Executive Summary

Summary
Title Adobe Reader and Acrobat Affected by Multiple Vulnerabilities
Informations
Name TA10-279A First vendor Publication 2010-10-06
Vendor US-CERT Last vendor Modification 2010-10-06
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Adobe has released Security Bulletin APSB10-21, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.

I. Description

Adobe Security Bulletin APSB10-21 describes a number of vulnerabilities affecting Adobe Reader and Acrobat. These vulnerabilities affect Reader and Acrobat 9.3.4, earlier 9.x versions, 8.2.4, and earlier 8.x versions.

An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file. The Adobe Reader browser plug-in, which can automatically open PDF documents hosted on a website, is available for multiple web browsers and operating systems.

Additional information is available in US-CERT Vulnerability Note VU#491991.

II. Impact

These vulnerabilities could allow a remote attacker to execute arbitrary code, write arbitrary files or folders to the file system, escalate local privileges, or cause a denial of service on an affected system as the result of a user opening a malicious PDF file.

III. Solution

Update

Adobe has released updates to address this issue. Users are encouraged to read Adobe Security Bulletin APSB10-21 and update vulnerable versions of Adobe Reader and Acrobat.

Disable JavaScript in Adobe Reader and Acrobat

Disabling JavaScript may prevent some exploits from resulting in code execution. Acrobat JavaScript can be disabled using the Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable Acrobat JavaScript).

Adobe provides a framework to blacklist specific JavaScipt APIs. If JavaScript must be enabled, this feature may be useful when specific APIs are known to be vulnerable or used in attacks.

Prevent Internet Explorer from automatically opening PDF files

The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to a safer option that prompts the user by importing the following as a .REG file:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\AcroExch.Document.7]
"EditFlags"=hex:00,00,00,00

Disable the display of PDF files in the web browser

Preventing PDF files from opening inside a web browser will partially mitigate this vulnerability. If this workaround is applied, it may also mitigate future vulnerabilities.

To prevent PDF files from automatically being opened in a web browser, do the following:

1. Open Adobe Acrobat Reader.
2. Open the Edit menu.
3. Choose the Preferences option.
4. Choose the Internet section.
5. Uncheck the "Display PDF in browser" checkbox.

Do not access PDF files from untrusted sources

Do not open unfamiliar or unexpected PDF files, particularly those hosted on websites or delivered as email attachments. Please see Cyber Security Tip ST04-010.

Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA10-279A.html

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
44 % CWE-20 Improper Input Validation
6 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11586
 
Oval ID: oval:org.mitre.oval:def:11586
Title: Adobe Reader and Acrobat CoolType.dll Font Parsing Buffer Overflow Vulnerability
Description: Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2883
Version: 20
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14129
 
Oval ID: oval:org.mitre.oval:def:14129
Title: DEPRECATED: Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Description: Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3623
Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Adobe Acrobat
Adobe Reader
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14195
 
Oval ID: oval:org.mitre.oval:def:14195
Title: DEPRECATED: Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
Description: Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3631
Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Adobe Acrobat
Adobe Reader
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14402
 
Oval ID: oval:org.mitre.oval:def:14402
Title: DEPRECATED: Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via a crafted image.
Description: Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via a crafted image.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3624
Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Adobe Acrobat
Adobe Reader
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14416
 
Oval ID: oval:org.mitre.oval:def:14416
Title: DEPRECATED: Multiple unspecified vulnerabilities in Adobe Reader and Acrobat 9.x before 9.4 on Linux allow attackers to gain privileges via unknown vectors.
Description: Multiple unspecified vulnerabilities in Adobe Reader and Acrobat 9.x before 9.4 on Linux allow attackers to gain privileges via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2887
Version: 12
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Adobe Acrobat
Adobe Reader
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21982
 
Oval ID: oval:org.mitre.oval:def:21982
Title: RHSA-2010:0706: flash-plugin security update (Critical)
Description: Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010.
Family: unix Class: patch
Reference(s): RHSA-2010:0706-01
CVE-2010-2884
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Product(s): flash-plugin
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22336
 
