Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2010-2862

Published: 05/08/2010 Updated: 19/09/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Acrobat Reader

Vulnerability Summary

Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote malicious users to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.

Vulnerable Product Search on Vulmon Subscribe to Product

adobe acrobat reader 8.2.3

adobe acrobat reader 9.3.3

adobe acrobat 9.3.3

Vendor Advisories

Red Hat: Critical: acroread security update
Synopsis Critical: acroread security update Type/Severity Security Advisory: Critical Topic Updated acroread packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 4 Extras and Red Hat EnterpriseLinux 5 SupplementaryThe Red Hat Security Response Team has rated this update ...

Exploits

Exploit DB: Acrobat Acrobat - Font Parsing Integer Overflow
From the authors site: In this article, I'm going to share with you my observations and analysis on recent Adobe Acrobat Font Parsing vulnerability Source document exists here: securityevaluatorscom/files/papers/CrashAnalysispdf (page 51-58) After reading the paper, I started studying the TTF format After initial research, I wrote thi ...

Recent Articles

Adobe plans emergency patch for critical Reader bug
The Register • Dan Goodin • 05 Aug 2010

That was fast

Adobe plans to release an emergency update patching a critical vulnerability in its ubiquitous Reader application that was disclosed at last week's Black Hat security conference in Las Vegas. The fix will be made available during the week of August 16 for Windows, Mac OS X, and Unix versions of Adobe Reader 9.3.3, company officials said on Thursday. It will patch a hole that security researcher Charlie Miller disclosed during a talk demonstrating a tool called BitBlaze, which streamlines the ana...

Read more...

References

CWE-189http://secunia.com/advisories/40766http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/http://securityevaluators.com/files/papers/CrashAnalysis.pdfhttp://www.us-cert.gov/cas/techalerts/TA10-231A.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693https://access.redhat.com/errata/RHSA-2010:0636https://nvd.nist.govhttps://www.exploit-db.com/exploits/14642/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook