CVE List - 2011 / September
Showing 1 - 100 of 387 CVEs for September 2011 (Page 1 of 4)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2011-1944 | 2011-09-02 | Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly... |
| CVE-2011-2594 | 2011-09-02 | Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other versions, allows remote attackers to execute arbitrary code via a playlist (.KPL) file with a long Title field. |
| CVE-2011-2762 | 2011-09-02 | The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) allows remote attackers to bypass authentication via unspecified data associated with a "true" authentication status, related to AMF data and... |
| CVE-2011-2763 | 2011-09-02 | The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php. |
| CVE-2011-2903 | 2011-09-02 | Heap-based buffer overflow in tcptrack before 1.4.2 might allow attackers to execute arbitrary code via a long command line argument. NOTE: this is only a vulnerability in limited scenarios in... |
| CVE-2011-3132 | 2011-09-02 | Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers... |
| CVE-2011-3133 | 2011-09-02 | Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to... |
| CVE-2011-3134 | 2011-09-02 | Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to modify... |
| CVE-2009-5086 | 2011-09-02 | Cross-site scripting (XSS) vulnerability in Appliance Configuration Manager (ACM) in Juniper IDP 4.1 before 4.1r3 and 4.2 before 4.2r1 allows remote attackers to inject arbitrary web script or HTML via... |
| CVE-2011-3385 | 2011-09-02 | Cross-site scripting (XSS) vulnerability in WebsiteBaker before 2.8, as used in LEPTON and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unknown vectors, a... |
| CVE-2011-0311 | 2011-09-02 | The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users... |
| CVE-2011-0541 | 2011-09-02 | fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack. |
| CVE-2011-0543 | 2011-09-02 | Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories... |
| CVE-2011-1411 | 2011-09-02 | Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack." |
| CVE-2011-2176 | 2011-09-02 | GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors. |
| CVE-2011-3386 | 2011-09-02 | Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522, 712, and 722 allows remote attackers to modify the delivery of an insulin bolus dose and cause a denial of... |
| CVE-2011-3387 | 2011-09-02 | The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authenticated users to cause a denial of service (memory consumption or an infinite loop) via a crafted attribute... |
| CVE-2011-0542 | 2011-09-02 | fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors. |
| CVE-2010-4833 | 2011-09-06 | Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in GTK+ before 2.24.0 allows local users to gain privileges via a Trojan horse uxtheme.dll file in the current working directory, a different vulnerability... |
| CVE-2011-0258 | 2011-09-06 | Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image description associated... |
| CVE-2011-1359 | 2011-09-06 | Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to read arbitrary files... |
| CVE-2011-2654 | 2011-09-06 | The RPC implementation in the server in Novell Cloud Manager 1.1.2 before Patch 3 does not properly initialize objects, which allows remote attackers to execute arbitrary code by making RPC... |
| CVE-2011-2723 | 2011-09-06 | The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause... |
| CVE-2011-3205 | 2011-09-06 | Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to... |
| CVE-2011-3390 | 2011-09-06 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in IBM OpenAdmin Tool (OAT) before 2.72 for Informix allow remote attackers to inject arbitrary web script or HTML via the (1) informixserver,... |
| CVE-2010-4831 | 2011-09-06 | Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in GTK+ before 2.21.8 allows local users to gain privileges via a Trojan horse Wintab32.dll file in the current working directory. |
| CVE-2011-2700 | 2011-09-06 | Multiple buffer overflows in the si4713_write_econtrol_string function in drivers/media/radio/si4713-i2c.c in the Linux kernel before 2.6.39.4 on the N900 platform might allow local users to cause a denial of service or... |
| CVE-2011-1771 | 2011-09-06 | The cifs_close function in fs/cifs/file.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other... |
| CVE-2011-1776 | 2011-09-06 | The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically... |
| CVE-2011-2184 | 2011-09-06 | The key_replace_session_keyring function in security/keys/process_keys.c in the Linux kernel before 2.6.39.1 does not initialize a certain structure member, which allows local users to cause a denial of service (NULL pointer... |
