Vulnerabilities > Adobe

DATE CVE VULNERABILITY TITLE RISK
2011-03-15 CVE-2011-0609 Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.
local
low complexity
adobe opensuse suse google
7.8
2010-09-09 CVE-2010-2883 Out-of-bounds Write vulnerability in Adobe Acrobat and Acrobat Reader
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010.
local
low complexity
adobe CWE-787
7.3
2010-08-11 CVE-2010-2861 Path Traversal vulnerability in Adobe Coldfusion
Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.
network
low complexity
adobe CWE-22
critical
9.8
2010-06-08 CVE-2010-1297 Out-of-bounds Write vulnerability in multiple products
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.
local
low complexity
adobe suse opensuse CWE-787
7.8
2010-05-13 CVE-2010-1283 Out-of-bounds Write vulnerability in Adobe Shockwave Player
Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record.
network
low complexity
adobe CWE-787
8.8
2010-05-13 CVE-2010-1282 Infinite Loop vulnerability in Adobe Shockwave Player
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file.
network
low complexity
adobe CWE-835
6.5
2010-05-13 CVE-2010-1281 Out-of-bounds Write vulnerability in Adobe Shockwave Player
iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.
network
low complexity
adobe CWE-787
8.8
2010-05-13 CVE-2010-1280 Out-of-bounds Write vulnerability in Adobe Shockwave Player
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file.
network
low complexity
adobe CWE-787
8.8
2010-05-13 CVE-2010-0987 Out-of-bounds Write vulnerability in Adobe Shockwave Player
Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.
network
low complexity
adobe CWE-787
8.8
2010-05-13 CVE-2010-0986 Out-of-bounds Write vulnerability in Adobe Shockwave Player
Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file.
network
low complexity
adobe CWE-787
8.8