CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Adobe » Acrobat Reader : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2009-2981 20 Bypass 2009-10-19 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to bypass intended Trust Manager restrictions via unspecified vectors.
602 CVE-2009-2980 189 DoS Exec Code Overflow 2009-10-19 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.
603 CVE-2009-2979 DoS 2009-10-19 2018-10-30
4.3
None Remote Medium Not required None None Partial
Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service via a crafted document.
604 CVE-2009-2564 264 1 +Priv 2009-07-21 2018-10-10
7.2
Admin Local Low Not required Complete Complete Complete
NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6.2.36 and possibly other versions, Corel getPlus Download Manager before 1.5.0.48, and possibly other products, installs NOS\bin\getPlus_HelperSvc.exe with insecure permissions (Everyone:Full Control), which allows local users to gain SYSTEM privileges by replacing getPlus_HelperSvc.exe with a Trojan horse program, as demonstrated by use of getPlus Download Manager within Adobe Reader. NOTE: within Adobe Reader, the scope of this issue is limited because the program is deleted and the associated service is not automatically launched after a successful installation and reboot.
605 CVE-2009-2028 2009-06-11 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 have unknown impact and attack vectors, related to "Adobe internally discovered issues."
606 CVE-2009-1862 94 DoS Exec Code Mem. Corr. 2009-07-23 2009-09-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.
607 CVE-2009-1861 119 DoS Exec Code Overflow Mem. Corr. 2009-06-11 2010-05-04
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file with a JPX (aka JPEG2000) stream that triggers heap memory corruption.
608 CVE-2009-1859 399 Exec Code Mem. Corr. 2009-06-11 2010-05-04
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
609 CVE-2009-1858 399 Exec Code Mem. Corr. 2009-06-11 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
The JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
610 CVE-2009-1857 399 DoS Exec Code Mem. Corr. 2009-06-11 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a PDF document with a crafted TrueType font.
611 CVE-2009-1856 189 DoS Exec Code Overflow 2009-06-11 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows attackers to cause a denial of service or possibly execute arbitrary code via a PDF file containing unspecified parameters to the FlateDecode filter, which triggers a heap-based buffer overflow.
612 CVE-2009-1855 119 Exec Code Overflow 2009-06-11 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via a PDF file containing a malformed U3D model file with a crafted extension block.
613 CVE-2009-1492 399 DoS Exec Code Mem. Corr. 2009-04-30 2018-11-08
9.3
None Remote Medium Not required Complete Complete Complete
The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments.
614 CVE-2009-1062 20 Exec Code Mem. Corr. 2009-03-24 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061.
615 CVE-2009-1061 20 Exec Code 2009-03-24 2018-11-08
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via unknown attack vectors related to JBIG2 and "input validation," a different vulnerability than CVE-2009-0193 and CVE-2009-1062.
616 CVE-2009-0928 119 Exec Code Overflow 2009-03-24 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat Professional 7.1.0, 8.1.3, 9.0.0, and other versions allows remote attackers to execute arbitrary code via a PDF file containing a JBIG2 stream with a size inconsistency related to an unspecified table.
617 CVE-2009-0927 20 1 Exec Code Overflow 2009-03-19 2018-11-08
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.
618 CVE-2009-0889 119 Exec Code Overflow 2009-06-11 2009-08-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, and CVE-2009-0888.
619 CVE-2009-0888 119 Exec Code Overflow 2009-06-11 2009-08-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, and CVE-2009-0889.
620 CVE-2009-0658 119 Exec Code Overflow 2009-02-20 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.
621 CVE-2009-0512 119 Exec Code Overflow 2009-06-11 2010-05-04
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0888, and CVE-2009-0889.
622 CVE-2009-0511 119 Exec Code Overflow 2009-06-11 2010-05-04
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889.
623 CVE-2009-0510 119 Exec Code Overflow 2009-06-11 2010-05-04
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889.
624 CVE-2009-0509 119 Exec Code Overflow Mem. Corr. 2009-06-11 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to execute arbitrary code via a crafted file that triggers memory corruption.
625 CVE-2009-0198 119 DoS Exec Code Overflow Mem. Corr. 2009-06-11 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF file that contains JBIG2 text region segments with Huffman encoding.
626 CVE-2009-0193 119 Exec Code Overflow 2009-03-24 2018-11-08
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a PDF file with a malformed JBIG2 symbol dictionary segment, a different vulnerability than CVE-2009-1061 and CVE-2009-1062.
627 CVE-2008-4817 20 Exec Code 2008-11-05 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption.
628 CVE-2008-4816 2008-11-05 2018-10-30
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Download Manager in Adobe Reader 8.1.2 and earlier on Windows allows remote attackers to change Internet Security options on a client machine via unknown vectors.
629 CVE-2008-4815 264 +Priv 2008-11-05 2018-10-30
7.5
User Remote Low Not required Partial Partial Partial
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH.
630 CVE-2008-4814 20 Exec Code 2008-11-05 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an "input validation issue."
631 CVE-2008-4813 399 Exec Code Mem. Corr. 2008-11-05 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj method; or (2) contains a malformed PDF object that triggers memory corruption during parsing.
632 CVE-2008-4812 20 Exec Code 2008-11-05 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts.
633 CVE-2008-2992 119 Exec Code Overflow 2008-11-04 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
634 CVE-2008-2641 DoS Exec Code 2008-06-25 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method."
635 CVE-2008-2549 DoS Exec Code 2008-06-04 2017-09-28
4.3
None Remote Medium Not required None None Partial
Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.
636 CVE-2008-2042 20 Exec Code Overflow 2008-05-07 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function.
637 CVE-2008-0883 59 2008-03-05 2017-08-07
3.7
None Local High Not required Partial Partial Partial
acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.
638 CVE-2008-0726 189 Exec Code Overflow Mem. Corr. 2008-02-12 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption.
639 CVE-2008-0667 399 2008-02-11 2018-10-15
4.3
None Remote Medium Not required None None Partial
The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be subsumed by CVE-2008-0655.
640 CVE-2008-0655 2008-02-07 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.
641 CVE-2007-5666 94 Exec Code 2008-02-12 2017-09-28
6.2
Admin Local High Not required Complete Complete Complete
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current working directory. NOTE: this issue might be subsumed by CVE-2008-0655.
642 CVE-2007-5663 94 Exec Code 2008-02-12 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655.
643 CVE-2007-5659 119 Exec Code Overflow 2008-02-12 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655.
644 CVE-2007-5020 94 Exec Code 2007-09-21 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vague pre-advisory by a reliable researcher.
645 CVE-2007-1377 1 DoS 2007-03-09 2017-07-28
5.0
None Remote Low Not required None None Partial
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236.
646 CVE-2007-1199 2007-03-02 2017-07-28
4.3
None Remote Medium Not required Partial None None
Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with <</URI(file:///C:/)/S/URI>>, a different issue than CVE-2007-0045.
647 CVE-2007-0103 20 DoS Exec Code Mem. Corr. 2007-01-08 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
648 CVE-2007-0048 DoS XSS 2007-01-03 2018-10-16
5.0
None Remote Low Not required None None Partial
Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue."
649 CVE-2007-0047 Http R.Spl. 2007-01-03 2017-07-28
6.8
User Remote Medium Not required Partial Partial Partial
CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
650 CVE-2007-0046 Exec Code 2007-01-03 2018-10-16
7.5
User Remote Low Not required Partial Partial Partial
Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
Total number of vulnerabilities : 681   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.