CVE-2014-8457

CVE-2014-8457 affects Adobe Reader/Acrobat on Windows and macOS, with a heap-based buffer overflow in the PDF parsing path of 10.x until 10.1.13 and 11.x until 11.0.10. The issue enables remote code execution via crafted PDF files (unspecified vectors). Connected advisories confirm this as a PDF ...

CVE-2014-8457

Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8460 and CVE-2014-9159...

CVE-2014-8461

Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456,...

Adobe Reader < 10.1.13 / 11.0.10 Multiple Vulnerabilities (APSB14-28)

The version of Adobe Reader installed on the remote host is a version prior to 10.1.13 / 11.0.10. It is, therefore, affected by the following vulnerabilities : - Memory corruption errors exist that allow arbitrary code execution. CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456,...

Adobe Reader < 10.1.13 / 11.0.10 Multiple Vulnerabilities (APSB14-28) (Mac OS X)

The version of Adobe Reader installed on the remote host is a version prior to 10.1.13 / 11.0.10. It is, therefore, affected by the following vulnerabilities : - Memory corruption errors exist that allow arbitrary code execution. CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456,...

Adobe Reader and Acrobat CVE-2014-8448 Information Disclosure Vulnerability

Description Adobe Reader and Acrobat are prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Technologies Affected Adobe Acrobat 10.0 Adobe Acrobat 10.0.1 Adobe Acrobat 10.0.2 Adobe Acrobat...

Sandbox Escape Bug in Adobe Reader Disclosed

Details and exploit code for a vulnerability in Adobe Reader have surfaced and the bug can be used to break out of the Reader sandbox and execute arbitrary code. The bug was discovered earlier this year by a member of Google’s Project Zero and reported to Adobe, which made a change to Reader that...

Race condition

Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568...

CVE-2014-9150

Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568...

CVE-2014-9150

Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568...

November 2014 Microsoft Patch Tuesday Security Bulletins

A busy Microsoft Patch Tuesday arrived today with an extra sense of urgency and a complication. Among 14 bulletins, four of which are rated critical by Microsoft, is a patch for the OLE zero-day vulnerability being used in a number of targeted attacks. The zero-day is being spread via email...

EMET 5.1 is available

Today, we’re releasing the Enhanced Mitigation Experience Toolkit EMET 5.1 which will continue to improve your security posture by providing increased application compatibility and hardened mitigations. You can download EMET 5.1 from microsoft.com/emet or directly from here. Following is the list...

Adobe Reader 8.1.3 util.printf() 缓冲区溢出漏洞

No description provided by source...

Adobe Reader 9.1 Collab.getIcon() 缓冲区溢出漏洞

No description provided by source...

Adobe Reader 9.3.4 CoolType SING Table "uniqueName" Stack 缓冲区溢出漏洞

No description provided by source...

Adobe Reader and Acrobat JavaScript Heap Overflow (APSB14-20; CVE-2014-0567)

A heap overflow vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error while loading a PDF containing a malicious JavaScript code. A remote attacker may exploit this issue by enticing a target user to open a malicious PDF file with an affected version of...

Adobe Reader Multiple Vulnerabilities-01 (Sep 2014) - Windows

Adobe Reader is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:acrobatreader";...

Adobe Reader Multiple Vulnerabilities-01 (Sep 2014) - Mac OS X

Adobe Reader is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:acrobatreader";...

CVE-2014-0565

Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2014-0566...

CVE-2014-0562

Cross-site scripting XSS vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS UXSS."...