Adobe LiveCycle Designer is prone to a vulnerability that may allow the execution of any library file named objectassisten_US.dll, if this dll is located in the same folder than a .TDS file. The attacker must entice a victim into opening a specially crafted .TDS file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Adobe InDesign CS4 is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .INX file. The attacker must entice a victim into opening a specially crafted .INX file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Adobe Illustrator is prone to a buffer overflow vulnerability because it fails to perform adequate boundary checks when processing a malformed EPS file with a long DSC comment in encapsulated postscritps (.eps) files.
Adobe Illustrator CS5 is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .AIT file. The attacker must entice a victim into opening a specially crafted .AIT file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Adobe Illustrator CS4 is prone to a vulnerability that may allow execution of aires.dll if this dll is located in the same folder than the .AIT file. The attacker must entice a victim into opening a specially crafted .AIT file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
This module exploits a type confusion vulnerability in Adobe Flash Player. This vulnerability has been found exploited in-the-wild during December 2013.
Adobe Flash Professional CS5 is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder than .FLA file. The attacker must entice a victim into opening a specially crafted .FLA file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
This module exploits a vulnerability in Adobe Flash Player triggered when processing a specially crafted SWF file. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
A vulnerability has been identified in Adobe Flash Player, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by an uninitialized memory access triggered by a specially crafted .SWF file, which could be exploited by attackers to execute arbitrary code. This module creates a Microsoft Office Excel .XLS document containing an embedded .SWF file, and waits for an unsuspecting user to trigger the vulnerability by opening the .XLS file with Microsoft Office Excel. This vulnerability has been found exploited in-the-wild during March 2011.
This module exploits a memory corruption vulnerability in Adobe Flash Player when parsing a specially crafted .SWF file, which can be leveraged to execute arbitrary code on vulnerable machines by convincing an unsuspecting user to visit a malicious web site. This vulnerability has been found exploited in-the-wild during April 2011.