This module exploits a vulnerability in Adobe Reader and Adobe Acrobat Professional .PDF files. The vulnerability is caused due to boundary errors in newplayer() method in multimedia.api. This can be exploited to cause a buffer overflow when a specially crafted .PDF file is opened. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
This module exploits a vulnerability in Adobe Reader and Adobe Acrobat Professional .PDF files. The vulnerability is caused due to boundary errors in collectEmailInfo() method in EScript.api. This can be exploited to cause a stack-based buffer overflow when a specially crafted PDF file is opened. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
This module exploits a stack based buffer overflow vulnerability in Adobe Reader when handling a specially crafted PDF file. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
This module exploits a heap based buffer overflow vulnerability in Adobe Reader when handling a specially crafted PDF file. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
The vulnerability is caused due to a boundary error in MAIPM6.DLL when handling font names in PageMaker (.PMD) files. This can be exploited to cause a stack-based buffer overflow via a specially-crafted .PMD file containing an overly long font name.
Adobe LiveCycle Designer is prone to a vulnerability that may allow the execution of any library file named objectassisten_US.dll, if this dll is located in the same folder than a .TDS file. The attacker must entice a victim into opening a specially crafted .TDS file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Adobe InDesign CS4 is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .INX file. The attacker must entice a victim into opening a specially crafted .INX file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Adobe Illustrator is prone to a buffer overflow vulnerability because it fails to perform adequate boundary checks when processing a malformed EPS file with a long DSC comment in encapsulated postscritps (.eps) files.
Adobe Illustrator CS5 is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .AIT file. The attacker must entice a victim into opening a specially crafted .AIT file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Adobe Illustrator CS4 is prone to a vulnerability that may allow execution of aires.dll if this dll is located in the same folder than the .AIT file. The attacker must entice a victim into opening a specially crafted .AIT file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.