CVE-2010-2883
8 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.713 High
EPSS
Percentile
98.1%
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.
References
blog.metasploit.com/2010/09/return-of-unpublished-adobe.html
community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspx
lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html
lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
secunia.com/advisories/41340
secunia.com/advisories/43025
security.gentoo.org/glsa/glsa-201101-08.xml
www.adobe.com/support/security/advisories/apsa10-02.html
www.adobe.com/support/security/bulletins/apsb10-21.html
www.kb.cert.org/vuls/id/491991
www.redhat.com/support/errata/RHSA-2010-0743.html
www.securityfocus.com/bid/43057
www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt
www.us-cert.gov/cas/techalerts/TA10-279A.html
www.vupen.com/english/advisories/2010/2331
www.vupen.com/english/advisories/2011/0191
www.vupen.com/english/advisories/2011/0344
exchange.xforce.ibmcloud.com/vulnerabilities/61635
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11586
Related
8 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.713 High
EPSS
Percentile
98.1%