Vulnerability Details CVE-2010-2883
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.932
EPSS Ranking 99.8%
CVSS Severity
CVSS v3 Score 7.3
CVSS v2 Score 9.3
Proposed Action
Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Ransomware Campaign
Unknown
References
- http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html
- http://community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspx
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
- http://secunia.com/advisories/41340
- http://secunia.com/advisories/43025
- http://security.gentoo.org/glsa/glsa-201101-08.xml
- http://www.adobe.com/support/security/advisories/apsa10-02.html
- http://www.adobe.com/support/security/bulletins/apsb10-21.html
- http://www.kb.cert.org/vuls/id/491991
- http://www.redhat.com/support/errata/RHSA-2010-0743.html
- http://www.securityfocus.com/bid/43057
- http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt
- http://www.us-cert.gov/cas/techalerts/TA10-279A.html
- http://www.vupen.com/english/advisories/2010/2331
- http://www.vupen.com/english/advisories/2011/0191
- http://www.vupen.com/english/advisories/2011/0344
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61635
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11586
- http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html
- http://community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspx
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
- http://secunia.com/advisories/41340
- http://secunia.com/advisories/43025
- http://security.gentoo.org/glsa/glsa-201101-08.xml
- http://www.adobe.com/support/security/advisories/apsa10-02.html
- http://www.adobe.com/support/security/bulletins/apsb10-21.html
- http://www.kb.cert.org/vuls/id/491991
- http://www.redhat.com/support/errata/RHSA-2010-0743.html
- http://www.securityfocus.com/bid/43057
- http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt
- http://www.us-cert.gov/cas/techalerts/TA10-279A.html
- http://www.vupen.com/english/advisories/2010/2331
- http://www.vupen.com/english/advisories/2011/0191
- http://www.vupen.com/english/advisories/2011/0344
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61635
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11586
Products affected by CVE-2010-2883
-
cpe:2.3:a:adobe:acrobat:8.0
-
cpe:2.3:a:adobe:acrobat:8.0.0
-
cpe:2.3:a:adobe:acrobat:8.1
-
cpe:2.3:a:adobe:acrobat:8.1.1
-
cpe:2.3:a:adobe:acrobat:8.1.2
-
cpe:2.3:a:adobe:acrobat:8.1.3
-
cpe:2.3:a:adobe:acrobat:8.1.4
-
cpe:2.3:a:adobe:acrobat:8.1.5
-
cpe:2.3:a:adobe:acrobat:8.1.6
-
cpe:2.3:a:adobe:acrobat:8.1.7
-
cpe:2.3:a:adobe:acrobat:8.2
-
cpe:2.3:a:adobe:acrobat:8.2.1
-
cpe:2.3:a:adobe:acrobat:8.2.2
-
cpe:2.3:a:adobe:acrobat:8.2.3
-
cpe:2.3:a:adobe:acrobat:8.2.4
-
cpe:2.3:a:adobe:acrobat:9.0
-
cpe:2.3:a:adobe:acrobat:9.1
-
cpe:2.3:a:adobe:acrobat:9.1.1
-
cpe:2.3:a:adobe:acrobat:9.1.2
-
cpe:2.3:a:adobe:acrobat:9.1.3
-
cpe:2.3:a:adobe:acrobat:9.2
-
cpe:2.3:a:adobe:acrobat:9.3
-
cpe:2.3:a:adobe:acrobat:9.3.1
-
cpe:2.3:a:adobe:acrobat:9.3.2
-
cpe:2.3:a:adobe:acrobat:9.3.3
-
cpe:2.3:a:adobe:acrobat:9.3.4
-
cpe:2.3:a:adobe:acrobat_reader:8.0
-
cpe:2.3:a:adobe:acrobat_reader:8.1
-
cpe:2.3:a:adobe:acrobat_reader:8.1.1
-
cpe:2.3:a:adobe:acrobat_reader:8.1.2
-
cpe:2.3:a:adobe:acrobat_reader:8.1.3
-
cpe:2.3:a:adobe:acrobat_reader:8.1.4
-
cpe:2.3:a:adobe:acrobat_reader:8.1.5
-
cpe:2.3:a:adobe:acrobat_reader:8.1.6
-
cpe:2.3:a:adobe:acrobat_reader:8.1.7
-
cpe:2.3:a:adobe:acrobat_reader:8.2
-
cpe:2.3:a:adobe:acrobat_reader:8.2.1
-
cpe:2.3:a:adobe:acrobat_reader:8.2.2
-
cpe:2.3:a:adobe:acrobat_reader:8.2.3
-
cpe:2.3:a:adobe:acrobat_reader:8.2.4
-
cpe:2.3:a:adobe:acrobat_reader:9.0
-
cpe:2.3:a:adobe:acrobat_reader:9.1
-
cpe:2.3:a:adobe:acrobat_reader:9.1.1
-
cpe:2.3:a:adobe:acrobat_reader:9.1.2
-
cpe:2.3:a:adobe:acrobat_reader:9.1.3
-
cpe:2.3:a:adobe:acrobat_reader:9.2
-
cpe:2.3:a:adobe:acrobat_reader:9.3
-
cpe:2.3:a:adobe:acrobat_reader:9.3.1
-
cpe:2.3:a:adobe:acrobat_reader:9.3.2
-
cpe:2.3:a:adobe:acrobat_reader:9.3.3
-
cpe:2.3:a:adobe:acrobat_reader:9.3.4
-
cpe:2.3:o:apple:macos:-
-
cpe:2.3:o:microsoft:windows:-