9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.776 High
EPSS
Percentile
97.9%
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.
Recent assessments:
Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0
blog.metasploit.com/2010/09/return-of-unpublished-adobe.html
community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspx
lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html
lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
secunia.com/advisories/41340
secunia.com/advisories/43025
security.gentoo.org/glsa/glsa-201101-08.xml
www.adobe.com/support/security/advisories/apsa10-02.html
www.adobe.com/support/security/bulletins/apsb10-21.html
www.kb.cert.org/vuls/id/491991
www.redhat.com/support/errata/RHSA-2010-0743.html
www.securityfocus.com/bid/43057
www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt
www.us-cert.gov/cas/techalerts/TA10-279A.html
www.vupen.com/english/advisories/2010/2331
www.vupen.com/english/advisories/2011/0191
www.vupen.com/english/advisories/2011/0344
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2883
exchange.xforce.ibmcloud.com/vulnerabilities/61635
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11586