CVE-2010-2883
high-risk
Published 2010-09-09
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.
Do I need to act?
!
93.2% chance of exploitation in next 30 days
EPSS score — higher than 7% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.3/10
High
LOCAL
/ LOW complexity
Affected Products (2)
Affected Vendors
References (39)
Broken Link
http://secunia.com/advisories/41340
Broken Link
http://secunia.com/advisories/43025
Third Party Advisory
http://security.gentoo.org/glsa/glsa-201101-08.xml
Vendor Advisory
http://www.adobe.com/support/security/advisories/apsa10-02.html
Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb10-21.html
Third Party Advisory
http://www.kb.cert.org/vuls/id/491991
Broken Link
http://www.securityfocus.com/bid/43057
Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA10-279A.html
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/61635
and 19 more references
64
/ 100
high-risk
Severity
23/34 · High
Exploitability
34/34 · Critical
Exposure
7/34 · Low