Lucene search

[email protected]CVE-2010-2862

HistoryAug 05, 2010 - 6:17 p.m.

CVE-2010-2862

2010-08-0518:17:58

CWE-189

[email protected]

web.nvd.nist.gov

cve-2010-2862

adobe reader

integer overflow

cooltype.dll

truetype font

arbitrary code

remote execution

7.7 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.902 High

EPSS

Percentile

98.8%

JSON

Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.

Affected configurations

NVD

Node

adobeacrobat_readerMatch8.2.3

adobeacrobat_readerMatch9.3.3

Node

adobeacrobatMatch9.3.3

CPENameOperatorVersion
adobe:acrobat_readeradobe acrobat readereq8.2.3
adobe:acrobat_readeradobe acrobat readereq9.3.3

CPE	Name	Operator	Version
adobe:acrobat_reader	adobe acrobat reader	eq	8.2.3
adobe:acrobat_reader	adobe acrobat reader	eq	9.3.3

References

secunia.com/advisories/40766

securityevaluators.com/files/papers/CrashAnalysis.pdf

www.us-cert.gov/cas/techalerts/TA10-231A.html

www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693

7.7 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.902 High

EPSS

Percentile

98.8%

JSON

Related for CVE-2010-2862

checkpoint_advisories2 threatpost5 cvelist1 openvas6 nvd1 prion1 nessus10 redhat1 suse1