Oval ID: oval:org.mitre.oval:def:22336
Title: RHSA-2010:0743: acroread security update (Critical)
Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3632.
Family: unix Class: patch
Reference(s): RHSA-2010:0743-01
CVE-2010-2883
CVE-2010-2884
CVE-2010-2887
CVE-2010-2889
CVE-2010-2890
CVE-2010-3619
CVE-2010-3620
CVE-2010-3621
CVE-2010-3622
CVE-2010-3625
CVE-2010-3626
CVE-2010-3627
CVE-2010-3628
CVE-2010-3629
CVE-2010-3630
CVE-2010-3632
CVE-2010-3656
CVE-2010-3657
CVE-2010-3658
Version: 250
Platform(s): Red Hat Enterprise Linux 5
Product(s): acroread
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22988
 
Oval ID: oval:org.mitre.oval:def:22988
Title: ELSA-2010:0743: acroread security update (Critical)
Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3632.
Family: unix Class: patch
Reference(s): ELSA-2010:0743-01
CVE-2010-2883
CVE-2010-2884
CVE-2010-2887
CVE-2010-2889
CVE-2010-2890
CVE-2010-3619
CVE-2010-3620
CVE-2010-3621
CVE-2010-3622
CVE-2010-3625
CVE-2010-3626
CVE-2010-3627
CVE-2010-3628
CVE-2010-3629
CVE-2010-3630
CVE-2010-3632
CVE-2010-3656
CVE-2010-3657
CVE-2010-3658
Version: 81
Platform(s): Oracle Linux 5
Product(s): acroread
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23120
 
Oval ID: oval:org.mitre.oval:def:23120
Title: ELSA-2010:0706: flash-plugin security update (Critical)
Description: Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010.
Family: unix Class: patch
Reference(s): ELSA-2010:0706-01
CVE-2010-2884
Version: 6
Platform(s): Oracle Linux 5
Product(s): flash-plugin
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6772
 
Oval ID: oval:org.mitre.oval:def:6772
Title: Adobe Reader and Acrobat Prefix Protocol Handler Code Execution Vulnerability.
Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3625
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6791
 
Oval ID: oval:org.mitre.oval:def:6791
Title: Adobe Reader and Acrobat Denial of Service Vulnerability.
Description: Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3656.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3657
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6830
 
Oval ID: oval:org.mitre.oval:def:6830
Title: Adobe Reader and Acrobat Denial of Service Vulnerability.
Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2890
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6852
 
Oval ID: oval:org.mitre.oval:def:6852
Title: Adobe Flash Player, Acrobat Reader, and Acrobat Remote Code Execution Vulnerability
Description: Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2884
Version: 27
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Adobe Flash Player
Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7007
 
Oval ID: oval:org.mitre.oval:def:7007
Title: Adobe Reader and Acrobat Code Execution via crafted image Vulnerability.
Description: Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3629
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7009
 
Oval ID: oval:org.mitre.oval:def:7009
Title: Adobe Reader and Acrobat Font Parsing Code Execution Vulnerability.
Description: Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-3626.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2889
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7057
 
Oval ID: oval:org.mitre.oval:def:7057
Title: Adobe Reader and Acrobat Memory Corruption Code Execution Vulnerability.
Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3658.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3632
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7138
 
Oval ID: oval:org.mitre.oval:def:7138
Title: Adobe Reader and Acrobat Memory Corruption Code Execution Vulnerability.
Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3622
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7225
 
Oval ID: oval:org.mitre.oval:def:7225
Title: Adobe Reader and Acrobat Memory Corruption Code Execution Vulnerability.
Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3632.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3658
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7348
 
Oval ID: oval:org.mitre.oval:def:7348
Title: Adobe Reader and Acrobat ActiveX Multiple Input Validation Code Execution Vulnerabilities.
Description: Multiple unspecified vulnerabilities in an ActiveX control in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Windows allow attackers to execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2888
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7356
 
Oval ID: oval:org.mitre.oval:def:7356
Title: Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability.
Description: Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3627
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7382
 
Oval ID: oval:org.mitre.oval:def:7382
Title: Adobe Reader and Acrobat Font Parsing Code Execution Vulnerability.
Description: Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-2889.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3626
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7385
 
Oval ID: oval:org.mitre.oval:def:7385
Title: Memory Corruption via unspecified vectors vulnerability in Adobe Reader and Acrobat.
Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3619
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7386
 
Oval ID: oval:org.mitre.oval:def:7386
Title: Adobe Reader and Acrobat Memory Corruption Code Execution Vulnerability.
Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3621
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7393
 
Oval ID: oval:org.mitre.oval:def:7393
Title: Adobe Reader and Acrobat Denial of Service and Arbitrary Code Execution Vulnerability.
Description: Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3630
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7455
 
Oval ID: oval:org.mitre.oval:def:7455
Title: Adobe Reader and Acrobat Arbitrary Code Execution and Denial of Service Vulnerability.
Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3632, and CVE-2010-3658.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3628
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7484
 
Oval ID: oval:org.mitre.oval:def:7484
Title: Adobe Reader and Acrobat Denial of Service Vulnerability.
Description: Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3657.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3656
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7589
 
Oval ID: oval:org.mitre.oval:def:7589
Title: Adobe Reader and Acrobat Image Parsing Code Execution Vulnerability.
Description: Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3629.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3620
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 138
Application 88
Application 101

SAINT Exploits

Description Link
Adobe Reader CoolType.dll buffer overflow More info here

ExploitDB Exploits

id Description
2010-09-25 Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow
2010-09-20 Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow
2010-10-06 Adobe Acrobat and Reader Array Indexing Remote Code Execution Vulnerability

OpenVAS Exploits

Date Description
2011-09-07 Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)
File : nvt/gb_macosx_su10-007.nasl
2011-03-09 Name : Gentoo Security Advisory GLSA 201101-08 (acroread)
File : nvt/glsa_201101_08.nasl
2011-03-09 Name : Gentoo Security Advisory GLSA 201101-09 (adobe-flash)
File : nvt/glsa_201101_09.nasl
2010-10-19 Name : SuSE Update for acroread SUSE-SA:2010:048
File : nvt/gb_suse_2010_048.nasl
2010-10-18 Name : Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows)
File : nvt/gb_adobe_prdts_mult_vuln_oct10_win.nasl
2010-10-18 Name : Adobe Reader Multiple Unspecified Vulnerabilities -Oct10 (Linux)
File : nvt/gb_adobe_reader_mult_unspecified_oct10_lin.nasl
2010-10-10 Name : FreeBSD Ports: linux-flashplugin
File : nvt/freebsd_linux-flashplugin10.nasl
2010-10-01 Name : SuSE Update for flash-player SUSE-SA:2010:042
File : nvt/gb_suse_2010_042.nasl
2010-09-21 Name : Adobe Reader/Flash Player Content Code Execution Vulnerability (Linux)
File : nvt/secpod_adobe_prdts_content_code_execution_vuln_lin.nasl
2010-09-21 Name : Adobe Products Content Code Execution Vulnerability (Windows)
File : nvt/secpod_adobe_prdts_content_code_execution_vuln_win.nasl
2010-09-15 Name : Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Win)
File : nvt/gb_adobe_prdts_sing_bof_vuln_win.nasl
2010-09-15 Name : Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Linux)
File : nvt/gb_adobe_reader_sing_bof_vuln_lin.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
68435 Adobe Reader / Acrobat Unspecified Memory Corruption (2010-3658)

An unspecified memory corruption flaw exists in Adobe Reader and Acrobat. The program fails to sanitize certain unspecified user-supplied input resulting in memory corruption. This may allow an attacker to execute arbitrary code or cause a denial of service.
68434 Adobe Reader / Acrobat Unspecified DoS (2010-3657)

Adobe Reader and Acrobat contain an unspecified flaw that may allow an attacker to cause a denial of service. No further details have been provided.
68433 Adobe Reader / Acrobat Unspecified DoS (2010-3656)

Adobe Reader and Acrobat contain an unspecified flaw that may allow an attacker to cause a denial of service. No further details have been provided.
68432 Adobe Reader / Acrobat Unspecified File Format String Handling Memory Corruption

A memory corruption flaw exists in Adobe Reader and Acrobat. The program fails to sanitize user-supplied input when handling an embedded string's length in a particular file, resulting in memory corruption. With a specially crafted string within a crafted file, a context-dependent attacker can execute arbitrary code.
68431 Adobe Reader / Acrobat on Mac OS X Array Index Error Arbitrary Code Execution

Adobe Reader and Acrobat on Mac OS X contain a flaw related to the frame pointer. The issue is triggered when a remote attacker writes a null byte into memory. This may allow an attacker to modify the frame pointer and execute arbitrary code.
68430 Adobe Reader / Acrobat AcroRd32.dll sub_60AF56 Function Memory Corruption

A memory corruption flaw exists in Adobe Reader and Acrobat. The 3difr and AcroRd32.dll modules fail to sanitize user-supplied input when the 'sub_60AF56' function access violates when encounter ESI register data, resulting in memory corruption. With a specially crafted .PDF file, a context-dependent attacker can execute arbitrary code.
68429 Adobe Reader / Acrobat Unspecified Crafted Image Arbitrary Code Execution (20...

Adobe Reader and Acrobat contain a flaw related to image-parsing input validation that may allow a context-dependent attacker to use a crafted image to execute arbitrary code. No further details have been provided.
68428 Adobe Reader / Acrobat Unspecified Memory Corruption (2010-3628)

An unspecified memory corruption flaw exists in Adobe Reader and Acrobat. The programs fail to sanitize certain unspecified user-supplied input resulting in memory corruption. This may allow an attacker to execute arbitrary code or cause a denial of service.
68427 Adobe Reader / Acrobat PDF Flash Code Handling Arbitrary Code Execution

Adobe Reader and Acrobat contain a use-after-free flaw related to a released memory chunk being invalidly used. This may allow a context-dependent attacker to use a crafted .PDF file with PAGES thumbnails to trigger an 'ACCESS_VIOLATION' and execute arbitrary code.
68426 Adobe Reader / Acrobat Unspecified Crafted Font Arbitrary Code Execution (201...

Adobe Reader and Acrobat contain an unspecified flaw that may allow a context-dependent attacker to use a crafted font to execute arbitrary code. No further details have been provided.
68425 Adobe Reader / Acrobat Prefix Protocol Handler Arbitrary Code Execution (2010...

Adobe Reader and Acrobat contain an unspecified flaw related to a prefix protocol handler vulnerability. This may allow an attacker to execute arbitrary code. No further details have been provided.
68424 Adobe Reader / Acrobat on Mac OS X Unspecified Crafted Image Arbitrary Code E...

Adobe Reader and Acrobat on Mac OS X contains an unspecified flaw that may allow a context-dependent attacker to execute arbitrary code via a crafted image. No further details have been provided.
68423 Adobe Reader / Acrobat on Mac OS X Unspecified Memory Corruption

An unspecified memory corruption flaw exists in Adobe Reader and Acrobat for Mac OS X. The program fails to sanitize certain unspecified user-supplied input resulting in memory corruption. This may allow an attacker to execute arbitrary code or cause a denial of service.
68422 Adobe Reader / Acrobat ACE.dll ICC Stream mluc Structure Handling Memory Corr...

