U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:adobe:acrobat_reader:5.0.7
There are 164 matching records.
Displaying matches 101 through 120.
Vuln ID Summary CVSS Severity
CVE-2014-9150

Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568.

Published: November 29, 2014; 9:59:00 PM -0500
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2012-4363

Multiple unspecified vulnerabilities in Adobe Reader through 10.1.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, related to "sixteen more crashes affecting Windows, OS X, or both systems."

Published: August 21, 2012; 6:46:10 AM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-2462

Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.

Published: December 07, 2011; 2:55:01 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2011-2107

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site scripting vulnerability."

Published: June 08, 2011; 10:38:36 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-2884

Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010.

Published: September 15, 2010; 2:00:44 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-2883

Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.

Published: September 09, 2010; 6:00:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1297

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.

Published: June 08, 2010; 2:30:10 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-0186

Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors.

Published: February 15, 2010; 1:30:00 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2009-3959

Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.

Published: January 13, 2010; 2:30:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2009-3958

Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters.

Published: January 13, 2010; 2:30:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2009-3957

Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors.

Published: January 13, 2010; 2:30:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2009-3956

The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.

Published: January 13, 2010; 2:30:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2009-3955

Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.

Published: January 13, 2010; 2:30:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2009-3954

The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."

Published: January 13, 2010; 2:30:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2009-3953

The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.

Published: January 13, 2010; 2:30:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2009-4324

Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.

Published: December 14, 2009; 9:30:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2009-3462

Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug mode is enabled, allow attackers to execute arbitrary code via unspecified vectors, related to a "format bug."

Published: October 19, 2009; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2009-3458

Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998.

Published: October 19, 2009; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2009-2998

Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458.

Published: October 19, 2009; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2009-2997

Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.

Published: October 19, 2009; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH