CVE-2010-2883

Warning

EPSS 93%
Published 09.09.2010 22:00:02
Last modified 11.04.2025 00:51:21
Source psirt@adobe.com
Teams watchlist Login
Open Login

Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.

Affected products Warnungen 1 Metrics 4 CWE 1 References 22

Data is provided by the National Vulnerability Database (NVD)

Adobe ≫ Acrobat Version >= 8.0 < 8.2.5

Apple ≫ macOS Version-
Microsoft ≫ Windows Version-

Adobe ≫ Acrobat Version >= 9.0 < 9.4

Apple ≫ macOS Version-
Microsoft ≫ Windows Version-

Adobe ≫ Acrobat Reader Version >= 8.0 < 8.2.5

Apple ≫ macOS Version-
Microsoft ≫ Windows Version-

Adobe ≫ Acrobat Reader Version >= 9.0 < 9.4

Apple ≫ macOS Version-
Microsoft ≫ Windows Version-

08.06.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability

Vulnerability

Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	93%	0.998

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.3	1.3	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.3	1.3	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H