9.3
CVSSv2

CVE-2010-2883

Published: 09/09/2010 Updated: 30/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 1000
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x prior to 9.4, and 8.x prior to 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.

Vulnerability Trend

Affected Products

Vendor Product Versions
AdobeAcrobat8.0, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2, 8.2.1, 8.2.2, 8.2.4, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1, 9.3.2, 9.3.3, 9.3.4
AdobeAcrobat Reader8.0, 8.1, 8.1.1, 8.1.2, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1, 9.3.2, 9.3.3, 9.3.4

Vendor Advisories

Synopsis Critical: acroread security update Type/Severity Security Advisory: Critical Topic Updated acroread packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 4 Extras and Red Hat EnterpriseLinux 5 SupplementaryThe Red Hat Security Response Team has rated this update ...

Exploits

## # $Id: adobe_cooltype_singrb 10394 2010-09-20 08:06:27Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' re ...
## # $Id: adobe_cooltype_singrb 10477 2010-09-25 11:59:02Z mc $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' requi ...

Mailing Lists

This Metasploit module exploits a vulnerability in the Smart INdependent Glyplets (SING) table handling within versions 824 and 934 of Adobe Reader Prior version are assumed to be vulnerable as well ...

Metasploit Modules

Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow

This module exploits a vulnerability in the Smart INdependent Glyplets (SING) table handling within versions 8.2.4 and 9.3.4 of Adobe Reader. Prior versions are assumed to be vulnerable as well.

msf > use exploit/windows/browser/adobe_cooltype_sing
      msf exploit(adobe_cooltype_sing) > show targets
            ...targets...
      msf exploit(adobe_cooltype_sing) > set TARGET <target-id>
      msf exploit(adobe_cooltype_sing) > show options
            ...show and set options...
      msf exploit(adobe_cooltype_sing) > exploit
Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow

This module exploits a vulnerability in the Smart INdependent Glyplets (SING) table handling within versions 8.2.4 and 9.3.4 of Adobe Reader. Prior versions are assumed to be vulnerable as well.

msf > use exploit/windows/fileformat/adobe_cooltype_sing
      msf exploit(adobe_cooltype_sing) > show targets
            ...targets...
      msf exploit(adobe_cooltype_sing) > set TARGET <target-id>
      msf exploit(adobe_cooltype_sing) > show options
            ...show and set options...
      msf exploit(adobe_cooltype_sing) > exploit

Github Repositories

myblog 我的博客 &lt;ul&gt; &lt;li id="by201902220001" class="p10 mb20 box-shadow"&gt; &lt;dl&gt; &lt;dt&gt; &lt;a href="/article/201902220001" class="" title="CVE-2010-2883"&gt;CVE-2010-2883&lt;/a&gt; &lt;/dt&gt; &lt;dd&gt; &lt;p

各种CVE的复现,部分包括fuzzer样例。

CVE 这里有我复现过的一些漏洞资源,欢迎下载,漏洞的复现过程在我的博客或者csdn上都有,欢迎交流

ROP Collection A collection of ROP exploits and programs from the "Static Analysis of ROP Code" paper (EuroSec '19) This repository (we are working behind the scenes, please bear with us) aims at providing for each hosted ROP payload detailed information on the vulnerable application or vector and the characteristics of the chain, including: reference links for

articles 个人博客。 本职工作从事恶意代码分析,时间有限,记录业余兴趣研究 fuzzing系列 基于protobuf构建fuzzer(libpng) opessl fuzzing测试学习过程 pwn DynELF leak函数导致堆栈不平衡 Linux x64 pwn 学习 恶意代码分析 记录一次恶心混淆之静态配置解密的处理 漏洞分析 tcpdump 451 crash 深入分析 CoolPlayer

Recent Articles

The Spring Dragon APT
Securelist • Kurt Baumgartner • 17 Jun 2015

Let’s examine a couple of interesting delivery techniques from an APT active for the past several years, the Spring Dragon APT. A paper released today by our colleagues at Palo Alto Networks presented a portion of data on this crew under the label “the Lotus Blossom Operation“, likely named for the debug string present in much of the “Elise” codebase since at least 2012: “d:\lstudio\projects\lotus\…”.

The group’s capabilities are more than the much discussed CVE...

Monthly Malware Statistics, October 2010
Securelist • Vyacheslav Zakorzhevsky • 03 Nov 2010

Kaspersky Lab presents its malware rankings for October.
Overall, October was relatively quiet, although there were a few incidents worthy of note. Virus.Win32.Murofet, which infected a large number of PE files, was detected at the beginning of the month. What makes this malware interesting is that it generates links using a special algorithm based on the current date and time on the infected computer. Murofet gets the system’s current year, month, date, and minute, generates two double ...

Adobe Issues Huge Patch for Reader and Acrobat
Threatpost • Paul Roberts • 06 Oct 2010

UPDATE: After announcing that it was accelerating a critical patch of its Reader program last week, Adobe pushed out a large patch on Tuesday, fixing 23 separate vulnerabilities in its Reader and Acrobat applications. 
The huge quarterly security update included company issued Security Bulletin APSB10-21, patching Adobe Reader up to and including Version 9.3.4 for Windows, mac and UNIX, and Acrobat 9.3.4 for Windows and Macintosh. The patches had originally be scheduled for Oc...

Adobe to Release Critical Reader Patch Early
Threatpost • Dennis Fisher • 01 Oct 2010

Adobe is moving up the release date for the patch for the critical bug in Reader and Acrobat and will now push the fix out on Oct. 5 instead of the following week. The flaw was disclosed last month and has been the target of attacks for several weeks now.
The company said on Thursday that it has moved the patch release up by a week and as a result, Adobe won’t be releasing any other patches for Reader or Acrobat on its regularly scheduled release day of Oct. 12.
“Ado...

Adobe Exploit Bypasses ASLR and DEP, Drops Signed Malicious File
Threatpost • Dennis Fisher • 09 Sep 2010

Attackers are using a previously unknown exploitation technique that bypasses both ASLR and DEP to exploit the unpatched Adobe Reader bug that Adobe warned users about on Wednesday. The exploit works on machines running either Windows Vista or Windows 7 and is also dropping a file on compromised machines that is signed using a stolen, valid digital certificate.
Adobe published an advisory about the new Reader bug on Wednesday, but was stingy with the details, saying only that i...

New Adobe PDF Zero-Day Flaw Under Attack
Threatpost • Ryan Naraine • 08 Sep 2010

Adobe today sounded an alarm for a new zero-day flaw in its PDF Reader/Acrobat software, warning that hackers are actively exploiting the vulnerability in-the-wild.

Details on the vulnerability are not yet public but the sudden warning from Adobe is a sure sign that rigged PDF documents are being used by malicious hackers to take complete control of machines with the latest versions of Adobe Reader/Acrobat installed.
Here’s Adobe’s warning:
A critical vul...