Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-1862

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 Jul, 2009 | 20:00
Updated At-30 Jul, 2025 | 01:47
Rejected At-
Credits

Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability

Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Known Exploited Vulnerabilities (KEV)
cisa.gov
Vendor:
Adobe Inc.Adobe
Product:Acrobat and Reader, Flash Player
Added At:08 Jun, 2022
Due At:22 Jun, 2022

Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability

Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).

Used in Ransomware

:

Unknown

CWE

:
CWE-94

Required Action:

For Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use.

Additional Notes:

https://nvd.nist.gov/vuln/detail/CVE-2009-1862
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 Jul, 2009 | 20:00
Updated At:30 Jul, 2025 | 01:47
Rejected At:
▼CVE Numbering Authority (CNA)

Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
vendor-advisory
x_refsource_SUNALERT
http://www.kb.cert.org/vuls/id/259425
third-party-advisory
x_refsource_CERT-VN
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99
x_refsource_MISC
http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html
vendor-advisory
x_refsource_APPLE
http://security.gentoo.org/glsa/glsa-200908-04.xml
vendor-advisory
x_refsource_GENTOO
http://support.apple.com/kb/HT3864
x_refsource_CONFIRM
http://isc.sans.org/diary.html?storyid=6847
x_refsource_MISC
http://www.adobe.com/support/security/bulletins/apsb09-13.html
x_refsource_CONFIRM
http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html
x_refsource_MISC
http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability
x_refsource_MISC
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
vendor-advisory
x_refsource_APPLE
http://bugs.adobe.com/jira/browse/FP-1265
x_refsource_MISC
http://www.adobe.com/support/security/bulletins/apsb09-10.html
x_refsource_CONFIRM
http://secunia.com/advisories/36374
third-party-advisory
x_refsource_SECUNIA
http://support.apple.com/kb/HT3865
x_refsource_CONFIRM
http://secunia.com/advisories/36193
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/36701
third-party-advisory
x_refsource_SECUNIA
http://www.adobe.com/support/security/advisories/apsa09-03.html
x_refsource_CONFIRM
http://news.cnet.com/8301-27080_3-10293389-245.html
x_refsource_MISC
http://www.securityfocus.com/bid/35759
vdb-entry
x_refsource_BID
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://www.kb.cert.org/vuls/id/259425
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99
Resource:
x_refsource_MISC
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://security.gentoo.org/glsa/glsa-200908-04.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://support.apple.com/kb/HT3864
Resource:
x_refsource_CONFIRM
Hyperlink: http://isc.sans.org/diary.html?storyid=6847
Resource:
x_refsource_MISC
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-13.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html
Resource:
x_refsource_MISC
Hyperlink: http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability
Resource:
x_refsource_MISC
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://bugs.adobe.com/jira/browse/FP-1265
Resource:
x_refsource_MISC
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-10.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/36374
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://support.apple.com/kb/HT3865
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/36193
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/36701
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.adobe.com/support/security/advisories/apsa09-03.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://news.cnet.com/8301-27080_3-10293389-245.html
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/35759
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://www.kb.cert.org/vuls/id/259425
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99
x_refsource_MISC
x_transferred
http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://security.gentoo.org/glsa/glsa-200908-04.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://support.apple.com/kb/HT3864
x_refsource_CONFIRM
x_transferred
http://isc.sans.org/diary.html?storyid=6847
x_refsource_MISC
x_transferred
http://www.adobe.com/support/security/bulletins/apsb09-13.html
x_refsource_CONFIRM
x_transferred
http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html
x_refsource_MISC
x_transferred
http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability
x_refsource_MISC
x_transferred
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://bugs.adobe.com/jira/browse/FP-1265
x_refsource_MISC
x_transferred
http://www.adobe.com/support/security/bulletins/apsb09-10.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/36374
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://support.apple.com/kb/HT3865
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/36193
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/36701
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.adobe.com/support/security/advisories/apsa09-03.html
x_refsource_CONFIRM
x_transferred
http://news.cnet.com/8301-27080_3-10293389-245.html
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/35759
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/259425
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200908-04.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://support.apple.com/kb/HT3864
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://isc.sans.org/diary.html?storyid=6847
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-13.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://bugs.adobe.com/jira/browse/FP-1265
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-10.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/36374
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://support.apple.com/kb/HT3865
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/36193
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/36701
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.adobe.com/support/security/advisories/apsa09-03.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://news.cnet.com/8301-27080_3-10293389-245.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/35759
Resource:
vdb-entry
x_refsource_BID
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
kev
dateAdded:
2022-06-08
reference:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-1862
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
CVE-2009-1862 added to CISA KEV2022-06-08 00:00:00
Event: CVE-2009-1862 added to CISA KEV
Date: 2022-06-08 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:23 Jul, 2009 | 20:30
Updated At:03 Apr, 2025 | 19:53

Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2022-06-082022-06-22Adobe Acrobat and Reader, Flash Player Unspecified VulnerabilityFor Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use.
Date Added: 2022-06-08
Due Date: 2022-06-22
Vulnerability Name: Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability
Required Action: For Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use.
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Adobe Inc.
adobe
>>acrobat>>Versions from 9.0(inclusive) to 9.1.2(inclusive)
cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>Versions from 9.0(inclusive) to 9.1.2(inclusive)
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>Versions from 9.0(inclusive) to 9.0.159.0(inclusive)
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>Versions from 10.0(inclusive) to 10.0.22.87(inclusive)
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-787Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-787
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Per: http://www.kb.cert.org/vuls/id/259425 "Adobe Flash is a widely deployed multimedia platform typically used to provide content in web sites. Adobe Flash Player, Reader, Acrobat, and other Adobe products include Flash support. Adobe Flash Player contains a code execution vulnerability. An attacker may be able to trigger this vulnerability by convincing a user to open a specially crafted Flash (SWF) file. The SWF file could be hosted or embedded in a web page or contained in a Portable Document Format (PDF) file. If an attacker can take control of a website or web server, trusted sites may exploit this vulnerability. This vulnerability affects Adobe Flash versions 9.0.159.0 and 10.0.22.87 and earlier 9.x and 10.x versions. Adobe Reader 9, Acrobat 9, and other Adobe products (including Photoshop CS3, PhotoShop Lightroom, Freehand MX, Fireworks) provide Flash support independent of Flash Player. As of 2009-07-22, Adobe Reader 9.1.2 includes Flash 9.0.155.0, which is likely vulnerable to issues addressed by Flash 9.0.159.0"

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.htmlcve@mitre.org
Broken Link
Vendor Advisory
http://bugs.adobe.com/jira/browse/FP-1265cve@mitre.org
Broken Link
http://isc.sans.org/diary.html?storyid=6847cve@mitre.org
Not Applicable
http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://news.cnet.com/8301-27080_3-10293389-245.htmlcve@mitre.org
Broken Link
http://secunia.com/advisories/36193cve@mitre.org
Broken Link
http://secunia.com/advisories/36374cve@mitre.org
Broken Link
http://secunia.com/advisories/36701cve@mitre.org
Broken Link
http://security.gentoo.org/glsa/glsa-200908-04.xmlcve@mitre.org
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1cve@mitre.org
Broken Link
http://support.apple.com/kb/HT3864cve@mitre.org
Third Party Advisory
http://support.apple.com/kb/HT3865cve@mitre.org
Third Party Advisory
http://www.adobe.com/support/security/advisories/apsa09-03.htmlcve@mitre.org
Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb09-10.htmlcve@mitre.org
Not Applicable
http://www.adobe.com/support/security/bulletins/apsb09-13.htmlcve@mitre.org
Not Applicable
http://www.kb.cert.org/vuls/id/259425cve@mitre.org
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/35759cve@mitre.org
Broken Link
Third Party Advisory
VDB Entry
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99cve@mitre.org
Broken Link
http://www.symantec.com/connect/blogs/next-generation-flash-vulnerabilitycve@mitre.org
Broken Link
http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.htmlaf854a3a-2127-422b-91ae-364da2661108
Broken Link
Vendor Advisory
http://bugs.adobe.com/jira/browse/FP-1265af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://isc.sans.org/diary.html?storyid=6847af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://news.cnet.com/8301-27080_3-10293389-245.htmlaf854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/36193af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/36374af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/36701af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://security.gentoo.org/glsa/glsa-200908-04.xmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://support.apple.com/kb/HT3864af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://support.apple.com/kb/HT3865af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.adobe.com/support/security/advisories/apsa09-03.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb09-10.htmlaf854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://www.adobe.com/support/security/bulletins/apsb09-13.htmlaf854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://www.kb.cert.org/vuls/id/259425af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/35759af854a3a-2127-422b-91ae-364da2661108
Broken Link
Third Party Advisory
VDB Entry
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.symantec.com/connect/blogs/next-generation-flash-vulnerabilityaf854a3a-2127-422b-91ae-364da2661108
Broken Link
Hyperlink: http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://bugs.adobe.com/jira/browse/FP-1265
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://isc.sans.org/diary.html?storyid=6847
Source: cve@mitre.org
Resource:
Not Applicable
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://news.cnet.com/8301-27080_3-10293389-245.html
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/36193
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/36374
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/36701
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://security.gentoo.org/glsa/glsa-200908-04.xml
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://support.apple.com/kb/HT3864
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://support.apple.com/kb/HT3865
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.adobe.com/support/security/advisories/apsa09-03.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-10.html
Source: cve@mitre.org
Resource:
Not Applicable
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-13.html
Source: cve@mitre.org
Resource:
Not Applicable
Hyperlink: http://www.kb.cert.org/vuls/id/259425
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.securityfocus.com/bid/35759
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://bugs.adobe.com/jira/browse/FP-1265
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://isc.sans.org/diary.html?storyid=6847
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://news.cnet.com/8301-27080_3-10293389-245.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/36193
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/36374
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/36701
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://security.gentoo.org/glsa/glsa-200908-04.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://support.apple.com/kb/HT3864
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://support.apple.com/kb/HT3865
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.adobe.com/support/security/advisories/apsa09-03.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-10.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-13.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: http://www.kb.cert.org/vuls/id/259425
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.securityfocus.com/bid/35759
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link

