CVE-2010-2883
Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
YesDecision
Descriptions
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.
Un desbordamiento de búfer en la región stack de la memoria en la biblioteca CoolType.dll en Adobe Reader y Acrobat versión 9.x anterior a 9.4 y versión 8.x anterior a 8.2.5 en Windows y Mac OS X, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de un documento PDF con un campo largo en una tabla Smart INdependent Glyphlets (SING) en una fuente TTF, tal y como se explotó “in the wild” en septiembre de 2010. NOTA: algunos de estos datos se consiguen de la información de terceros.
Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-07-27 CVE Reserved
- 2010-09-09 CVE Published
- 2010-09-20 First Exploit
- 2022-06-08 Exploited in Wild
- 2022-06-22 KEV Due Date
- 2024-08-07 CVE Updated
- 2024-10-27 EPSS Updated
CWE
- CWE-121: Stack-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (23)
| URL | Tag | Source |
|---|---|---|
| http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html | Broken Link | |
| http://community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspx | Broken Link | |
| http://www.kb.cert.org/vuls/id/491991 | Third Party Advisory |
|
| http://www.securityfocus.com/bid/43057 | Broken Link | |
| http://www.us-cert.gov/cas/techalerts/TA10-279A.html | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/61635 | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11586 | Broken Link |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/16619 | 2010-09-25 | |
| https://www.exploit-db.com/exploits/16494 | 2010-09-20 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | >= 8.0 < 8.2.5 Search vendor "Adobe" for product "Acrobat" and version " >= 8.0 < 8.2.5" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | >= 8.0 < 8.2.5 Search vendor "Adobe" for product "Acrobat" and version " >= 8.0 < 8.2.5" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | >= 9.0 < 9.4 Search vendor "Adobe" for product "Acrobat" and version " >= 9.0 < 9.4" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | >= 9.0 < 9.4 Search vendor "Adobe" for product "Acrobat" and version " >= 9.0 < 9.4" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | >= 8.0 < 8.2.5 Search vendor "Adobe" for product "Acrobat Reader" and version " >= 8.0 < 8.2.5" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | >= 8.0 < 8.2.5 Search vendor "Adobe" for product "Acrobat Reader" and version " >= 8.0 < 8.2.5" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | >= 9.0 < 9.4 Search vendor "Adobe" for product "Acrobat Reader" and version " >= 9.0 < 9.4" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | >= 9.0 < 9.4 Search vendor "Adobe" for product "Acrobat Reader" and version " >= 9.0 < 9.4" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|