Vulnerabilities > Apple
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-01-13 | CVE-2009-3959 | Numeric Errors vulnerability in Adobe Acrobat and Acrobat Reader Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document. | 10.0 |
2010-01-13 | CVE-2009-3958 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters. | 10.0 |
2010-01-13 | CVE-2009-3957 | Denial of Service vulnerability in Adobe Reader and Acrobat Null Pointer Dereference Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors. | 5.0 |
2010-01-13 | CVE-2009-3956 | Configuration vulnerability in Adobe Acrobat and Acrobat Reader The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers. | 10.0 |
2010-01-13 | CVE-2009-3955 | Resource Management Errors vulnerability in Adobe Acrobat and Acrobat Reader Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption. | 10.0 |
2010-01-13 | CVE-2009-3954 | Code Injection vulnerability in Adobe Acrobat and Acrobat Reader The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability." Per: http://www.adobe.com/support/security/bulletins/apsb10-02.html Affected software versions Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh Per: http://www.adobe.com/support/security/bulletins/apsb10-02.html a DLL-loading vulnerability in 3D that could allow arbitrary code execution (CVE-2009-3954). | 10.0 |
2009-12-08 | CVE-2009-2843 | Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet. | 5.0 |
2009-12-03 | CVE-2009-4186 | Buffer Errors vulnerability in Apple Safari 4.0.3 Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property. | 9.3 |
2009-11-20 | CVE-2009-3553 | Use After Free vulnerability in multiple products Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. | 7.5 |
2009-11-13 | CVE-2009-3384 | Unspecified vulnerability in Apple Safari Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply. | 9.3 |