CyberSec.Space Logo
返回 CVE 浏览器

CVE-2010-2883

Known Exploited (CISA KEV)HIGH
7.3
CVSS Severity Score
EPSS Score28.3680%
EPSS Percentile90.68th
Published2010年9月9日
Last Modified2026年4月21日

Vulnerability Description

Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

📦
Adobe

Acrobat

>= 8.0 and < 8.2.5
📦
Adobe

Acrobat

>= 9.0 and < 9.4
📦
Adobe

Acrobat Reader

>= 8.0 and < 8.2.5
📦
Adobe

Acrobat Reader

>= 9.0 and < 9.4

References & Advisories

🔗 http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html
🔗 http://community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspx
🔗 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
🔗 http://secunia.com/advisories/41340
🔗 http://secunia.com/advisories/43025
🔗 http://security.gentoo.org/glsa/glsa-201101-08.xml
🔗 http://www.adobe.com/support/security/advisories/apsa10-02.html

相关漏洞威胁

CVE-2004-063110.0

Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions...

CVE-2004-115210.0

Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary c...

CVE-2004-063010.0

The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those bef...

CVE-2004-115310.0

Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (appl...