Change History

0
Information is not available yet

Similar CVEs

4597Records found
CVE-2021-35993
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-3.07% / 86.22%
||
7 Day CHG~0.00%
Published-02 Sep, 2021 | 17:00
Updated-23 Apr, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe After Effects PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe After Effects version 18.2.1 (and earlier) is affected by an out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-after_effectsAfter Effects
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-36050
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.26% / 78.59%
||
7 Day CHG~0.00%
Published-01 Sep, 2021 | 14:32
Updated-17 Sep, 2024 | 02:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XMP Toolkit SDK Heap-based Buffer Overflow Could Lead To Arbitrary Code Execution

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

Action-Not Available
Vendor-Debian GNU/LinuxAdobe Inc.
Product-xmp_toolkit_software_development_kitdebian_linuxXMP Toolkit
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-47073
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.75%
||
7 Day CHG~0.00%
Published-17 Nov, 2023 | 10:55
Updated-16 Sep, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-21709: Adobe After Effects MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosafter_effectsAfter Effectsafter_effects
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-35999
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.20% / 78.03%
||
7 Day CHG~0.00%
Published-20 Aug, 2021 | 18:10
Updated-23 Apr, 2025 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Prelude Memory Corruption Remote Code Execution Vulnerability

Adobe Prelude version 10.0 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowspreludePrelude
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-35989
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.20% / 78.03%
||
7 Day CHG~0.00%
Published-20 Aug, 2021 | 18:10
Updated-23 Apr, 2025 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Bridge PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsbridgeBridge
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-49508
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.32%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 20:45
Updated-16 Nov, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InDesign Desktop | Heap-based Buffer Overflow (CWE-122)

InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsindesignmacosInDesign Desktopindesign
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-49516
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.32%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 20:02
Updated-04 Dec, 2024 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Painter | Out-of-bounds Write (CWE-787)

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_painterSubstance3D - Paintersubstance_3d_painter
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47434
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.32%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 20:02
Updated-13 Nov, 2024 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Painter | Out-of-bounds Write (CWE-787)

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_painterSubstance3D - Paintersubstance_3d_painter
CWE ID-CWE-787
Out-of-bounds Write
CVE-2012-0753
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-2.11% / 83.39%
||
7 Day CHG~0.00%
Published-16 Feb, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted MP4 data.

Action-Not Available
Vendor-n/aMicrosoft CorporationLinux Kernel Organization, IncGoogle LLCOracle CorporationApple Inc.Adobe Inc.
Product-linux_kernelwindowssolarisandroidflash_playermac_os_xn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47442
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.32%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 18:20
Updated-16 Nov, 2024 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
After Effects | Out-of-bounds Write (CWE-787)

After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosafter_effectsAfter Effectsafter_effects
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47432
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.32%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 20:02
Updated-13 Nov, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Painter | Out-of-bounds Write (CWE-787)

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_painterSubstance3D - Paintersubstance_3d_painter
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47451
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.32%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 18:54
Updated-14 Nov, 2024 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator | Out-of-bounds Write (CWE-787)

Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosillustratorIllustratorillustrator
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47430
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.32%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 20:02
Updated-04 Dec, 2024 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Painter | Out-of-bounds Write (CWE-787)

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_painterSubstance3D - Paintersubstance_3d_painter
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-34133
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.20%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 14:56
Updated-16 Aug, 2024 | 04:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Illustrator CC 2023 v27.9 Vulnerability I

Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosillustratorIllustratorillustrator
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-34115
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.42%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 11:25
Updated-02 Aug, 2024 | 02:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-24054: Adobe Substance 3D Stager SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Substance3D - Stager versions 2.1.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_stagerSubstance3D - Stagersubstance_3d_stager
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-34124
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.20%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 14:55
Updated-19 Aug, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-24031: Adobe Dimension SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Dimension versions 3.4.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-dimensionDimensiondimension
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47443
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.32%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 18:20
Updated-16 Nov, 2024 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
After Effects | Out-of-bounds Write (CWE-787)

After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosafter_effectsAfter Effectsafter_effects
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-28586
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-0.80% / 73.11%
||
7 Day CHG~0.00%
Published-28 Jun, 2021 | 13:49
Updated-16 Sep, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe After Effects PDF file parsing out-of-bounds write could lead to remote code execution vulnerability

After Effects version 18.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsafter_effectsAfter Effects
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-28610
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.02% / 76.30%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 18:00
Updated-23 Apr, 2025 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe After Effects heap corruption vulnerability could lead to arbitrary code execution

Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsafter_effectsAfter Effects
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-28602
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-4.85% / 89.13%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 17:57
Updated-23 Apr, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe After Effects Memory corruption could lead to code execution vulnerability

Adobe After Effects version 18.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsafter_effectsAfter Effects
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-30297
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.42%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 08:59
Updated-02 Dec, 2024 | 21:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
When Adobe Animate parses FLA files, there is a heap out-of-bounds write vulnerability at Animate.exe+0x125D391

Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsanimatemacosAnimateanimate
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-30279
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.38% / 79.50%
||
7 Day CHG~0.00%
Published-23 May, 2024 | 08:29
Updated-02 Dec, 2024 | 21:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-22887: Adobe Acrobat Reader DC JPEG2000 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Readeracrobat_dcacrobat_readeracrobat_reader_dcacrobat
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-30291
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.90%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 11:14
Updated-02 Dec, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe FrameMaker TIF File parsing Out Of Bound Write

Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-framemakerwindowsAdobe Framemakerframemaker
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-30292
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.90%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 11:14
Updated-02 Dec, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe FrameMaker GIF File parsing Out Of Bound Write

Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-framemakerwindowsAdobe Framemakerframemaker
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-30294
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.39%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 08:59
Updated-02 Dec, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate OGG File Parsing Heap Memory Corruption remote code execution Vulnerability

Animate versions 24.0.2, 23.0.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsanimatemacosAnimateanimate
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-30271
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.31%
||
7 Day CHG~0.00%
Published-11 Apr, 2024 | 18:11
Updated-04 Dec, 2024 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Illustrator 2023 CC 27.7 Memory Corruption Out-Of-Bounds-Write Vulnerability III.

Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosillustratorIllustratorillustrator
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-30273
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.35%
||
7 Day CHG~0.00%
Published-11 Apr, 2024 | 18:11
Updated-04 Dec, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Illustrator 2024 PS file Parsing Stack based Buffer Overflow Remote Code Execution Vulnerability

Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosillustratorIllustratorillustrator
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-30293
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.39%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 08:59
Updated-02 Dec, 2024 | 21:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate 2024 AI File parsing Stack base buffer overflow Remote Code execution Vulnerability

Animate versions 24.0.2, 23.0.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsanimatemacosAnimateanimate
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-30307
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.25% / 48.41%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 08:25
Updated-02 Dec, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Substance 3D Painter BMP File Parsing Out Of Bounds Write Vulnerability

Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_painterSubstance3D - Paintersubstance_3d_painter
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-30289
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.14%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 11:14
Updated-02 Dec, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe FrameMaker XLS File Parsing Buffer Overflow

Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-framemakerwindowsAdobe Framemakerframemaker
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-44703
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-11.78% / 93.44%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 19:05
Updated-17 Sep, 2024 | 00:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Pro DC Stack Overflow Vulnerability Arbitrary code execution

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a stack buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47429
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.32%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 20:02
Updated-04 Dec, 2024 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Painter | Out-of-bounds Write (CWE-787)

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_painterSubstance3D - Paintersubstance_3d_painter
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-2883
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.3||HIGH
EPSS-93.25% / 99.80%
||
7 Day CHG~0.00%
Published-09 Sep, 2010 | 21:00
Updated-30 Jul, 2025 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-22||Apply updates per vendor instructions.

Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aMicrosoft CorporationAdobe Inc.Apple Inc.
Product-windowsacrobat_readeracrobatmacosn/aAcrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47427
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.32%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 20:02
Updated-16 Nov, 2024 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Painter | Out-of-bounds Write (CWE-787)

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_painterSubstance3D - Paintersubstance_3d_painter
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-1280
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-37.16% / 97.04%
||
7 Day CHG~0.00%
Published-13 May, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowsshockwave_playermacosn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-0986
Matching Score-10
Assigner-Flexera Software LLC
ShareView Details
Matching Score-10
Assigner-Flexera Software LLC
CVSS Score-8.8||HIGH
EPSS-9.79% / 92.65%
||
7 Day CHG~0.00%
Published-13 May, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowsshockwave_playermacosn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-1283
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-8.61% / 92.05%
||
7 Day CHG~0.00%
Published-13 May, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowsshockwave_playermacosn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-1281
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-12.84% / 93.77%
||
7 Day CHG~0.00%
Published-13 May, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowsshockwave_playermacosn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-1297
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-93.62% / 99.83%
||
7 Day CHG~0.00%
Published-08 Jun, 2010 | 18:00
Updated-30 Jul, 2025 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-22||The impacted product is end-of-life and should be disconnected if still in use.

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.

Action-Not Available
Vendor-n/aAdobe Inc.Microsoft CorporationSUSEApple Inc.openSUSE
Product-airwindowsopensuseacrobatlinux_enterpriseflash_playermac_os_xn/aFlash Player
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-0128
Matching Score-10
Assigner-Flexera Software LLC
ShareView Details
Matching Score-10
Assigner-Flexera Software LLC
CVSS Score-9.3||HIGH
EPSS-8.22% / 91.86%
||
7 Day CHG~0.00%
Published-13 May, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-directorshockwave_playerwindowsmacosn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4130
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.18% / 83.68%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Action-Not Available
Vendor-n/aAdobe Inc.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Google LLCApple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_serverchrome_oslinux_kernellinux_enterprise_workstation_extensionopensuseflash_player_desktop_runtimeenterprise_linux_desktopenterprise_linux_workstationlinux_enterprise_desktopwindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-0127
Matching Score-10
Assigner-Flexera Software LLC
ShareView Details
Matching Score-10
Assigner-Flexera Software LLC
CVSS Score-8.8||HIGH
EPSS-12.35% / 93.62%
||
7 Day CHG~0.00%
Published-13 May, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowsshockwave_playermacosn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-44330
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.68%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 14:27
Updated-11 Sep, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Photoshop 2023 CC 24.7 Memory Corruption Vulnerability III.

Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsphotoshopmacosPhotoshop Desktop
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20741
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.84%
||
7 Day CHG~0.00%
Published-15 Feb, 2024 | 10:12
Updated-06 Aug, 2024 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Substance 3D Paint ICO Parsing Access Violation Write Vulnerability

Substance3D - Painter versions 9.1.1 and earlier are affected by a Write-what-where Condition vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_painterSubstance3D - Painter
CWE ID-CWE-123
Write-what-where Condition
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20727
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.75% / 72.22%
||
7 Day CHG~0.00%
Published-15 Feb, 2024 | 12:18
Updated-01 Aug, 2024 | 21:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
[TianfuCup] out-of-bounds access vulnerability when parsing jpeg2000

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Readeracrobat_readeracrobat_reader_dc
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20755
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.41% / 79.70%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 15:54
Updated-04 Dec, 2024 | 22:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Bridge PDF Parsing Heap Memory Corruption Remote Code Execution Vulnerability

Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsbridgemacosBridgebridge
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20744
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.84%
||
7 Day CHG~0.00%
Published-15 Feb, 2024 | 10:12
Updated-27 Aug, 2024 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Substance 3D Paint PICT Parsing Access Violation Write Vulnerability

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_painterSubstance3D - Paintersubstance_3d_painter
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20772
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.27%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 13:02
Updated-05 Dec, 2024 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Media Encoder 2024 AI file parsing Stack based buffer overflow

Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosmedia_encoderMedia Encodermedia_encoder
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20785
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.18% / 40.16%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 19:18
Updated-02 Aug, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Indesign 2024 TIFF File Parsing Memory Corruption Remote Code Execution vulnerability

InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsindesignmacosInDesign Desktopindesign
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20761
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.36%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 17:34
Updated-04 Dec, 2024 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate 2024 BMP File Parsing Out-Of-Bound Write Remote Code execution Vulnerability

Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsanimatemacosAnimate
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 91
  • 92
  • Next
Details not found