CVSS: 9.3EPSS: 32%CPEs: 2EXPL: 0CVE-2007-5663 – acroread JavaScript Insecure Method Exposure
https://notcve.org/view.php?id=CVE-2007-5663
11 Feb 2008 — Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655. Adobe Reader y Acrobat 8.1.1 y anteriores permite a atacantes remotos ejecutar código de su elección a través de un archivo PDF manipulado que llama a un método JavaScript inseguro en el complemento EScript.api. NOTA: este problema podría estar incluido en CVE-2008-0655. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=656 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 47%CPEs: 2EXPL: 0CVE-2008-0726 – Adobe Acrobat Javascript for PDF Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-0726
11 Feb 2008 — Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption. Desbordamiento de tipo integer en Adobe Reader y Acrobat 8.1.1 y anteriores. Permite a atacantes remotos ejecutar código de su elección a través de argumentos manipulados a los printSepsWithParams, lo que dispara corrupción de memoria. This vulnerability allows remote attackers to execute arbitrary code on vulnera... • http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00007.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 50%CPEs: 2EXPL: 1CVE-2008-0655 – Adobe Acrobat and Reader Unspecified Vulnerability
https://notcve.org/view.php?id=CVE-2008-0655
07 Feb 2008 — Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors. Múltiples vulnerabilidades no especificadas en Adobe Reader y Acrobat anterior a la versión 8.1.2 tienen vectores de impacto y ataque desconocidos. Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times. • http://blogs.adobe.com/acroread/2008/02/adobe_reader_812_for_linux_and.html •
CVSS: 9.3EPSS: 24%CPEs: 2EXPL: 0CVE-2007-5020
https://notcve.org/view.php?id=CVE-2007-5020
21 Sep 2007 — Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vague pre-advisory by a reliable researcher. Una vulnerabilidad no especificada en Adobe Acrobat y Reader versión 8.1 en Windows, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo PDF diseñado, relacionado con la opción mailto: e In... • http://www.adobe.com/support/security/advisories/apsa07-04.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 3CVE-2007-1377 – Adobe Reader Plugin 'AcroPDF.dll' 8.0.0.0 - Resource Consumption
https://notcve.org/view.php?id=CVE-2007-1377
10 Mar 2007 — AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236. AcroPDF.DLL de Adobe Reader 8.0, cuando se accede desde Mozilla Firefox, Netscape, ó Opera, permite a atacantes remotos provocar una denegación de servicio (agotamiento sin e... • https://www.exploit-db.com/exploits/3430 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 4%CPEs: 26EXPL: 3CVE-2007-1199 – Adobe Acrobat/Adobe Reader 7.0.9 - Information Disclosure
https://notcve.org/view.php?id=CVE-2007-1199
02 Mar 2007 — Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with <</URI(file:///C:/)/S/URI>>, a different issue than CVE-2007-0045. Adobe Reader y Acrobat Trial permite a atacantes remotos leer archivos de su elección a través de una file:// URI en un documento PDF, como se demostró con <</URI(file:///C:/)/S/URI>>, un asunto diferente que CVE-2007-0045. • https://www.exploit-db.com/exploits/29686 •
CVSS: 8.8EPSS: 60%CPEs: 1EXPL: 2CVE-2007-0103 – Multiple PDF Readers - Multiple Remote Buffer Overflows
https://notcve.org/view.php?id=CVE-2007-0103
09 Jan 2007 — The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. La especificación de Adobe PDF 1.3, como se implementa en Adobe Acrobat anterior a 8.0.0, permite a atacantes remotos tener un impacto desconocido, pos... • https://www.exploit-db.com/exploits/29399 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 88%CPEs: 36EXPL: 5CVE-2007-0045
https://notcve.org/view.php?id=CVE-2007-0045
03 Jan 2007 — Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, o... • http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 56%CPEs: 36EXPL: 2CVE-2007-0044 – Adobe Reader 9.1.3 Plugin - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-0044
03 Jan 2007 — Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding." Adobe Acrobat Reader Plugin anterior a la versión 8.0.0 para los navegadores Firefox, Internet Explorer y Opera permite a atacantes remotos forzar al navegador a realizar... • https://www.exploit-db.com/exploits/29383 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 91%CPEs: 1EXPL: 2CVE-2007-0046 – Adobe Acrobat Reader Plugin 7.0.x - 'acroreader' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-0046
03 Jan 2007 — Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. Doble vulnerabilidad en el Adobe Acrobat Reader Plugin anterior al 8.0.0, como el utilizado en el Mozilla Firefox 1.5.0.7, permite a atacantes remotos ejecutar código de su elección provocando un error mediante un javascript... • https://www.exploit-db.com/exploits/3084 •