6684 matches found
Adobe Acrobat Reader DC CBSharedReviewIfOfflineDialog Javascript API Restrictions Bypass Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Gentoo Security Advisory GLSA 201308-03
Gentoo Linux Local Security Checks GLSA 201308-03 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...
Gentoo Security Advisory GLSA 201309-10
Gentoo Linux Local Security Checks GLSA 201309-10 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...
Adobe Acrobat Reader - AFParseDate JavaScript API Restrictions Bypass
Title: Adobe Acrobat Reader AFParseDate Javascript API Restrictions Bypass Vulnerability Date: 09/28/2015 Author: Reigning Shells, based off PoC published by Zero Day Initiative Vendor Homepage: adobe.com Version: Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and...
Enabling QR codes in Internet Explorer, or a story of a cross-platform memory disclosure
Posted by Mateusz Jurczyk of Google Project Zero In the previous series of posts parts 1 2 3 4, we discussed the exploitation process of a serious “blend” vulnerability CVE-2015-0093 / CVE-2015-3052, which was special in that it provided the attacker with an extremely powerful primitive arbitrary...
Adobe Acrobat and Reader Memory Corruption (APSB15-15: CVE-2015-5105)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while converting a PCX file to PDF. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PCX file wit...
Adobe Reader and Acrobat Security Bypass (APSB15-15: CVE-2015-4441)
A security bypass vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a specially crafted PDF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted PDF file...
Adobe Reader Memory Corruption (APSB15-15: CVE-2015-4444)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...
One font vulnerability to rule them all #3: Windows 8.1 32-bit sandbox escape exploitation
Posted by Mateusz Jurczyk of Google Project Zero This is part 3 of the “One font vulnerability to rule them all” blog post series. In the previous posts, we introduced the “blend” PostScript operator vulnerability, discussed the Charstring primitives necessary to fully control the stack contents...
Adobe Acrobat and Reader Information Disclosure (APSB15-15: CVE-2014-8450)
An Information Disclosure vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to the support of PDF standard in GotoE and GotoR actions that can be used to navigate to either an embedded resource GotoE or external resource GotoR without user interaction. Attacker...
One font vulnerability to rule them all #2: Adobe Reader RCE exploitation
Posted by Mateusz Jurczyk of Google Project Zero This is part 2 of the “One font vulnerability to rule them all” blog post series. In part 1 “introducing the BLEND vulnerability”, we discussed how developments in the digital typography field in the last four decades shaped the various font format...
One font vulnerability to rule them all #1: Introducing the BLEND vulnerability
Posted by Mateusz Jurczyk of Google Project Zero Last month, I presented parts of my PostScript font security research at the REcon security conference in Montreal, in a talk titled “One font vulnerability to rule them all: A story of cross-software ownage, shared codebases and advanced...
The vulnerability of the Adobe Reader DC PDF viewer program, which allows a hacker to circumvent existing access restrictions
The vulnerability of the Adobe Reader DC PDF viewer program is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to circumvent existing access restrictions remotely...
The vulnerability of the Adobe Reader PDF viewer program, which allows a hacker to circumvent existing access restrictions
The vulnerability of the Adobe Reader PDF viewer program is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to circumvent existing access restrictions remotely...
The vulnerability of the Adobe Reader PDF viewer program, which allows a hacker to circumvent existing access restrictions
The vulnerability of the Adobe Reader PDF viewer program is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to circumvent existing access restrictions remotely...
The vulnerability of the Adobe Reader DC PDF viewer program, which allows a hacker to circumvent existing access restrictions
The vulnerability of the Adobe Reader DC PDF viewer program is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to circumvent existing access restrictions remotely...
(Pwn2Own) Adobe Reader makeMeasurement Stack Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
(Pwn2Own) Adobe Reader makeMeasurement Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...
(Pwn2Own) Adobe Reader opendoc Broker Message Integer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within processing of the...
(Pwn2Own) Adobe Reader Portfolio Preview Privilege Escalation Vulnerability
This vulnerability allows attackers to elevate privileges on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw occurs within the handling of Portfolio...