CVE-2009-3953

Known exploited
Public exploit
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
Max CVSS
10.0
EPSS Score
97.26%
Published
2010-01-13
Updated
2018-10-30
CISA KEV Added
2022-06-08

CVE-2010-0188

Known exploited
Public exploit
Used for ransomware
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
Max CVSS
9.3
EPSS Score
97.48%
Published
2010-02-22
Updated
2017-09-19
CISA KEV Added
2022-03-03

CVE-2010-1240

Public exploit
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.
Max CVSS
9.3
EPSS Score
25.99%
Published
2010-04-05
Updated
2017-09-19

CVE-2010-1297

Known exploited
Public exploit
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.
Max CVSS
9.3
EPSS Score
35.54%
Published
2010-06-08
Updated
2017-09-19
CISA KEV Added
2022-06-08

CVE-2010-2883

Known exploited
Public exploit
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
80.94%
Published
2010-09-09
Updated
2018-10-30
CISA KEV Added
2022-06-08

CVE-2010-3653

Public exploit
The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
90.86%
Published
2010-10-26
Updated
2017-09-19

CVE-2010-3654

Public exploit
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.
Max CVSS
9.3
EPSS Score
97.38%
Published
2010-10-29
Updated
2017-09-19

CVE-2010-2861

Known exploited
Public exploit
Used for ransomware
Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.
Max CVSS
7.5
EPSS Score
97.08%
Published
2010-08-11
Updated
2013-09-24
CISA KEV Added
2022-03-25

CVE-2009-3960

Known exploited
Public exploit
Used for ransomware
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
Max CVSS
4.3
EPSS Score
96.73%
Published
2010-02-15
Updated
2017-08-16
CISA KEV Added
2022-03-07
9 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!