Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2010-2883

Published: 09/09/2010 Updated: 30/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 941
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Adobe

Vulnerability Summary

Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x prior to 9.4, and 8.x prior to 8.2.5 on Windows and Mac OS X, allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

adobe acrobat 8.1.1

adobe acrobat 8.1.4

adobe acrobat 8.2.1

adobe acrobat 8.1.7

adobe acrobat 8.1.3

adobe acrobat

adobe acrobat 9.3.3

adobe acrobat 9.1.1

adobe acrobat 8.2.4

adobe acrobat 8.1.5

adobe acrobat 9.3

adobe acrobat 9.3.2

adobe acrobat 9.3.1

adobe acrobat 9.1.2

adobe acrobat 9.2

adobe acrobat 9.1.3

adobe acrobat 8.2.2

adobe acrobat 8.1

adobe acrobat 8.1.6

adobe acrobat 8.2

adobe acrobat 9.1

adobe acrobat 9.0

adobe acrobat 8.1.2

adobe acrobat 8.0

adobe acrobat_reader 9.1.2

adobe acrobat_reader 9.1

adobe acrobat_reader 9.2

adobe acrobat_reader

adobe acrobat_reader 9.3

adobe acrobat_reader 9.3.1

adobe acrobat_reader 8.2.3

adobe acrobat_reader 8.2.1

adobe acrobat_reader 8.1.7

adobe acrobat_reader 8.1

adobe acrobat_reader 8.1.1

adobe acrobat_reader 9.3.2

adobe acrobat_reader 9.3.3

adobe acrobat_reader 8.1.6

adobe acrobat_reader 8.1.5

adobe acrobat_reader 8.1.2

adobe acrobat_reader 8.2.2

adobe acrobat_reader 9.1.3

adobe acrobat_reader 9.1.1

adobe acrobat_reader 8.1.4

adobe acrobat_reader 8.0

adobe acrobat_reader 8.2.4

adobe acrobat_reader 9.0

Vendor Advisories

Red Hat: Critical: acroread security update
Synopsis Critical: acroread security update Type/Severity Security Advisory: Critical Topic Updated acroread packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 4 Extras and Red Hat EnterpriseLinux 5 SupplementaryThe Red Hat Security Response Team has rated this update ...

Exploits

Exploit DB: Adobe Reader Smart INdependent Glyplets (SING) Table Handling Vulnerability
This Metasploit module exploits a vulnerability in the Smart INdependent Glyplets (SING) table handling within versions 824 and 934 of Adobe Reader Prior version are assumed to be vulnerable as well ...
Exploit DB: Adobe CoolType - SING Table 'uniqueName' Remote Stack Buffer Overflow (Metasploit) (1)
## # $Id: adobe_cooltype_singrb 10394 2010-09-20 08:06:27Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' re ...
Exploit DB: Adobe CoolType - SING Table 'uniqueName' Local Stack Buffer Overflow (Metasploit) (2)
## # $Id: adobe_cooltype_singrb 10477 2010-09-25 11:59:02Z mc $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' requi ...

Github Repositories

https://github.com/amliaW4/amliaW4.github.io

amliaW4's Blog

About 2014-hack-lu-oreo time:2018-6 categories:CTF \ Fastbin-Double-Free \ House-Of-Spirit 2014-hitcon-stkof 2016-bctf-bcloud 2016-hctf-fheap 2017-0ctf-babyheap 2018王鼎杯uess-ssp-leak ali-activex-imageMan chunk-extend chunk_notes CVE-2010-2553 CVE-2010-2883 CVE-2010-3333 CVE-2012-0158 defcamp-ctf-quals-2018-lucky-writeup dep double-free english-reading fastbin-attack h

https://github.com/Zhouyi827/myblog

我的博客

myblog 我的博客 <ul> <li id="by201902220001" class="p10 mb20 box-shadow"> <dl> <dt> <a href="/article/201902220001" class="" title="CVE-2010-2883">CVE-2010-2883</a> </dt> <dd> <p

Recent Articles

The Spring Dragon APT
Securelist • Kurt Baumgartner • 17 Jun 2015

Let’s examine a couple of interesting delivery techniques from an APT active for the past several years, the Spring Dragon APT. A paper released today by our colleagues at Palo Alto Networks presented a portion of data on this crew under the label “the Lotus Blossom Operation“, likely named for the debug string present in much of the “Elise” codebase since at least 2012: “d:\lstudio\projects\lotus\…”. The group’s capabilities are more than the much discussed CVE-2012-0158 ex...

Read more...
Monthly Malware Statistics, October 2010
Securelist • Vyacheslav Zakorzhevsky • 03 Nov 2010

Kaspersky Lab presents its malware rankings for October. Overall, October was relatively quiet, although there were a few incidents worthy of note. Virus.Win32.Murofet, which infected a large number of PE files, was detected at the beginning of the month. What makes this malware interesting is that it generates links using a special algorithm based on the current date and time on the infected computer. Murofet gets the system’s current year, month, date, and minute, generates two double words,...

Read more...

References

CWE-119http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.htmlhttp://www.adobe.com/support/security/advisories/apsa10-02.htmlhttp://secunia.com/advisories/41340http://www.securityfocus.com/bid/43057http://www.vupen.com/english/advisories/2010/2331http://www.kb.cert.org/vuls/id/491991http://community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspxhttp://www.adobe.com/support/security/bulletins/apsb10-21.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0743.htmlhttp://www.us-cert.gov/cas/techalerts/TA10-279A.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.htmlhttp://security.gentoo.org/glsa/glsa-201101-08.xmlhttp://www.vupen.com/english/advisories/2011/0191http://secunia.com/advisories/43025http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txthttp://www.vupen.com/english/advisories/2011/0344https://exchange.xforce.ibmcloud.com/vulnerabilities/61635https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11586https://access.redhat.com/errata/RHSA-2010:0743https://nvd.nist.govhttps://github.com/amliaW4/amliaW4.github.iohttps://www.exploit-db.com/exploits/16494/https://www.kb.cert.org/vuls/id/491991
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook