CVSS: 9.8EPSS: 30%CPEs: 2EXPL: 7CVE-2010-1240 – Adobe PDF - Embedded EXE Social Engineering
https://notcve.org/view.php?id=CVE-2010-1240
05 Apr 2010 — Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message. Reader y Acrobat de Adobe versiones 9.x anteriores a 9.3.3, y versiones 8.x anteriores ... • https://www.exploit-db.com/exploits/16671 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 3%CPEs: 20EXPL: 1CVE-2010-1241 – Acroread: Heap-based overflow by opening a specially-crafted PDF file (FG-VD-10-005)
https://notcve.org/view.php?id=CVE-2010-1241
05 Apr 2010 — Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005. El desbordamiento de búfer en la región heap de la memoria en el sistema de administración de la pila personalizado en Reader y Acrobat versiones 9.x anteriores a 9.3.2, y versiones 8.x anteriores a 8.2.2 de Ado... • http://blog.fortinet.com/the-upcoming-blackhat-europe-2010-presentation • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 2%CPEs: 16EXPL: 0CVE-2009-4764
https://notcve.org/view.php?id=CVE-2009-4764
05 Apr 2010 — Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document, which makes it easier for remote attackers to trick users into executing arbitrary code via a crafted document. Adobe Reader v8.x y v9.x para Windows puede ejecutar ficheros EXE que estén incrustado en un documento PDF, esto facilita a los atacantes remotos engañar a los usuarios para que ejecuten código de su elección mediante un fichero manipulado. • http://lists.immunitysec.com/pipermail/dailydave/2010-April/006072.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 32%CPEs: 16EXPL: 4CVE-2010-0188 – Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0188
21 Feb 2010 — Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad no específica en Adobe Reader y Acrobat v8.x anteriores a v8.2.1 y v9.x anteriores v9.3.1, permite a atacantes provocar una denegación de servicio (caidas de aplicación) o posiblemente ejecutar código de su elección a través de vectores no especificados. Unspecified vulnerability in... • https://www.exploit-db.com/exploits/21869 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 2%CPEs: 84EXPL: 0CVE-2010-0186 – flash-plugin: unauthorized cross-domain requests (APSB10-06)
https://notcve.org/view.php?id=CVE-2010-0186
15 Feb 2010 — Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors. Vulnerabilidad de tipo cross-domain en Adobe Flash Player anterior a versión 10.0.45.2, Adobe AIR anterior a 1.5.3.9130 y Adobe Reader y Acrobat 8.x anterior al 8.2.1 y 9.x anterior al 9.3.1 permite a los atacantes remotos omitir... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html •
CVSS: 10.0EPSS: 2%CPEs: 102EXPL: 0CVE-2009-3956 – acroread: script injection vulnerability (APSB10-02)
https://notcve.org/view.php?id=CVE-2009-3956
13 Jan 2010 — The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers. La configuración por defecto en Adobe Reader y Acrobat v9.x anterior a v9.3, y 8.x anterior a v8.2, sobre Windows y Mac O... • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html • CWE-16: Configuration •
CVSS: 7.5EPSS: 2%CPEs: 102EXPL: 0CVE-2009-3957
https://notcve.org/view.php?id=CVE-2009-3957
13 Jan 2010 — Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors. Adobe Reader y Acrobat v9.x anterior a v9.3, y 8.x anterior a v8.2, sobre Windows y Mac OS X, podría permitir a atacantes provocar una denegación de servicio (deferencia a puntero NULL) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html •
CVSS: 10.0EPSS: 88%CPEs: 102EXPL: 1CVE-2009-3958 – Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Execution
https://notcve.org/view.php?id=CVE-2009-3958
13 Jan 2010 — Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters. Desbordamiento de búfer en el Download Manager en Adobe Reader y Acrobat v9.x anterior a v9.3, y 8.x anterior a v8.2, sobre Windows y Mac OS X, podría permitir a atacantes ejecutar có... • https://www.exploit-db.com/exploits/11172 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 68%CPEs: 102EXPL: 0CVE-2009-3959 – acroread: multiple code execution flaws (APSB10-02)
https://notcve.org/view.php?id=CVE-2009-3959
13 Jan 2010 — Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document. Desbordamiento de entero en la implementación U3D en Adobe Reader y Acrobat v9.x anterior a v9.3, y 8.x anterior a v8.2, sobre Windows y Mac OS X, podría permitir a atacantes ejecutar código de su elección a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 3%CPEs: 102EXPL: 0CVE-2009-3954 – acroread: multiple code execution flaws (APSB10-02)
https://notcve.org/view.php?id=CVE-2009-3954
13 Jan 2010 — The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability." La implementación 3D en Adobe Reader y Acrobat v9.x anterior a v9.3, y v8.x anterior a v8.2 sobre Windows y Mac OS X, podría permitir a atacantes ejecutar código de su elección a través de vectores no especificados, relacionados con un "vulnerabilidad de carga DLL". • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •