VDB
GSD-2010-2883
GSD-2010-2883
PUBLISHED
CVSS 7.300000190734863 HIGH
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.
Risk Scores
CVSS v3.1
7.300000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
Timeline
- Sep 9, 2010 CVE Published
- Sep 20, 2010 PoC Published
- Sep 25, 2010 PoC Published
- Jan 26, 2016 PoC Published
- May 29, 2018 PoC Published
- Oct 9, 2020 PoC Published
- Oct 9, 2020 PoC Published
- Oct 9, 2020 PoC Published
- Oct 9, 2020 PoC Published
- Jul 2, 2021 PoC Published
- Jan 24, 2023 PoC Published
- Jun 14, 2023 PoC Published
References
- SUSE-SA:2010:048 vendor-advisory
- ADV-2011-0191 vdb
- oval:org.mitre.oval:def:11586 vdb
- http://www.adobe.com/support/security/advisories/apsa10-02.html url
- 43025 third-party-advisory
- ADV-2011-0344 vdb
- ADV-2010-2331 vdb
- RHSA-2010:0743 vendor-advisory
- http://www.adobe.com/support/security/bulletins/apsb10-21.html url
- TA10-279A third-party-advisory
- 41340 third-party-advisory
- http://community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspx url
- adobe-reader-cooltype-code-execution(61635) vdb
- http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html url
- 43057 vdb
- TLSA-2011-2 vendor-advisory
- SUSE-SR:2010:019 vendor-advisory
- GLSA-201101-08 advisory
- VU#491991 advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2883 advisory