Adobe Reader CoolType.dll buffer overflow

2010-09-17T00:00:00
ID SAINT:863FBE57AF40D9EA045132B4DB784042
Type saint
Reporter SAINT Corporation
Modified 2010-09-17T00:00:00

Description

Added: 09/17/2010
CVE: CVE-2010-2883
BID: 43057
OSVDB: 67849

Background

Adobe Reader is free software for viewing PDF documents.

Problem

A buffer overflow in the CoolType.dll module allows command execution when a user opens a PDF document containing a long, specially crafted field in a SING table within a TrueType font.

Resolution

Apply the fix referenced in APSA10-02 when available.

References

<http://secunia.com/advisories/41340>

Limitations

Exploit works on Adobe Reader 9.3.4 and requires a user to open the exploit file.

The IO::Uncompress and Compress::Zlib PERL modules must be installed on the SAINTexploit host in order to run this exploit.

Platforms

Windows