Malware Infested PDFs Ruled 2009 Exploits

A newly released report shows that based on more than a trillion Web requests processed in 2009, the use of malicious PDF files exploiting flaws in Adobe Reader/Adobe Acrobat not only outpaced the use of Flash exploits, but also, grew to 80% of all exploits the company encountered throughout the...

Cross site scripting

Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors...

CVE-2010-0186

Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors...

CVE-2010-0186

CVE-2010-0186 is a cross-domain sandbox bypass vulnerability affecting Adobe Flash Player (before 10.0.45.2), Adobe AIR (before 1.5.3.9130), and Adobe Reader/Acrobat (8.x before 8.2.1 and 9.x before 9.3.1). The issue allows remote attackers to make cross-domain requests via unspecified vectors, w...

flash-plugin: unauthorized cross-domain requests (APSB10-06)

Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors...

Adobe Reader JavaScript getAnnots Method Memory Corruption

A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to insufficient input validation in the implementation of the getAnnots JavaScript method. A remote attacker can exploit this vulnerability by enticing the target user to open a malicious PDF file. In a...

acroread: multiple code execution flaws (APSB10-02)

The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a differe...

acroread: multiple code execution flaws (APSB10-02)

The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."...

acroread: multiple code execution flaws (APSB10-02)

Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPCMSRGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leadin...

acroread: script injection vulnerability (APSB10-02)

The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data...

acroread: multiple code execution flaws (APSB10-02)

Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document...

acroread: media.newplayer JavaScript API code execution vulnerability (APSB10-02)

Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild...

Critical: Red Hat Security Advisory: acroread security update

The acroread packages as shipped in Red Hat Enterprise Linux 3 Extras contain security flaws and should not be used. This update has been rated as having critical security impact by the Red Hat Security Response Team. Adobe Reader allows users to view and print documents in Portable Document Form...

VulnCheck KEV: CVE-2009-1492

The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code...

VulnCheck KEV: CVE-2009-1493

The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a PDF file that triggers a call to this method with a long string...

VulnCheck KEV: CVE-2009-2990

Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors...

VulnCheck KEV: CVE-2009-0927

Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code...

Security updates available for Adobe Reader and Acrobat

Security updates available for Adobe Reader and Acrobat Release date: January 12, 2010 Last updated: January 15, 2010 Vulnerability identifier: APSB10-02 CVE numbers: CVE-2009-3953, CVE-2009-3954, CVE-2009-3955, CVE-2009-3956, CVE-2009-3957, CVE-2009-3958, CVE-2009-3959, CVE-2009-4324 Platform: A...

VUPEN Security Research - Adobe Acrobat and Reader U3D Integer Overflow Vulnerability

VUPEN Security Research - Adobe Acrobat and Reader U3D Integer Overflow Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- Adobe Acrobat and Reader are the global standards for electronic document sharing. They are used to create, view, search, digitally...

Adobe Reader Multiple Vulnerabilities (Jan 2010) - Linux

Adobe Reader is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:acrobatreader";...