CVE-2010-2883

{"id": "CVE-2010-2883", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}]}, "published": "2010-09-09T22:00:02.250", "references": [{"url": "http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspx", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://secunia.com/advisories/41340", "tags": ["Broken Link", "Vendor Advisory"], "source": "psirt@adobe.com"}, {"url": "http://secunia.com/advisories/43025", "tags": ["Broken Link", "Vendor Advisory"], "source": "psirt@adobe.com"}, {"url": "http://security.gentoo.org/glsa/glsa-201101-08.xml", "tags": ["Third Party Advisory"], "source": "psirt@adobe.com"}, {"url": "http://www.adobe.com/support/security/advisories/apsa10-02.html", "tags": ["Vendor Advisory"], "source": "psirt@adobe.com"}, {"url": "http://www.adobe.com/support/security/bulletins/apsb10-21.html", "tags": ["Vendor Advisory"], "source": "psirt@adobe.com"}, {"url": "http://www.kb.cert.org/vuls/id/491991", "tags": ["Third Party Advisory", "US Government Resource"], "source": "psirt@adobe.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0743.html", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.securityfocus.com/bid/43057", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "psirt@adobe.com"}, {"url": "http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA10-279A.html", "tags": ["Third Party Advisory", "US Government Resource"], "source": "psirt@adobe.com"}, {"url": "http://www.vupen.com/english/advisories/2010/2331", "tags": ["Broken Link", "Vendor Advisory"], "source": "psirt@adobe.com"}, {"url": "http://www.vupen.com/english/advisories/2011/0191", "tags": ["Broken Link", "Vendor Advisory"], "source": "psirt@adobe.com"}, {"url": "http://www.vupen.com/english/advisories/2011/0344", "tags": ["Broken Link", "Vendor Advisory"], "source": "psirt@adobe.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61635", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@adobe.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11586", "tags": ["Broken Link"], "source": "psirt@adobe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la biblioteca CoolType.dll en Adobe Reader y Acrobat versi\u00f3n 9.x anterior a 9.4 y versi\u00f3n 8.x anterior a 8.2.5 en Windows y Mac OS X, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) por medio de un documento PDF con un campo largo en una tabla Smart INdependent Glyphlets (SING) en una fuente TTF, tal y como se explot\u00f3 \u201cin the wild\u201d en septiembre de 2010. NOTA: algunos de estos datos se consiguen de la informaci\u00f3n de terceros."}], "lastModified": "2024-06-28T14:16:27.380", "cisaActionDue": "2022-06-22", "cisaExploitAdd": "2022-06-08", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38C52D23-D5BD-4325-ABA9-FA14F07AF54F", "versionEndExcluding": "8.2.5", "versionStartIncluding": "8.0"}, {"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAC4A665-19CA-495D-A00F-6B42EA627E0F", "versionEndExcluding": "9.4", "versionStartIncluding": "9.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B742E5CB-5047-4E30-BE12-B5C3EB428503", "versionEndExcluding": "8.2.5", "versionStartIncluding": "8.0"}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49CF11ED-51D6-4376-8AB3-B062EFAE945F", "versionEndExcluding": "9.4", "versionStartIncluding": "9.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "evaluatorImpact": "Per: http://www.adobe.com/support/security/advisories/apsa10-02.html\r\n\r\n\r\n'Affected software versions\r\n\r\nAdobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh.'", "sourceIdentifier": "psirt@adobe.com", "evaluatorSolution": "Per: http://www.adobe.com/support/security/advisories/apsa10-02.html\r\n\r\n'Adobe is in the process of evaluating the schedule for an update to resolve this vulnerability.'", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability"}