CVE-2010-2883 — HIGH (7.3) — White Hats Nepal

Q: How severe is CVE-2010-2883?

CVE-2010-2883 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-2883?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Acrobat, Apple Macos, Microsoft Windows, Adobe Acrobat Reader.

Vulnerability Description

Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.

CVSS Score

7.3

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Adobe	Acrobat	>= 8.0, < 8.2.5
Apple	Macos	-
Microsoft	Windows	-
Adobe	Acrobat Reader	>= 8.0, < 8.2.5

Related Weaknesses (CWE)

CWE-787

References

http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.htmlBroken Link
http://community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysBroken Link
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.htmlBroken Link
http://secunia.com/advisories/41340Broken LinkVendor Advisory
http://secunia.com/advisories/43025Broken LinkVendor Advisory
http://security.gentoo.org/glsa/glsa-201101-08.xmlThird Party Advisory
http://www.adobe.com/support/security/advisories/apsa10-02.htmlVendor Advisory
http://www.adobe.com/support/security/bulletins/apsb10-21.htmlVendor Advisory
http://www.kb.cert.org/vuls/id/491991Third Party AdvisoryUS Government Resource
http://www.redhat.com/support/errata/RHSA-2010-0743.htmlBroken Link
http://www.securityfocus.com/bid/43057Broken LinkThird Party AdvisoryVDB Entry
http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txtBroken Link
http://www.us-cert.gov/cas/techalerts/TA10-279A.htmlThird Party AdvisoryUS Government Resource
http://www.vupen.com/english/advisories/2010/2331Broken LinkVendor Advisory

FAQ

What is CVE-2010-2883?

CVE-2010-2883 is a vulnerability with a CVSS score of 7.3 (HIGH). Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denia...

How severe is CVE-2010-2883?

CVE-2010-2883 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-2883?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Acrobat, Apple Macos, Microsoft Windows, Adobe Acrobat Reader.