Vulnerabilities > Adobe > High

DATE CVE VULNERABILITY TITLE RISK
2010-02-22 CVE-2010-0188 Unspecified vulnerability in Adobe Acrobat and Acrobat Reader
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
local
low complexity
adobe
7.8
2010-01-21 CVE-2010-0378 Use After Free vulnerability in Adobe Flash Player 6.0.79
Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability."
network
low complexity
adobe CWE-416
8.8
2010-01-13 CVE-2009-3953 Out-of-bounds Write vulnerability in multiple products
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
network
low complexity
adobe opensuse suse CWE-787
8.8
2009-12-15 CVE-2009-4324 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
local
low complexity
adobe opensuse suse CWE-416
7.8
2009-09-30 CVE-2009-3489 Incorrect Permission Assignment for Critical Resource vulnerability in Adobe Photoshop Elements 8.0
Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.
local
low complexity
adobe CWE-732
7.8
2009-07-23 CVE-2009-1862 Out-of-bounds Write vulnerability in Adobe Acrobat, Acrobat Reader and Flash Player
Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.
local
low complexity
adobe CWE-787
7.8
2009-02-20 CVE-2009-0658 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.
local
low complexity
adobe CWE-119
7.8
2008-11-04 CVE-2008-2992 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
local
low complexity
adobe oracle CWE-787
7.8
2008-02-12 CVE-2007-5659 Classic Buffer Overflow vulnerability in Adobe Acrobat
Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods.
local
low complexity
adobe CWE-120
7.8
2005-06-15 CVE-2005-1306 XXE vulnerability in Adobe Acrobat and Acrobat Reader
The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability."
network
low complexity
adobe CWE-611
7.5