This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Daily Archives: August 15, 2023
ZDI-23-1107: (Pwn2Own) Adobe Acrobat Reader DC Object Prototype Pollution API Restrictions Bypass
This vulnerability allows remote attackers to bypass API restrictions on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-23-1108: (Pwn2Own) Adobe Acrobat Reader DC Net.HTTP.request Exposed Dangerous Method Sandbox Escape
This vulnerability allows remote attackers to escape the sandbox on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-23-1109: (Pwn2Own) Adobe Acrobat Reader DC AnnotsString Prototype Pollution API Restrictions Bypass Vulnerability
This vulnerability allows remote attackers to bypass API restrictions on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-23-1110: (Pwn2Own) Adobe Acrobat Reader DC Net.HTTP.request URL Restriction Bypass Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-23-1111: (Pwn2Own) Adobe Acrobat Reader DC Protected API Restrictions Bypass Vulnerability
This vulnerability allows remote attackers to bypass JavaScript API restrictions on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-23-1112: Microsoft Windows Error Reporting Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Furthermore, exploitation is possible only in limited circumstances.
ZDI-23-1113: Schneider Electric EcoStruxure Operator Terminal Expert VXDZ File Parsing Code Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Operator Terminal Expert. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-23-1114: ESET Smart Security Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of ESET Smart Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
ZDI-23-1115: Siemens Solid Edge Viewer DWG File Parsing Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.