Vulnerabilities > Adobe > Acrobat

DATE CVE VULNERABILITY TITLE RISK
2010-06-08 CVE-2010-1297 Out-of-bounds Write vulnerability in multiple products
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.
local
low complexity
adobe suse opensuse CWE-787
7.8
2010-02-22 CVE-2010-0188 Unspecified vulnerability in Adobe Acrobat and Acrobat Reader
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
local
low complexity
adobe
7.8
2010-01-13 CVE-2009-3953 Out-of-bounds Write vulnerability in multiple products
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
network
low complexity
adobe opensuse suse CWE-787
8.8
2009-12-15 CVE-2009-4324 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
local
low complexity
adobe opensuse suse CWE-416
7.8
2009-07-23 CVE-2009-1862 Out-of-bounds Write vulnerability in Adobe Acrobat, Acrobat Reader and Flash Player
Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.
local
low complexity
adobe CWE-787
7.8
2009-02-20 CVE-2009-0658 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.
local
low complexity
adobe CWE-119
7.8
2008-11-04 CVE-2008-2992 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
local
low complexity
adobe oracle CWE-787
7.8
2008-02-12 CVE-2007-5659 Classic Buffer Overflow vulnerability in Adobe Acrobat
Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods.
local
low complexity
adobe CWE-120
7.8
2008-02-07 CVE-2008-0655 Unspecified vulnerability in Adobe Acrobat
Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.
network
low complexity
adobe
critical
9.8
2005-06-15 CVE-2005-1306 XXE vulnerability in Adobe Acrobat and Acrobat Reader
The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability."
network
low complexity
adobe CWE-611
7.5