Lucene search

[email protected]NVD:CVE-2010-2883

HistorySep 09, 2010 - 10:00 p.m.

CVE-2010-2883

2010-09-0922:00:02

CWE-119

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

Low

0.596 Medium

EPSS

Percentile

97.8%

JSON

Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

adobeacrobatRange≤9.3.4

adobeacrobatMatch8.0

adobeacrobatMatch8.1

adobeacrobatMatch8.1.1

adobeacrobatMatch8.1.2

adobeacrobatMatch8.1.3

adobeacrobatMatch8.1.4

adobeacrobatMatch8.1.5

adobeacrobatMatch8.1.6

adobeacrobatMatch8.1.7

adobeacrobatMatch8.2

adobeacrobatMatch8.2.1

adobeacrobatMatch8.2.2

adobeacrobatMatch8.2.4

adobeacrobatMatch9.0

adobeacrobatMatch9.1

adobeacrobatMatch9.1.1

adobeacrobatMatch9.1.2

adobeacrobatMatch9.1.3

adobeacrobatMatch9.2

adobeacrobatMatch9.3

adobeacrobatMatch9.3.1

adobeacrobatMatch9.3.2

adobeacrobatMatch9.3.3

AND

applemac_os_x

microsoftwindows

Node

adobeacrobat_readerRange≤9.3.4

adobeacrobat_readerMatch8.0

adobeacrobat_readerMatch8.1

adobeacrobat_readerMatch8.1.1

adobeacrobat_readerMatch8.1.2

adobeacrobat_readerMatch8.1.4

adobeacrobat_readerMatch8.1.5

adobeacrobat_readerMatch8.1.6

adobeacrobat_readerMatch8.1.7

adobeacrobat_readerMatch8.2.1

adobeacrobat_readerMatch8.2.2

adobeacrobat_readerMatch8.2.3

adobeacrobat_readerMatch8.2.4

adobeacrobat_readerMatch9.0

adobeacrobat_readerMatch9.1

adobeacrobat_readerMatch9.1.1

adobeacrobat_readerMatch9.1.2

adobeacrobat_readerMatch9.1.3

adobeacrobat_readerMatch9.2

adobeacrobat_readerMatch9.3

adobeacrobat_readerMatch9.3.1

adobeacrobat_readerMatch9.3.2

adobeacrobat_readerMatch9.3.3

AND

applemac_os_x

microsoftwindows

References

blog.metasploit.com/2010/09/return-of-unpublished-adobe.html

community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspx

lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html

lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

secunia.com/advisories/41340

secunia.com/advisories/43025

security.gentoo.org/glsa/glsa-201101-08.xml

www.adobe.com/support/security/advisories/apsa10-02.html

www.adobe.com/support/security/bulletins/apsb10-21.html

www.kb.cert.org/vuls/id/491991

www.redhat.com/support/errata/RHSA-2010-0743.html

www.securityfocus.com/bid/43057

www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt

www.us-cert.gov/cas/techalerts/TA10-279A.html

www.vupen.com/english/advisories/2010/2331

www.vupen.com/english/advisories/2011/0191

www.vupen.com/english/advisories/2011/0344

exchange.xforce.ibmcloud.com/vulnerabilities/61635

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11586

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

Low

0.596 Medium

EPSS

Percentile

97.8%

JSON

Related for NVD:CVE-2010-2883

saint4 metasploit2 cisa_kev1 cert1 prion1 canvas1 thn2 attackerkb1 seebug1 openvas8 threatpost5 cve1 packetstorm1 checkpoint_advisories2 cvelist1 exploitdb2 nessus11 gentoo1 redhat1 suse1 securityvulns2