CVE-2009-4324

Known exploited
Public exploit
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
Max CVSS
9.3
EPSS Score
97.04%
Published
2009-12-15
Updated
2018-10-30
CISA KEV Added
2022-06-08

CVE-2009-4195

Public exploit
Buffer overflow in Adobe Illustrator CS4 14.0.0, CS3 13.0.3 and earlier, and CS3 13.0.0 allows remote attackers to execute arbitrary code via a long DSC comment in an Encapsulated PostScript (.eps) file. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
97.20%
Published
2009-12-04
Updated
2018-10-10
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820.
Max CVSS
7.1
EPSS Score
0.82%
Published
2009-12-10
Updated
2018-10-30
Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
Max CVSS
9.3
EPSS Score
0.54%
Published
2009-12-10
Updated
2018-10-30
Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers."
Max CVSS
9.3
EPSS Score
19.48%
Published
2009-12-10
Updated
2018-10-30
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
Max CVSS
9.3
EPSS Score
0.88%
Published
2009-12-10
Updated
2018-10-30
Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
Max CVSS
9.3
EPSS Score
1.22%
Published
2009-12-10
Updated
2017-09-19
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."
Max CVSS
9.3
EPSS Score
0.62%
Published
2009-12-10
Updated
2018-10-30
Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.
Max CVSS
9.3
EPSS Score
55.47%
Published
2009-12-10
Updated
2018-10-30
Directory traversal vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to load arbitrary DLL files via unspecified vectors.
Max CVSS
10.0
EPSS Score
0.20%
Published
2009-12-21
Updated
2009-12-22
Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to cause a denial of service (resource exhaustion) via unknown vectors.
Max CVSS
5.0
EPSS Score
0.10%
Published
2009-12-21
Updated
2009-12-22
Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.
Max CVSS
7.8
EPSS Score
0.06%
Published
2009-09-30
Updated
2024-02-08
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an "invalid string length vulnerability." NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
4.86%
Published
2009-11-04
Updated
2017-09-19
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3464. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
7.31%
Published
2009-11-04
Updated
2017-09-19
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3465. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
7.31%
Published
2009-11-04
Updated
2017-09-19
Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
7.81%
Published
2009-11-04
Updated
2017-09-19
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug mode is enabled, allow attackers to execute arbitrary code via unspecified vectors, related to a "format bug."
Max CVSS
5.1
EPSS Score
0.87%
Published
2009-10-19
Updated
2018-10-30
Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows attackers to bypass intended file-extension restrictions via unknown vectors.
Max CVSS
9.3
EPSS Score
0.49%
Published
2009-10-19
Updated
2017-09-19
Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
Max CVSS
9.3
EPSS Score
1.74%
Published
2009-10-19
Updated
2018-10-30

CVE-2009-3459

Public exploit
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
97.23%
Published
2009-10-13
Updated
2018-10-30
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998.
Max CVSS
9.3
EPSS Score
78.46%
Published
2009-10-19
Updated
2018-10-30
Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4 and earlier 7.x versions allows remote attackers to cause a denial of service (application crash) via a PDF file with a large number of [ (open square bracket) characters in the argument to the alert method. NOTE: some of these details are obtained from third party information.
Max CVSS
5.0
EPSS Score
10.59%
Published
2009-09-25
Updated
2017-09-19
Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.
Max CVSS
9.3
EPSS Score
84.86%
Published
2009-09-18
Updated
2017-09-19

CVE-2009-3068

Public exploit
Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11.
Max CVSS
9.3
EPSS Score
97.08%
Published
2009-09-04
Updated
2018-10-10
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458.
Max CVSS
9.3
EPSS Score
78.46%
Published
2009-10-19
Updated
2018-10-30
95 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!