AdobeCVELIST:CVE-2010-2883CVE-2010-2883
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.
References
blog.metasploit.com/2010/09/return-of-unpublished-adobe.html
community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspx
lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html
lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
secunia.com/advisories/41340
secunia.com/advisories/43025
security.gentoo.org/glsa/glsa-201101-08.xml
www.adobe.com/support/security/advisories/apsa10-02.html
www.adobe.com/support/security/bulletins/apsb10-21.html
www.kb.cert.org/vuls/id/491991
www.redhat.com/support/errata/RHSA-2010-0743.html
www.securityfocus.com/bid/43057
www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt
www.us-cert.gov/cas/techalerts/TA10-279A.html
www.vupen.com/english/advisories/2010/2331
www.vupen.com/english/advisories/2011/0191
www.vupen.com/english/advisories/2011/0344
exchange.xforce.ibmcloud.com/vulnerabilities/61635
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11586
Related
