Authentication flaw

The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code...

CVE-2009-1493

The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a PDF file that triggers a call to this method with a long string in th...

CVE-2009-1493

The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a PDF file that triggers a call to this method with a long string in th...

CVE-2009-1492

The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code...

CVE-2009-1492

CVE-2009-1492 concerns Adobe Reader/Acrobat JavaScript API. The vulnerability affects the getAnnots Doc method in the JavaScript API of Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier. A PDF containing an annotation with an OpenAction entry invoking this method using crafted integer argum...

CVE-2009-1493

The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a PDF file that triggers a call to this method with a long string in th...

Adobe Reader 'getAnnots()' Javascript函数远程代码执行漏洞

BUGTRAQ ID: 34736 Adobe Reader是一款PDF文件解析程序。 Adobe Reader处理Javascript存在问题，远程攻击者可以利用漏洞以运行用户权限执行任意代码。 构建包含超长名的注解，在使用'getAnnots' Javascript函数解析时可触发缓冲区溢出，导致以运行Adobe Reader应用程序的安全上下文执行任意代码。 Adobe Acrobat Reader 8.1.4 Adobe Acrobat Reader 9.1 目前没有解决方案提供： http://www.adobe.com/ // //Exploit made by Arr1va...

Adobe Reader 8.1.4/9.1 GetAnnots() Remote Code Execution Exploit

No description provided by source. // //Exploit made by Arr1val //Proved in adobe 9.1 and adobe 8.1.4 on linux // //Steps: //- create a pdf with an annotation a note i used an annotation with a very long AAAAA name, but that might be omitted //- attach the following script to the OpenAction of th...

PT-2009-3991 · Adobe · Reader

Name of the Vulnerable Software and Affected Versions: Adobe Reader versions 9.1, 8.1.4, 7.1.1, and earlier Description: The issue allows remote attackers to cause a denial of service or execute arbitrary code via a PDF file that triggers a call to the customDictionaryOpen spell method with a lon...

Adobe Reader 8.1.49.1 - GetAnnots() Remote Code Execution

Adobe Reader 8.1.49.1 - GetAnnots Remote Code Execution // //Exploit made by Arr1val //Proved in adobe 9.1 and adobe 8.1.4 on linux // //Steps: //- create a pdf with an annotation a note i used an annotation with a very long AAAAA name, but that might be omitted //- attach the following script to...

Adobe Reader 8.1.4/9.1 - 'GetAnnots()' Remote Code Execution

// //Exploit made by Arr1val //Proved in adobe 9.1 and adobe 8.1.4 on linux // //Steps: //- create a pdf with an annotation a note i used an annotation with a very long AAAAA name, but that might be omitted //- attach the following script to the OpenAction of the pdf. // var memory; function...

Adobe Reader 8.1.4/9.1 GetAnnots() Remote Code Execution Exploit

Exploit for linux platform in category remote exploits ================================================================ Adobe Reader 8.1.4/9.1 GetAnnots Remote Code Execution Exploit ================================================================ // //Exploit made by Arr1val //Proved in adobe 9....

Adobe PDF zero-day update: Turn off JavaScript

Adobe’s security response team is scrambling to investigate new public reports of a new zero-day vulnerability affecting uses of its widely deployed PDF Reader software. In a brief note posted to its PSIRT blog, Adobe confirmed it was investigating a code execution flaw, which affects Adobe Reade...

Adobe Reader getAnnots Exploit

// //Exploit made by Arr1val //Proved in adobe 9.1 and adobe 8.1.4 on linux // //Steps: //- create a pdf with an annotation a note i used an annotation with a very long AAAAA name, but that might be omitted //- attach the following script to the OpenAction of the pdf. // var memory; function...

Adobe Reader Spell Exploit

// //Exploit made by Arr1val //Proved in adobe 9.1 and adobe 8.1.4 on linux // var memory; function NewScript var nop = unescape"%u9090%u9090"; var shellcode = unescape...

Adobe Reader 'getAnnots()' JavaScript Function Remote Code Execution Vulnerability

Description Adobe Reader is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users. Reader 8.1.4 and 9.1 for Linux are...

Adobe Reader 'spell.customDictionaryOpen()' JavaScript Function Remote Code Execution Vulnerability

Description Adobe Reader is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users. Reader 8.1.4 for Linux is vulnerable; oth...

GLSA-200904-17 : Adobe Reader: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-200904-17 Adobe Reader: User-assisted execution of arbitrary code Multiple vulnerabilities have been discovered in Adobe Reader: Alin Rad Pop of Secunia Research reported a heap-based buffer overflow when processing PDF files...

Gentoo Security Advisory GLSA 200904-17 (acroread)

The remote host is missing updates announced in advisory GLSA 200904-17. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

Gentoo Security Advisory GLSA 200904-17 (acroread)

The remote host is missing updates announced in advisory GLSA 200904-17. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...