Lucene search

K

SAINT CorporationSAINT:5ABFB6A96BA9FBA98D7E0D7B84F21EE8

HistoryMar 22, 2010 - 12:00 a.m.

Adobe Reader Libtiff TIFFFetchShortPair Stack Buffer Overflow

2010-03-2200:00:00

SAINT Corporation

my.saintcorporation.com

21

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

Added: 03/22/2010
CVE: CVE-2010-0188
BID: 38195
OSVDB: 62526

Background

Adobe Reader is free software for viewing PDF documents.

Problem

A stack buffer overflow vulnerability allows command execution when a user opens a PDF file with an embedded TIFF image that has one of several fields encoded as a short integer with an overly long data count field.

Resolution

Upgrade to Adobe Reader 8.x version greater than 8.2.1 or 9.x version greater than 9.3.1.

References

<http://www.adobe.com/support/security/bulletins/apsb10-07.html>

Limitations

Exploit works on Adobe Reader 9.3 and requires a user to open the exploit file in Adobe Reader. The vulnerability is triggered when the file is closed.
It may take relatively longer time to establish a shell session as this exploit needs to search the memory to find the shell code.

Platforms

Windows

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

Related for SAINT:5ABFB6A96BA9FBA98D7E0D7B84F21EE8

saint3 threatpost15 prion1 checkpoint_advisories3 ubuntucve1 seebug2 attackerkb1 cisa_kev1 packetstorm2 canvas1 securityvulns2 cve1 redhat1 nessus10 thn3 symantec1 openvas5 securelist1 gentoo1