 http://zerodayinitiative.com/advisories/ZDI-16-011 https://helpx.adobe.com/security/products/acrobat/apsb16-02.html •
CVE-2014-9160 – Adobe Reader X And XI For Windows Out-of-bounds Write In CoolType.dll
https://notcve.org/view.php?id=CVE-2014-9160
Multiple heap-based buffer overflows in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code via unknown vectors. Múltiples desbordamientos de buffer basado en memoria dinámica en Adobe Reader y Acrobat 10.x anterior a 10.1.14 y 11.x anterior a 11.0.11 en Windows y OS X permiten a atacantes ejecutar código arbitrario a través de vectores desconocidos. Adobe Reader X and XI for windows suffers from an out-of-bounds write in CoolType.dll. • http://www.securitytracker.com/id/1032284 https://helpx.adobe.com/security/products/reader/apsb15-10.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-3046
https://notcve.org/view.php?id=CVE-2015-3046
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3056, CVE-2015-3057, CVE-2015-3070, and CVE-2015-3076. Adobe Reader y Acrobat 10.x anterior a 10.1.14 y 11.x anterior a 11.0.11 en Windows y OS X permiten a atacantesw remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-9161, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3056, CVE-2015-3057, CVE-2015-3070, y CVE-2015-3076. • http://www.securityfocus.com/bid/74600 http://www.securitytracker.com/id/1032284 https://helpx.adobe.com/security/products/reader/apsb15-10.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •