CVE-2019-8257 – Adobe Acrobat Pro DC XFA Form Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-8257
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . Adobe Acrobat and Reader versiones 2019.012.20035 y anteriores, versiones 2019.012.20035 y anteriores, versiones 2017.011.30142 y anteriores, versiones 2017.011.30143 y anteriores, versiones 2015.006.30497 y anteriores, y versiones 2015.006.30498 y anteriores presenta una vulnerabilidad de uso de la memoria previamente liberada. Su explotación con éxito podría permitir la ejecución arbitraria de código This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA forms. • https://helpx.adobe.com/security/products/acrobat/apsb19-41.html • CWE-416: Use After Free •
CVE-2019-8238
https://notcve.org/view.php?id=CVE-2019-8238
Adobe Acrobat and Reader versions 2019.010.20100 and earlier; 2019.010.20099 and earlier versions; 2017.011.30140 and earlier version; 2017.011.30138 and earlier version; 2015.006.30495 and earlier versions; 2015.006.30493 and earlier versions have a Path Traversal vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. Adobe Acrobat and Reader versiones 2019.010.20100 y anteriores; 2019.010.20099 y versiones anteriores; 2017.011.30140 y versiones anteriores; 2017.011.30138 y versiones anteriores; 2015.006.30495 y versiones anteriores; 2015.006.30493 y versiones anteriores, presentan una vulnerabilidad de Salto Ruta. Su explotación con éxito podría conllevar a la divulgación de información en el contexto del usuario actual. • https://helpx.adobe.com/security/products/acrobat/apsb19-18.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-8237
https://notcve.org/view.php?id=CVE-2019-8237
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an insufficiently robust encryption vulnerability. Successful exploitation could lead to security feature bypass. Adobe Acrobat and Reader versiones 2019.012.20035 y anteriores, versiones 2019.012.20035 y anteriores, versiones 2017.011.30142 y anteriores, versiones 2017.011.30143 y anteriores, versiones 2015.006.30497 y anteriores, y versiones 2015.006.30498 y anteriores tienen una vulnerabilidad de encriptación insuficientemente robusta. El éxito de la explotación podría llevar a la evasión de las características de seguridad • https://helpx.adobe.com/security/products/acrobat/apsb19-41.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2019-8226
https://notcve.org/view.php?id=CVE-2019-8226
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an incomplete implementation of security mechanism vulnerability. Successful exploitation could lead to information disclosure. Las versiones de Adobe Acrobat and Reader, 2019.012.20040 y anteriores, 2017.011.30148 y anteriores, 2017.011.30148 y anteriores, 2015.006.30503 y anteriores, y 2015.006.30503 y anteriores, presentan una implementación incompleta de la vulnerabilidad del mecanismo de seguridad. Su explotación con éxito podría conllevar a una divulgación de información. • https://helpx.adobe.com/security/products/acrobat/apsb19-49.html •
CVE-2019-8222
https://notcve.org/view.php?id=CVE-2019-8222
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure . Las versiones de Adobe Acrobat and Reader, 2019.012.20040 y anteriores, 2017.011.30148 y anteriores, 2017.011.30148 y anteriores, 2015.006.30503 y anteriores, y 2015.006.30503 y anteriores, presentan una vulnerabilidad de lectura fuera de límites. Su explotación con éxito podría conllevar a una divulgación de información. • https://helpx.adobe.com/security/products/acrobat/apsb19-49.html • CWE-125: Out-of-bounds Read •