CVE: CVE-2020-3801 Tested Versions: Acrobat DC version 2019.008.20064 (Windows 10 64-bit) Product URL(s): https://acrobat.adobe.com/us/en/acrobat.html https://get.adobe.com/reader/ Description of the vulnerability Adobe Acrobat is a family of application software and Web services developed by Adobe Inc. to view, create, manipulate, print and manage files in Portable Document Format (PDF). Both Adobe Reader and Acrobat DC share the same AcroForm.api plugin: File Version 19.012.20040.17853 Adobe Reader (and Adobe Acrobat DC) has a weird “feature” that leaks heap pointer after executes Javascript when openning XFA PDF....

CVE: CVE-2020-9816 Tested Versions: macOS Catalina 10.15.1 (19B88) Product URL(s): https://apple.com Description of the vulnerability This vulnerability exists in libFontParser.dylib, which is a part of CoreGraphic library is widely used in macOS, iOS, iPadOS to parse Font. Attacker can craft an evil PDF contains malicious font could leads to remote code execution in Apple devices. The bug exists in TParsingContext::Subroutine method, which parse Subrs field in Type1 Font....

CVE: CVE-2020-2682 Tested Versions: Oracle VirtualBox 5.2.18 revision r123745 Product URL(s): https://virtualbox.org Description of the vulnerability VirtualBox is a x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. It is a solution commercially supported by Oracle, in addition to being made available as open source software. It runs on various host platforms like Windows, Linux, Mac and Solaris and also supports a large number of guest operating systems....

CVE: CVE-2020-2674 Tested Versions: Oracle VirtualBox 5.2.18 revision r123745 Product URL(s): https://virtualbox.org Description of the vulnerability VirtualBox is a x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. It is a solution commercially supported by Oracle, in addition to being made available as open source software. It runs on various host platforms like Windows, Linux, Mac and Solaris and also supports a large number of guest operating systems....

CVE: CVE-2019-16452 Tested Versions: Adobe Acrobat and Reader versions 2019.012.20035 and earlier Product URL(s): https://acrobat.adobe.com/us/en/acrobat.html https://get.adobe.com/reader/ Adobe Acrobat is a family of application software and Web services developed by Adobe Inc. to view, create, manipulate, print and manage files in Portable Document Format (PDF). The basic Acrobat Reader, available for several desktop and mobile platforms, is freeware; it supports viewing, printing and annotating of PDF files. The commercial proprietary Acrobat, available for Microsoft Windows and macOS only, can also create, edit, convert, digitally sign, encrypt, export and publish PDF files....

CVE: CVE-2020-0889 Tested Versions: msexcl40.dll 4.0.9801.17 Product URL(s): https://microsoft.com Description of the vulnerability msexcl40.dll is a part of Microsoft Jet Excel. It is responsible for processing Excel files. When opening a craft .xls file, especially when the pExcelRecordBuffer is corrupt, this will cause an Out-of-Bounds write problem. The crash occurs at msexcl40!WriteStringPool+0xa5: 0:000> r eax=25c90000 ebx=256662ec ecx=00000000 edx=00000000 esi=00000000 edi=256662ec eip=7ca9a905 esp=00f6ea8c ebp=00000000 iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246 msexcl40!...

CVE: CVE-2020-2902 Tested Versions: Microsoft Direct3D 9 Runtime version 10.0.17763.1 Product URL(s): https://microsoft.com Description of the vulnerability VirtualBox is a x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. It is a solution commercially supported by Oracle, in addition to being made available as open source software. It runs on various host platforms like Windows, Linux, Mac and Solaris and also supports a large number of guest operating systems....