| CVE-2011-2660 | 2011-09-06 | The modify_resolvconf_suse script in the vpnc package before 0.5.1-55.10.1 in SUSE Linux Enterprise Desktop 11 SP1 might allow remote attackers to execute arbitrary commands via a crafted DNS domain name. |
| CVE-2011-2724 | 2011-09-06 | The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of... |
| CVE-2011-3200 | 2011-09-06 | Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service... |
| CVE-2011-3204 | 2011-09-06 | hammerhead.cc in Hammerhead 2.1.4 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/hammer.log (aka the HH_LOG file) or (2) the REPORT_LOG file. |
| CVE-2011-3388 | 2011-09-06 | Opera before 11.51 allows remote attackers to cause an insecure site to appear secure or trusted via unspecified actions related to Extended Validation and loading content from trusted sources in... |
| CVE-2011-3389 | 2011-09-06 | The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with... |
| CVE-2011-3341 | 2011-09-08 | Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted CMD_INSERT_ORDER command. |
| CVE-2011-3342 | 2011-09-08 | Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors related to (1) NAME, (2)... |
| CVE-2011-3343 | 2011-09-08 | Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE... |
| CVE-2011-3391 | 2011-09-08 | IBM Rational Build Forge 7.1.2 relies on client-side JavaScript code to enforce the EditSecurity permission requirement for the Export Key File function, which allows remote authenticated users to read a... |
| CVE-2011-3392 | 2011-09-08 | Cross-site scripting (XSS) vulnerability in control.php in the controlcenter in Phorum before 5.2.17 allows remote attackers to inject arbitrary web script or HTML via the real_name parameter. |
| CVE-2011-3381 | 2011-09-08 | Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.16 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
| CVE-2011-3382 | 2011-09-08 | Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2011-3384 | 2011-09-08 | Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and earlier for Firefox allows remote attackers to inject arbitrary web script or HTML via a crafted feed, a different vulnerability... |
| CVE-2009-5087 | 2011-09-09 | Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request. |
| CVE-2009-5088 | 2011-09-09 | SQL injection vulnerability in secure/index.php in IdeaCart 0.02 allows remote attackers to execute arbitrary SQL commands via the cID parameter. |
| CVE-2009-5089 | 2011-09-09 | Directory traversal vulnerability in index.php in IdeaCart 0.02 and 0.02a allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. |
| CVE-2009-5090 | 2011-09-09 | SQL injection vulnerability in editcomments.php in Bloggeruniverse Beta 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter and possibly other unspecified vectors. |
| CVE-2009-5091 | 2011-09-09 | SQL injection vulnerability in page.php in Vlinks 1.0.3 and 1.1.6 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2009-5092 | 2011-09-09 | Cross-site scripting (XSS) vulnerability in the management interface in Microsoft FAST ESP 5.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2009-5093 | 2011-09-09 | Directory traversal vulnerability in gastbuch.php in Gästebuch (Gastebuch) 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter. |
| CVE-2009-5094 | 2011-09-09 | SQL injection vulnerability in info.php in CMS Faethon 2.2.0 Ultimate allows remote attackers to execute arbitrary SQL commands via the item parameter. |
| CVE-2009-5095 | 2011-09-09 | PHP remote file inclusion vulnerability in index_inc.php in ea gBook 0.1 and 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_ordner parameter. |
| CVE-2011-3420 | 2011-09-10 | Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.157 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. |
| CVE-2011-3421 | 2011-09-10 | Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.125 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. |
| CVE-2011-3422 | 2011-09-10 | The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers... |
| CVE-2010-4340 | 2011-09-11 | libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack. |
| CVE-2009-5096 | 2011-09-13 | Cross-site scripting (XSS) vulnerability in the Flag Content module 5.x-2.x before 5.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Reason parameter. |
| CVE-2009-5098 | 2011-09-13 | The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not viewing web pages in landscape mode, allows remote attackers to cause a denial of service (crash) via a... |
| CVE-2009-5099 | 2011-09-13 | Cross-site scripting (XSS) vulnerability in ViewAction in Pentaho BI Server 1.7.0.1062 and earlier allows remote attackers to inject arbitrary web script or HTML via the outputType parameter. |
