CVEs referencing
http://www.securityfocus.com/bid/36638
Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service via a crafted document.
Max CVSS
4.3
Published
2009-10-19
Updated
2018-10-30
EPSS
1.21%
Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.
Max CVSS
9.3
Published
2009-10-19
Updated
2018-10-30
EPSS
82.87%
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to bypass intended Trust Manager restrictions via unspecified vectors.
Max CVSS
9.3
Published
2009-10-19
Updated
2018-10-30
EPSS
1.16%
An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow remote attackers to conduct a "social engineering attack" via unknown vectors.
Max CVSS
9.3
Published
2009-10-19
Updated
2018-10-30
EPSS
1.03%
Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
Max CVSS
9.3
Published
2009-10-19
Updated
2018-10-30
EPSS
95.32%
Unspecified vulnerability in the image decoder in Adobe Acrobat 9.x before 9.2, and possibly 7.x through 7.1.4 and 8.x through 8.1.7, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.
Max CVSS
9.3
Published
2009-10-19
Updated
2018-10-30
EPSS
0.78%
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2996.
Max CVSS
9.3
Published
2009-10-19
Updated
2018-10-30
EPSS
3.61%
Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.
Max CVSS
9.3
Published
2009-10-19
Updated
2018-10-30
EPSS
1.01%
Unspecified vulnerability in an ActiveX control in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Windows allows remote attackers to cause a denial of service via unknown vectors.
Max CVSS
4.3
Published
2009-10-19
Updated
2018-10-30
EPSS
1.21%
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which allows attackers to cause a denial of service via unspecified vectors.
Max CVSS
4.3
Published
2009-10-19
Updated
2018-10-30
EPSS
0.26%
Integer overflow in Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.
Max CVSS
9.3
Published
2009-10-19
Updated
2018-10-30
EPSS
23.43%
CVE-2009-2990
Public exploit exists
Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.
Max CVSS
9.3
Published
2009-10-19
Updated
2018-10-30
EPSS
97.35%
Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors.
Max CVSS
9.3
Published
2009-10-19
Updated
2018-10-30
EPSS
21.20%
An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial of service via unknown vectors.
Max CVSS
4.3
Published
2009-10-19
Updated
2018-10-30
EPSS
0.26%
The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
Published
2009-10-19
Updated
2018-10-30
EPSS
32.30%
Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.
Max CVSS
9.3
Published
2009-10-19
Updated
2018-10-30
EPSS
2.46%
Integer overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service via unspecified vectors.
Max CVSS
4.3
Published
2009-10-19
Updated
2018-10-30
EPSS
0.35%
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2985.
Max CVSS
9.3
Published
2009-10-19
Updated
2018-10-30
EPSS
1.74%
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.
Max CVSS
9.3
Published
2009-10-19
Updated
2018-10-30
EPSS
1.01%
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458.
Max CVSS
9.3
Published
2009-10-19
Updated
2018-10-30
EPSS
78.46%