CVE-2010-2883
CVE-2010-2883
In short
Adobe Reader and Acrobat versions 8 and 9 have a flaw in how they handle certain fonts embedded in PDF files. An attacker can craft a malicious PDF that crashes the application or runs malicious code when opened.
Technical detail
Stack-based buffer overflow in CoolType.dll triggered by specially crafted SING table entries in TTF fonts embedded within PDF documents. Exploitation requires user interaction (opening a PDF) and affects Adobe Reader/Acrobat 8.x and 9.x on Windows and Mac OS X, allowing arbitrary code execution or denial of service.
Summary generated and translated by AI from the official description.
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 3
githubgithub.com/avielzecharia/CVE-2010-2883★ 1exploitdbwww.exploit-db.com/exploits/16619unverifiedexploitdbwww.exploit-db.com/exploits/16494unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.htmlhttp://community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspxhttp://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.htmlhttp://secunia.com/advisories/41340http://secunia.com/advisories/43025http://security.gentoo.org/glsa/glsa-201101-08.xmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/61635https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11586https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2883http://www.adobe.com/support/security/advisories/apsa10-02.htmlhttp://www.adobe.com/support/security/bulletins/apsb10-21.html