Adobe Reader < 11.0.3 / 10.1.7 / 9.5.5 Multiple Vulnerabilities (APSB13-15)

The version of Adobe Reader installed on the remote host is earlier than 11.0.3 / 10.1.7 / 9.5.5. It is, therefore, affected by multiple vulnerabilities : - Unspecified memory corruption vulnerabilities exist that could lead to code execution. CVE-2013-2718, CVE-2013-2719, CVE-2013-2720,...

Cool Exploit Kit Includes Old Internet Explorer Exploit

You cannot accuse the keepers of the Cool Exploit Kit of not recognizing market trends. Given a rash of recent watering hole attacks and zero-day exploits built around Microsoft’s Internet Explorer browser, it’s no surprise that a 15-month-old IE exploit has been included in the crimeware package...

Adobe Reader PDF-tracking vulnerability reveals when and where PDF is opened

McAfee said it has found a vulnerability in Adobe Systems' Reader program that reveals when and where a PDF document is opened. The issue emerges when some users launch a link to another file path, which calls on a JavaScript application programming interface API, while Reader alerts a user when...

Adobe Reader PDF-tracking vulnerability reveals when and where PDF is opened

McAfee said it has found a vulnerability in Adobe Systems' Reader program that reveals when and where a PDF document is opened. The issue emerges when some users launch a link to another file path, which calls on a JavaScript application programming interface API, while Reader alerts a user when...

Winnti Cyberespionage Campaign Targets Gaming Companies

A cybercrime gang has been running roughshod over the gaming industry for years using malware signed with valid digital certificates to steal source code and valuable in-game currency for a number of popular online games. Researchers at Kaspersky Lab this morning published a report on the Winnti...

PT-2013-1351 · Adobe +1 · Reader +2

Name of the Vulnerable Software and Affected Versions: Adobe Reader and Adobe Acrobat affected versions not specified Description: The issue is related to a memory buffer overflow in Adobe Reader and Adobe Acrobat, which can be exploited by a remote attacker using a specially crafted bmp file. Th...

VulnCheck KEV: CVE-2009-3957

Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service NULL pointer dereference via unspecified vectors...

New Attacks Leverage Adobe Sandbox Bypass Against Uyghur Activists

Attackers with a control infrastructure based in China are leveraging the same vulnerability exploited by Miniduke to attack Uyghur and Tibetan activists with new exploits. Researchers at Kaspersky Lab and AlienVault discovered a spear phishing campaign targeting non-governmental activists with P...

CVE-2013-2550

Unspecified vulnerability in Adobe Reader 11.0.02 allows attackers to bypass the sandbox protection mechanism via unknown vectors, as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013...

CVE-2013-2549

Unspecified vulnerability in Adobe Reader 11.0.02 allows remote attackers to execute arbitrary code via vectors related to a "break into the sandbox," as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013...

Design/Logic Flaw

Unspecified vulnerability in Adobe Reader 11.0.02 allows attackers to bypass the sandbox protection mechanism via unknown vectors, as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013...

Code injection

Unspecified vulnerability in Adobe Reader 11.0.02 allows remote attackers to execute arbitrary code via vectors related to a "break into the sandbox," as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013...

CVE-2013-2550

Unspecified vulnerability in Adobe Reader 11.0.02 allows attackers to bypass the sandbox protection mechanism via unknown vectors, as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013...

CVE-2013-2550

Unspecified vulnerability in Adobe Reader 11.0.02 allows attackers to bypass the sandbox protection mechanism via unknown vectors, as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013...

CVE-2013-2549

Unspecified vulnerability in Adobe Reader 11.0.02 allows remote attackers to execute arbitrary code via vectors related to a "break into the sandbox," as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013...

CVE-2013-2549

Technical details for CVE-2013-2549 are not publicly available in the provided documents. Monitor for updates.

CVE-2013-2550

CVE-2013-2550: Unspecified vulnerability in Adobe Reader 11.0.02 that bypasses the sandbox via unknown vectors, demonstrated by George Hotz at Pwn2Own 2013. The provided documents do not include concrete exploit steps, affected subcomponents, fixed versions, or vendor mitigation details. Public r...

Google Patches 10 Chrome Flaws Ahead of Pwn2Own, Pwnium

Google raised the degree of difficulty for Pwn2Own and Pwnium hacking contestants by patching 10 vulnerabilities in its Web browser last night. The popular contests, which kick off tomorrow in Vancouver at the CanSecWest Conference, feature millions in prize money for researchers who can crack no...

MiniDuke Espionage Campaign Began About a Year Earlier Than First Thought

Researchers have found an earlier version of the MiniDuke espionage malware that dates to June 2011 – almost a year ahead of the previously oldest variant designed to spy on NATO, European governments and U.S. research and think tanks. Unlike the cyberspyware discovered last week, this one embedd...

Adobe Reader / Acrobat security vulnerabilities

Buffer oveflows are exploited in-the-wild...