CyberSec.Space Logo
Back to CVE Browser

CVE-2010-2883

Known Exploited (CISA KEV)HIGH
7.3
CVSS Severity Score
EPSS Score28.3680%
EPSS Percentile90.68th
PublishedSep 9, 2010
Last ModifiedApr 21, 2026

Vulnerability Description

Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

πŸ“¦
Adobe

Acrobat

>= 8.0 and < 8.2.5
πŸ“¦
Adobe

Acrobat

>= 9.0 and < 9.4
πŸ“¦
Adobe

Acrobat Reader

>= 8.0 and < 8.2.5
πŸ“¦
Adobe

Acrobat Reader

>= 9.0 and < 9.4

References & Advisories

πŸ”— http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html
πŸ”— http://community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspx
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
πŸ”— http://secunia.com/advisories/41340
πŸ”— http://secunia.com/advisories/43025
πŸ”— http://security.gentoo.org/glsa/glsa-201101-08.xml
πŸ”— http://www.adobe.com/support/security/advisories/apsa10-02.html

Related Vulnerabilities

CVE-2004-063110.0

Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions...

CVE-2004-115210.0

Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary c...

CVE-2004-063010.0

The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those bef...

CVE-2004-115310.0

Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (appl...