CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Adobe » Acrobat Reader : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-1999-1576 Exec Code Overflow 1999-09-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Adobe Acrobat ActiveX control (pdf.ocx, PDF.PdfCtrl.1) 1.3.188 for Acrobat Reader 4.0 allows remote attackers to execute arbitrary code via the pdf.setview method.
2 CVE-2000-0713 Exec Code Overflow 2000-10-20 2008-09-05
7.6
Admin Remote High Not required Complete Complete Complete
Buffer overflow in Adobe Acrobat 4.05, Reader, Business Tools, and Fill In products that handle PDF files allows attackers to execute arbitrary commands via a long /Registry or /Ordering specifier.
3 CVE-2001-1069 2001-08-31 2016-10-17
7.2
Admin Local Low Not required Complete Complete Complete
libCoolType library as used in Adobe Acrobat (acroread) on Linux creates the AdobeFnt.lst file with world-writable permissions, which allows local users to modify the file and possibly modify acroread's behavior.
4 CVE-2002-0030 Exec Code 2003-04-02 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe.
5 CVE-2002-1764 2002-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files.
6 CVE-2003-0142 2003-08-18 2008-09-05
5.0
None Remote Low Not required None Partial None
Adobe Acrobat Reader (acroread) 6, under certain circumstances when running with the "Certified plug-ins only" option disabled, loads plug-ins with signatures used for older versions of Acrobat, which can allow attackers to cause Acrobat to enter Certified mode and run untrusted plugins by modifying the CTIsCertifiedMode function.
7 CVE-2003-0508 Exec Code Overflow 2003-08-07 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat Reader (acroread) 5.0.7 and earlier allows remote attackers to execute arbitrary code via a .pdf file with a long mailto link.
8 CVE-2004-0194 Exec Code Overflow 2004-03-29 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the OutputDebugString function for Adobe Acrobat Reader 5.1 allows remote attackers to execute arbitrary code via a PDF document with XML Forms Data Format (XFDF) data.
9 CVE-2004-0629 Exec Code Overflow 2004-09-28 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat 5.0.5 and Acrobat Reader, and possibly other versions, allows remote attackers to execute arbitrary code via a URI for a PDF file with a null terminator (%00) followed by a long string.
10 CVE-2004-0630 Exec Code 2004-08-18 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via shell metacharacters ("`" or backtick) in the filename of the PDF file that is provided to the uudecode command.
11 CVE-2004-0631 Exec Code Overflow 2004-08-18 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via a long filename for the PDF file that is provided to the uudecode command.
12 CVE-2004-0632 Exec Code Overflow 2004-07-27 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Adobe Reader 6.0 does not properly handle null characters when splitting a filename path into components, which allows remote attackers to execute arbitrary code via a file with a long extension that is not normally handled by Reader, triggering a buffer overflow.
13 CVE-2004-1152 Exec Code Overflow 2005-01-10 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary code via an e-mail message with a crafted PDF attachment.
14 CVE-2004-1153 DoS Exec Code 2005-01-10 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an .ETD document containing format string specifiers in (1) title or (2) baseurl fields.
15 CVE-2004-1598 2004-10-12 2016-10-17
5.0
None Remote Low Not required Partial None None
Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read arbitrary files via a PDF file that contains an embedded Shockwave (swf) file that references files outside of the temporary directory.
16 CVE-2005-0035 2005-05-02 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and earlier, when used with Internet Explorer, allows remote attackers to determine the existence of arbitrary files via the LoadFile ActiveX method.
17 CVE-2005-0492 20 DoS 2005-05-02 2016-11-07
2.6
None Remote High Not required None None Partial
Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause a denial of service (application crash) via a PDF file that contains a negative Count value in the root page node.
18 CVE-2005-1306 2005-06-15 2008-09-05
5.0
None Remote Low Not required Partial None None
The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability."
19 CVE-2005-1347 DoS Exec Code 2005-05-02 2008-09-05
2.6
None Remote High Not required None None Partial
** UNVERIFIABLE ** NOTE: this issue describes a problem that can not be independently verified as of 20050421. Adobe Acrobat reader (AcroRd32.exe) 6.0 and earlier allows remote attackers to cause a denial of service ("Invalid-ID-Handle-Error" error) and modify memory beginning at a particular address, possibly allowing the execution of arbitrary code, via a crafted PDF file. NOTE: the vendor has stated that the reporter refused to provide sufficient details to confirm the issue. In addition, due to the lack of details in the original advisory, an independent verification is not possible. Finally, the reliability of the original reporter is unknown. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example of the newly defined UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is highly likely that this item will be REJECTED.
