CVSS: 9.3EPSS: 82%CPEs: 59EXPL: 0CVE-2011-0598 – Adobe Reader ICC Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0598
Integer overflow in ACE.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code via crafted ICC data, a different vulnerability than CVE-2011-0596, CVE-2011-0599, and CVE-2011-0602. Un desbordamiento de enteros en la biblioteca ACE.dll en Adobe Reader y Acrobat versión 10.x anterior a 10.0.1, versión 9.x anterior a 9.4.2 y versión 8.x anterior a 8.2.6 en Windows y Mac OS X, permite a los atacantes remotos ejecutar código arbitrario por medio de datos ICC creados, esta es una vulnerabilidad diferente a los CVE-2011-0596, CVE-2011-0599 y CVE-2011-0602. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the ICC parsing component of ACE.dll. It is possible to cause an integer overflow due to several multiplications of controlled byte values. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/archive/1/516315/100/0/threaded http://www.securityfocus.com/bid/46219 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 http://www.zerodayinitiative.com/advisories/ZDI-11-073 https://exchange.xforce. • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 22%CPEs: 59EXPL: 0CVE-2011-0596 – Adobe Reader BMP RLE_8 Decompression Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0596
The Bitmap parsing component in 2d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via an image with crafted (1) height and (2) width values for an RLE_8 compressed bitmap, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2011-0598, CVE-2011-0599, and CVE-2011-0602. Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.x anterior a v8.2.6 en Windows y Mac OS X permite a atacantes remotos ejecutar código de su elección a través de una imagen, una vulnerabilidad diferente de CVE-2011-0598, CVE-2011-0599, y CVE-2011-0602. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the Bitmap parsing component of 2d.dll. When allocating a destination buffer for handling RLE_8 compressed bitmaps the process uses the bitmap height and width values directly. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11921 https://access.redhat.com/security/cve/CVE-2011-0596 https://bugzilla.redhat.com/show_bug.cgi • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 33%CPEs: 59EXPL: 0CVE-2011-0606 – Adobe Acrobat Reader rt3d.dll Multimedia Playing Arbitrary Memory Overwite Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0606
Stack-based buffer overflow in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to a crafted length value, a different vulnerability than CVE-2011-0563 and CVE-2011-0589. Un desbordamiento de búfer en la región stack de la memoria en la biblioteca rt3d.dll en Adobe Reader y Acrobat versión 10.x anterior a 10.0.1, versión 9.x anterior a 9.4.2 y versión 8.x anterior a 8.2.6 en Windows y Mac OS X, permiten a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) por medio de vectores no especificados relacionados con un valor de longitud creado, esta es una vulnerabilidad diferente a los CVE-2011-0563 y CVE-2011-0589. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rt3d.dll component explicitly trusting a length embedded within a particular file in order to calculate the length of a buffer. The application will then duplicate an arbitrarily sized string into a statically sized buffer located on the stack. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/archive/1/516317/100/0/threaded http://www.securityfocus.com/bid/46201 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 https://exchange.xforce.ibmcloud.com/vulnerabilities/65309 https://oval.cisecurity. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 46%CPEs: 59EXPL: 0CVE-2011-0600 – Adobe Reader u3d Parent Node Count Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0600
The U3D component in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file with an invalid Parent Node count that triggers an incorrect size calculation and memory corruption, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0595. El componente U3D de Adobe Reader y Acrobat versión 10.x anterior a 10.0.1, versión 9.x anterior a 9.4.2 y versión 8.x anterior a 8.2.6 en Windows y Mac OS X, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo 3D con un recuento de nodos principales no válido que activa un cálculo de tamaño inapropiado y la corrupción de memoria, esta es una vulnerabilidad diferente a los CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593 y CVE-2011-0595. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader on Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the U3D component distributed with the Reader. The application uses the Parent Node count to calculate the size of an allocation. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/archive/1/516316/100/0/threaded http://www.securityfocus.com/bid/46213 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 http://www.zerodayinitiative.com/advisories/ZDI-11-074 https://oval.cisecurity. • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 72%CPEs: 59EXPL: 0CVE-2011-0567 – Adobe Reader Controlled memset Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0567
AcroRd32.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image that triggers an incorrect pointer calculation, leading to heap memory corruption, a different vulnerability than CVE-2011-0566 and CVE-2011-0603. Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.x anterior a v8.2.6 en Windows y Mac OS X permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una imagen manipulada, una vulnerabilidad diferente de CVE-2011-0566 y CVE-2011-0603. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within AcroRd32.dll. Initially, a pointer passed to memset can be miscalculated and the resulting copy operation corrupts heap memory. • http://secunia.com/advisories/43470 http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.redhat.com/support/errata/RHSA-2011-0301.html http://www.securityfocus.com/bid/46199 http://www.securitytracker.com/id?1025033 http://www.vupen.com/english/advisories/2011/0337 http://www.vupen.com/english/advisories/2011/0492 http://www.zerodayinitiative.com/advisories/ZDI-11-065 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12248 htt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •