CVSS: 9.3EPSS: 85%CPEs: 57EXPL: 3CVE-2010-4091 – Acrobat Reader 9.4 - Memory Corruption
https://notcve.org/view.php?id=CVE-2010-4091
The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information. El plugin EScript.api en Adobe Reader y Acrobat versión 10.x anterior a 10.0.1, versión 9.x anterior a 9.4.1 y versión 8.x anterior a 8.2.6 en Windows y Mac OS X, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de un documento PDF creado que desencadena una corrupción de memoria, que involucran a la función printSeps. NOTA: algunos de estos datos se consiguen de la información de terceros. • https://www.exploit-db.com/exploits/15419 http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.html http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html http://osvdb.org/69005 http://secunia.com/advisories/42095 http://secunia.com/advisories/42401 http://secunia.com/advisories/43025 http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 97%CPEs: 11EXPL: 4CVE-2009-4324 – Adobe Acrobat and Reader Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2009-4324
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009. La vulnerabilidad de uso de la memoria previamente liberada (Use-after-free) en la función Doc.media.newPlayer en el archivo Multimedia.api en Adobe Reader y Acrobat versión 9.x anterior a 9.3, y versión 8.x anterior a 8.2 en Windows y Mac OS X, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo PDF creado utilizando una transmisión comprimida ZLib, tal como se explotó “in the wild” en diciembre de 2009. Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file. • https://www.exploit-db.com/exploits/16503 https://www.exploit-db.com/exploits/16623 https://www.exploit-db.com/exploits/10618 http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://osvdb.org/60980 http://secunia.com/advisories/37690 http://secunia.com/advisories/38138 http://secunia.com/advisories/38215 http:&# • CWE-416: Use After Free •
CVSS: 3.7EPSS: 0%CPEs: 14EXPL: 0CVE-2008-0883 – acroread: insecure handling of temporary files
https://notcve.org/view.php?id=CVE-2008-0883
acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling. acroread en Adobe Acrobat Reader 8.1.2 permite a usuarios locales sobrescribir ficheros de su elección mediante un ataque de enlaces simbólicos en ficheros temporales relativos al manejo de certificados SSL. • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://secunia.com/advisories/29229 http://secunia.com/advisories/29242 http://secunia.com/advisories/29425 http://secunia.com/advisories/31136 http://secunia.com/advisories/31352 http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1 http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html http://www.adobe.com/support/security/advisories/apsa08-02.html http://www.gentoo.org/security&# • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.6EPSS: 0%CPEs: 60EXPL: 0CVE-2006-0525
https://notcve.org/view.php?id=CVE-2006-0525
Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator CS2, and (3) Adobe Help Center, install a large number of .EXE and .DLL files with write-access permission for the Everyone group, which allows local users to gain privileges via Trojan horse programs. • http://secunia.com/advisories/18698 http://securitytracker.com/id?1015577 http://securitytracker.com/id?1015578 http://securitytracker.com/id?1015579 http://www.adobe.com/support/techdocs/332644.html http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf http://www.kb.cert.org/vuls/id/953860 http://www.osvdb.org/22908 http://www.securityfocus.com/archive/1/423587/100/0/threaded http://www.securityfocus.com/bid/16451 http://www.vupen.com/english/advisories/2006/ • CWE-264: Permissions, Privileges, and Access Controls •