20 CVE-2005-1625 Exec Code Overflow 2005-07-05 2008-09-05
5.0
None Remote Low Not required None Partial None
Stack-based buffer overflow in the UnixAppOpenFilePerform function in Adobe Reader 5.0.9 and 5.0.10 for Unix allows remote attackers to execute arbitrary code via a PDF document with a long /Filespec tag.
21 CVE-2005-1841 2005-07-07 2008-09-05
2.1
None Local Low Not required Partial None None
The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, HP-UX, and AIX creates temporary files with the permissions as specified in a user's umask, which could allow local users to read PDF documents of that user if the umask allows it.
22 CVE-2005-2470 DoS Exec Code Overflow 2005-08-16 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 through 7.0.2 and Acrobat 5.0 through 7.0.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
23 CVE-2006-0525 +Priv 2006-02-02 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator CS2, and (3) Adobe Help Center, install a large number of .EXE and .DLL files with write-access permission for the Everyone group, which allows local users to gain privileges via Trojan horse programs.
24 CVE-2006-1627 2006-04-13 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure.
25 CVE-2006-3093 2006-06-19 2011-01-06
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Adobe Acrobat Reader (acroread) before 7.0.8 have unknown impact and unknown vectors.
26 CVE-2006-3452 +Priv 2006-07-12 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure file and directory permissions, which allows local users to gain privileges by overwriting program files.
27 CVE-2006-5857 399 Exec Code Mem. Corr. 2006-12-31 2010-08-21
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering.
28 CVE-2006-6027 DoS Exec Code 2006-11-21 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control.
29 CVE-2006-6236 DoS Exec Code 2006-12-03 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the (1) src, (2) setPageMode, (3) setLayoutMode, and (4) setNamedDest methods in an AcroPDF ActiveX control, a different set of vectors than CVE-2006-6027.
30 CVE-2007-0044 352 CSRF 2007-01-03 2010-08-21
4.3
None Remote Medium Not required None Partial None
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."
31 CVE-2007-0045 79 XSS 2007-01-03 2011-09-13
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."
32 CVE-2007-0046 Exec Code 2007-01-03 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
33 CVE-2007-0047 Http R.Spl. 2007-01-03 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
34 CVE-2007-0048 DoS XSS 2007-01-03 2010-08-21
5.0
None Remote Low Not required None None Partial
Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue."
35 CVE-2007-0103 20 DoS Exec Code Mem. Corr. 2007-01-08 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
36 CVE-2007-1199 2007-03-02 2008-11-15
4.3
None Remote Medium Not required Partial None None
Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with <</URI(file:///C:/)/S/URI>>, a different issue than CVE-2007-0045.
37 CVE-2007-1377 1 DoS 2007-03-09 2008-11-15
5.0
None Remote Low Not required None None Partial
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236.
38 CVE-2007-5020 94 Exec Code 2007-09-21 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vague pre-advisory by a reliable researcher.
39 CVE-2007-5659 119 Exec Code Overflow 2008-02-12 2010-08-21
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655.
40 CVE-2007-5663 94 Exec Code 2008-02-12 2010-08-21
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655.
41 CVE-2007-5666 94 Exec Code 2008-02-12 2010-08-21
6.2
Admin Local High Not required Complete Complete Complete
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current working directory. NOTE: this issue might be subsumed by CVE-2008-0655.
42 CVE-2008-0655 2008-02-07 2011-09-06
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.
43 CVE-2008-0667 399 2008-02-11 2010-08-21
4.3
None Remote Medium Not required None None Partial
The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be subsumed by CVE-2008-0655.
44 CVE-2008-0726 189 Exec Code Overflow Mem. Corr. 2008-02-12 2010-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption.
45 CVE-2008-0883 59 2008-03-05 2008-09-10
3.7
None Local High Not required Partial Partial Partial
acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.
46 CVE-2008-2042 20 Exec Code Overflow 2008-05-07 2010-10-25
9.3
Admin Remote Medium Not required Complete Complete Complete
The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function.
47 CVE-2008-2549 1 DoS Exec Code 2008-06-04 2012-11-05
4.3
None Remote Medium Not required None None Partial
Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.
48 CVE-2008-2641 DoS Exec Code 2008-06-25 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method."
49 CVE-2008-2992 119 2 Exec Code Overflow 2008-11-04 2013-08-27
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
50 CVE-2009-0198 119 DoS Exec Code Overflow Mem. Corr. 2009-06-11 2010-05-04
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF file that contains JBIG2 text region segments with Huffman encoding.
Total number of vulnerabilities : 513   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.