CVSS: 9.8EPSS: 62%CPEs: 14EXPL: 0CVE-2011-4373 – Adobe Reader BMP Resource Signedness Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4373
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372. Adobe Reader y Adobe Acrobat antes de v9.5, y v10.x antes de v10.1.2, en Windows y Mac OS X permite a los atacantes ejecutar código de su elección o causar una denegación de servicio (por corrupción de memoria) a través de vectores no especificados. Se trata de una vulnerabilidad diferente a CVE-2011-4370 y CVE-2011-4372. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within 2d.x3d, which is Adobe Reader's code responsible for processing BMP files. • http://www.adobe.com/support/security/bulletins/apsb12-01.html http://www.securityfocus.com/bid/51350 http://www.securitytracker.com/id?1026496 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14615 https://access.redhat.com/security/cve/CVE-2011-4373 https://bugzilla.redhat.com/show_bug.cgi?id=810397 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 2%CPEs: 14EXPL: 0CVE-2011-4371 – acroread: multiple unspecified flaws (APSB12-08, APSB12-01)
https://notcve.org/view.php?id=CVE-2011-4371
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Adobe Reader y Adobe Acrobat antes de v9.5, y v10.x antes de v10.1.2 bajo Windows y Mac OS X permiten a los atacantes ejecutar código de su elección o causar una denegación de servicio (por corrupción de memoria dinámica) a través de vectores no especificados. • http://www.adobe.com/support/security/bulletins/apsb12-01.html http://www.securityfocus.com/bid/51351 http://www.securitytracker.com/id?1026496 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14809 https://access.redhat.com/security/cve/CVE-2011-4371 https://bugzilla.redhat.com/show_bug.cgi?id=810397 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 2%CPEs: 14EXPL: 0CVE-2011-4372 – acroread: multiple unspecified flaws (APSB12-08, APSB12-01)
https://notcve.org/view.php?id=CVE-2011-4372
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373. Adobe Reader y Adobe Acrobat antes de v9.5, y v10.x antes de v10.1.2, bajo Windows y Mac OS X permiten a los atacantes ejecutar código de su elección o causar una denegación de servicio (por corrupción de memoria) a través de vectores no especificados. Se trata de una vulnerabilidad diferente a CVE-2011-4370 y CVE-2011-4373. • http://www.adobe.com/support/security/bulletins/apsb12-01.html http://www.securityfocus.com/bid/51349 http://www.securitytracker.com/id?1026496 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14857 https://access.redhat.com/security/cve/CVE-2011-4372 https://bugzilla.redhat.com/show_bug.cgi?id=810397 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 2%CPEs: 14EXPL: 0CVE-2011-4370 – acroread: multiple unspecified flaws (APSB12-08, APSB12-01)
https://notcve.org/view.php?id=CVE-2011-4370
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373. Adobe Reader y Adobe Acrobat antes de v9.5, y v10.x antes de v10.1.2 para Windows y Mac OS X permiten a los atacantes ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. Se trata de una vulnerabilidad diferente a CVE-2011-4372 y CVE-2011-4373. • http://www.adobe.com/support/security/bulletins/apsb12-01.html http://www.securityfocus.com/bid/51348 http://www.securitytracker.com/id?1026496 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14801 https://access.redhat.com/security/cve/CVE-2011-4370 https://bugzilla.redhat.com/show_bug.cgi?id=810397 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 22%CPEs: 53EXPL: 0CVE-2011-4369 – acroread: unspecified vulnerability in PRC component (APSB11-30)
https://notcve.org/view.php?id=CVE-2011-4369
Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011. Vulnerabilidad sin especificar en el componente PRC de Adobe Reader y Acrobat 9.x en versiones anteriores a la 9.4.7 en Windows, Adobe Reader y Acrobat 9.x hasta la 9.4.6 en Mac OS X, Adobe Reader y Acrobat 10.x hasta la 10.1.1 en Windows y Mac OS X, y Adobe Reader 9.x hasta la 9.4.6 en UNIX. Permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de vectores desconocidos, como se ha explotado en diciembro del 2011. • http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html http://www.adobe.com/support/security/bulletins/apsb11-30.html http://www.adobe.com/support/security/bulletins/apsb12-01.html http://www.redhat.com/support/errata/RHSA-2012-0011.html http://www.securityfocus.com/bid/51092 http://www.us-cert.gov/cas/techalerts/TA11-350A.html https://oval.cisecurity.org/repository/search/definition/oval%3Ao •