| CVE-2009-5100 | 2011-09-13 | Pentaho BI Server 1.7.0.1062 and earlier does not set the autocomplete tag to off on web pages using a password field, which might allow physically proximate attackers to obtain the... |
| CVE-2009-5101 | 2011-09-13 | Pentaho BI Server 1.7.0.1062 and earlier includes the session ID (JSESSIONID) in the URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic. |
| CVE-2009-5097 | 2011-09-13 | Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, which allows remote attackers to execute arbitrary JavaScript, as demonstrated by reading PalmDatabase.db3. |
| CVE-2010-4834 | 2011-09-13 | Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter... |
| CVE-2010-4835 | 2011-09-13 | Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report... |
| CVE-2010-4836 | 2011-09-13 | Cross-site scripting (XSS) vulnerability in register.html in PHPShop 2.1 EE and earlier allows remote attackers to inject arbitrary web script or HTML via the name_new parameter. |
| CVE-2010-4837 | 2011-09-13 | Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the subject parameter (title field) in a... |
| CVE-2010-4838 | 2011-09-13 | SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a... |
| CVE-2010-4839 | 2011-09-13 | SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the event_id parameter in a register action. |
| CVE-2011-2581 | 2011-09-14 | The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comments... |
| CVE-2011-2201 | 2011-09-14 | The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint... |
| CVE-2011-2595 | 2011-09-14 | Multiple stack-based buffer overflows in ACDSee FotoSlate 4.0 Build 146 allow remote attackers to execute arbitrary code via a long id parameter in a (1) String or (2) Int tag... |
| CVE-2011-3208 | 2011-09-14 | Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a... |
| CVE-2011-3481 | 2011-09-14 | The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference... |
| CVE-2011-0653 | 2011-09-15 | Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI,... |
| CVE-2011-1353 | 2011-09-15 | Unspecified vulnerability in Adobe Reader 10.x before 10.1.1 on Windows allows local users to gain privileges via unknown vectors. |
| CVE-2011-1890 | 2011-09-15 | Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka... |
| CVE-2011-1891 | 2011-09-15 | Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified... |
| CVE-2011-1892 | 2011-09-15 | Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove... |
| CVE-2011-1893 | 2011-09-15 | Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or... |
| CVE-2011-1980 | 2011-09-15 | Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated... |
| CVE-2011-1982 | 2011-09-15 | Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code... |
| CVE-2011-1984 | 2011-09-15 | WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka... |
| CVE-2011-1986 | 2011-09-15 | Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability." |
| CVE-2011-1987 | 2011-09-15 | Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004,... |
| CVE-2011-1988 | 2011-09-15 | Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office... |
| CVE-2011-1989 | 2011-09-15 | Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for... |
| CVE-2011-1990 | 2011-09-15 | Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint... |
| CVE-2011-1991 | 2011-09-15 | Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7... |
| CVE-2011-2431 | 2011-09-15 | Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "security bypass vulnerability." |
| CVE-2011-2432 | 2011-09-15 | Buffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified... |
| CVE-2011-2433 | 2011-09-15 | Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability... |
| CVE-2011-2434 | 2011-09-15 | Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability... |
| CVE-2011-2435 | 2011-09-15 | Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors. |
| CVE-2011-2436 | 2011-09-15 | Heap-based buffer overflow in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified... |
| CVE-2011-2437 | 2011-09-15 | Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability... |
| CVE-2011-2438 | 2011-09-15 | Multiple stack-based buffer overflows in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via... |
| CVE-2011-2439 | 2011-09-15 | Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "memory leakage condition vulnerability." |
| CVE-2011-2440 | 2011-09-15 | Use-after-free vulnerability in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors. |
| CVE-2011-2441 | 2011-09-15 | Multiple stack-based buffer overflows in CoolType.dll in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors. |