Total
1068 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0592 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2018-10-30 | 9.3 HIGH | N/A |
| Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to "Texture bmp," a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600. | |||||
| CVE-2011-0606 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2018-10-30 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to a crafted length value, a different vulnerability than CVE-2011-0563 and CVE-2011-0589. | |||||
| CVE-2006-0525 | 1 Adobe | 9 Acrobat, Acrobat Reader, Creative Suite and 6 more | 2018-10-19 | 4.6 MEDIUM | N/A |
| Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator CS2, and (3) Adobe Help Center, install a large number of .EXE and .DLL files with write-access permission for the Everyone group, which allows local users to gain privileges via Trojan horse programs. | |||||
| CVE-2006-1627 | 1 Adobe | 1 Acrobat Reader | 2018-10-18 | 7.5 HIGH | N/A |
| Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure. | |||||
| CVE-2006-6236 | 1 Adobe | 1 Acrobat Reader | 2018-10-17 | 9.3 HIGH | N/A |
| Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the (1) src, (2) setPageMode, (3) setLayoutMode, and (4) setNamedDest methods in an AcroPDF ActiveX control, a different set of vectors than CVE-2006-6027. | |||||
| CVE-2006-6027 | 1 Adobe | 1 Acrobat Reader | 2018-10-17 | 9.3 HIGH | N/A |
| Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control. | |||||
| CVE-2006-5857 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2018-10-17 | 9.3 HIGH | N/A |
| Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering. | |||||
| CVE-2007-0046 | 1 Adobe | 1 Acrobat Reader | 2018-10-16 | 7.5 HIGH | N/A |
| Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. | |||||
| CVE-2007-0048 | 1 Adobe | 3 Acrobat, Acrobat 3d, Acrobat Reader | 2018-10-16 | 5.0 MEDIUM | N/A |
| Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue." | |||||
| CVE-2007-0045 | 1 Adobe | 3 Acrobat, Acrobat 3d, Acrobat Reader | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)." | |||||
| CVE-2007-0044 | 1 Adobe | 3 Acrobat, Acrobat 3d, Acrobat Reader | 2018-10-16 | 4.3 MEDIUM | N/A |
| Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding." | |||||
| CVE-2008-0667 | 1 Adobe | 1 Acrobat Reader | 2018-10-15 | 4.3 MEDIUM | N/A |
| The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be subsumed by CVE-2008-0655. | |||||
| CVE-2008-0726 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2018-10-15 | 9.3 HIGH | N/A |
| Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption. | |||||
| CVE-2007-5020 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2018-10-15 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vague pre-advisory by a reliable researcher. | |||||
| CVE-2009-0198 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2018-10-11 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF file that contains JBIG2 text region segments with Huffman encoding. | |||||
| CVE-2009-2564 | 3 Adobe, Corel, Nos Microsystems | 3 Acrobat Reader, Getplus Download Manager, Getplus Download Manager | 2018-10-10 | 7.2 HIGH | N/A |
| NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6.2.36 and possibly other versions, Corel getPlus Download Manager before 1.5.0.48, and possibly other products, installs NOS\bin\getPlus_HelperSvc.exe with insecure permissions (Everyone:Full Control), which allows local users to gain SYSTEM privileges by replacing getPlus_HelperSvc.exe with a Trojan horse program, as demonstrated by use of getPlus Download Manager within Adobe Reader. NOTE: within Adobe Reader, the scope of this issue is limited because the program is deleted and the associated service is not automatically launched after a successful installation and reboot. | |||||
| CVE-2009-1855 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2018-10-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via a PDF file containing a malformed U3D model file with a crafted extension block. | |||||
| CVE-2009-1857 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2018-10-10 | 9.3 HIGH | N/A |
| Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a PDF document with a crafted TrueType font. | |||||
| CVE-2018-4997 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2018-08-29 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-4998 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2018-08-29 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier have a Memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||