SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 6264)

This update of acroread fixes two vulnerabilities in the JavaScript API that allow attackers to execute arbitrary code with a malformed PDF file. CVE-2009-1492 / CVE-2009-1493 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

Researchers Find Methods to Kill Persistent 'Evercookie'

The persistent method that security researcher Samy Kamkar introduced last week for storing tracking data on a user’s machine, known as the “Evercookie,” is even more worrisome when used on mobile devices, according to another researcher’s analysis. The Evercookie is a simple method for forcing a...

Cross-domain data theft using CSS — Mozilla

Google security researcher Chris Evans reported that data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target pag...

VulnCheck KEV: CVE-2008-2042

The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function...

SuSE 11 Security Update : acroread_ja (SAT Patch Number 904)

This update of acroread fixes two vulnerabilities in the JavaScript API that allow attackers to execute arbitrary code with a malformed PDF file. CVE-2009-1492 / CVE-2009-1493 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...

SuSE 11 Security Update : Acrobat Reader (SAT Patch Number 899)

This update of acroread fixes two vulnerabilities in the JavaScript API that allow attackers to execute arbitrary code with a malformed PDF file. CVE-2009-1492 / CVE-2009-1493 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...

RHEL 5 : acroread (RHSA-2009:0478)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2009:0478 advisory. Adobe Reader allows users to view and print documents in Portable Document Format PDF. Two flaws were discovered in Adobe Reader's JavaScrip...

openSUSE Security Update : acroread (acroread-893)

This update of acroread fixes two vulnerabilities in the JavaScript API that allow attackers to execute arbitrary code with a malformed PDF file. CVE-2009-1492,CVE-2009-1493 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

openSUSE Security Update : acroread (acroread-893)

This update of acroread fixes two vulnerabilities in the JavaScript API that allow attackers to execute arbitrary code with a malformed PDF file. CVE-2009-1492,CVE-2009-1493 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

Security feature bypass

Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that...

CVE-2009-2011

Summary (CVE-2009-2011) Worldweaver DX Studio Player plugin for Firefox (and related IE/Firefox contexts) is vulnerable to remote command execution via the shell.execute JavaScript API method. The issue affects DX Studio Player versions including 3.0.29.0, 3.0.22.0, 3.0.12.0 and likely other vers...

CVE-2009-2011

Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that...

DX Studio Player Firefox plug-in code execution

It's possible to execute system commands via Javascript API...

Adobe Reader Javascript API getAnnots method vulnerability

Added: 05/29/2009 CVE: CVE-2009-1492 BID: 34736 OSVDB: 54130 Background Adobe Reader is free software for viewing PDF documents. Problem A vulnerability in the Javascript API allows command execution when a user opens a PDF file which calls the getAnnots method with specially crafted arguments...

Adobe Reader Javascript API getAnnots method vulnerability

Added: 05/29/2009 CVE: CVE-2009-1492 BID: 34736 OSVDB: 54130 Background Adobe Reader is free software for viewing PDF documents. Problem A vulnerability in the Javascript API allows command execution when a user opens a PDF file which calls the getAnnots method with specially crafted arguments...

Adobe Reader Javascript API getAnnots method vulnerability

Added: 05/29/2009 CVE: CVE-2009-1492 BID: 34736 OSVDB: 54130 Background Adobe Reader is free software for viewing PDF documents. Problem A vulnerability in the Javascript API allows command execution when a user opens a PDF file which calls the getAnnots method with specially crafted arguments...

SUSE: Security Advisory for acroread (SUSE-SA:2009:027)

The remote host is missing updates announced in advisory SUSE-SA:2009:027. Copyright C 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

SuSE Security Advisory SUSE-SA:2009:027 (acroread)

The remote host is missing updates announced in advisory SUSE-SA:2009:027. OpenVAS Vulnerability Test $Id: susesa2009027.nasl 6668 2017-07-11 13:34:29Z cfischer $ Description: Auto-generated from advisory SUSE-SA:2009:027 acroread Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

openSUSE 10 Security Update : acroread (acroread-6258)

This update of acroread fixes two vulnerabilities in the JavaScript API that allow attackers to execute arbitrary code with a malformed PDF file. CVE-2009-1492,CVE-2009-1493 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

RedHat Security Advisory RHSA-2009:0478

The remote host is missing updates announced in advisory RHSA-2009:0478. Adobe Reader allows users to view and print documents in Portable Document Format PDF. Two flaws were discovered in Adobe Reader's JavaScript API. A PDF file containing malicious JavaScript instructions could cause Adobe...