A memory corruption flaw exists in Adobe Reader and Acrobat. The ACE.dll module fails to sanitize user-supplied input when an attacker forges an integer value derived from arithmetic performed on the second DWORD of the mulc structure and desc structure, resulting in memory corruption. With a specially crafted file or web page, a context-dependent attacker can execute arbitrary code.
68421 Adobe Reader / Acrobat ACE.dll ICC Stream Handling Memory Corruption

A memory corruption flaw exists in Adobe Reader and Acrobat. The ACE.dll module fails to sanitize user-supplied input when parsing ICC streams, resulting in memory corruption. With a specially crafted file or web page, a context-dependent attacker can overflow a stack buffer and execute arbitrary code.
68420 Adobe Reader / Acrobat Unspecified Crafted Image Arbitrary Code Execution (20...

Adobe Reader and Acrobat contain an image-parsing input validation flaw related that may allow a context-dependent attacker to use a crafted image to execute arbitrary code. No further details have been provided.
68419 Adobe Reader / Acrobat Unspecified Memory Corruption (2010-3619)

An unspecified memory corruption flaw exists in Adobe Reader and Acrobat. The program fails to sanitize certain unspecified user-supplied input resulting in memory corruption. This may allow an attacker to execute arbitrary code or cause a denial of service.
68418 Adobe Reader / Acrobat Unspecified Memory Corruption (2010-2890)

An unspecified memory corruption flaw exists in Adobe Reader and Acrobat. The program fails to sanitize certain unspecified user-supplied input resulting in memory corruption. This may allow an attacker to execute arbitrary code or cause a denial of service.
68416 Adobe Reader / Acrobat Unspecified Crafted Font Arbitrary Code Execution (201...

Adobe Reader and Acrobat contains a flaw related to font-parsing input validation that may allow a context-dependent attacker to use a crafted font to execute arbitrary code. No further details have been provided.
68413 Adobe Reader / Acrobat on Windows Unspecified ActiveX Arbitrary Code Execution

Adobe Reader and Acrobat on Windows contain a flaw related to an ActiveX control that may allow an attacker to execute arbitrary code. No further details have been provided.
68412 Adobe Reader / Acrobat on Linux Multiple Unspecified Privilege Escalation

Adobe Reader and Acrobat on Linux contain multiple flaws related to an insecure relative RPATH that may allow an attacker to gain access to unauthorized privileges. The issue can be exploited by malicious, local users to gain escalated privileges and execute arbitrary code by tricking a user into running the program in an attacker-controlled directory.
68024 Adobe Flash Player Unspecified Code Execution

Adobe Flash Player contains a flaw that may allow an attacker to run arbitrary code. The issue is triggered when a specially crafted .SWF file is viewed using a standalone player or within a Flash browser plugin.
67849 Adobe Reader / Acrobat CoolType.dll SING (Smart INdependent Glyphlets) Font u...

Acrobat and Reader are prone to an overflow condition. The application fails to properly sanitize the "uniqueName" field within the SING table structure of TrueType fonts resulting in a stack buffer overflow. With a specially crafted file, a context-dependent attacker can potentially cause arbitrary code execution.

Snort® IPS/IDS

Date Description
2020-01-16 Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution...
RuleID : 52484 - Revision : 1 - Type : FILE-PDF
2020-01-16 Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution...
RuleID : 52483 - Revision : 1 - Type : FILE-PDF
2019-12-10 Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution...
RuleID : 52125 - Revision : 2 - Type : FILE-PDF
2019-12-10 Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution...
RuleID : 52124 - Revision : 2 - Type : FILE-PDF
2015-03-31 Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution...
RuleID : 33602 - Revision : 2 - Type : FILE-PDF
2015-03-31 Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution...
RuleID : 33601 - Revision : 2 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader ICC mluc integer overflow attempt
RuleID : 28727 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader ICC mluc integer overflow attempt
RuleID : 28726 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader ICC mluc integer overflow attempt
RuleID : 28725 - Revision : 6 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28657 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28656 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28655 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28654 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28653 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28652 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28651 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28650 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28649 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28648 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28647 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28646 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28645 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28644 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28380 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28379 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28378 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28377 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28376 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28375 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28374 - Revision : 6 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader ICC mluc integer overflow attempt
RuleID : 28261 - Revision : 6 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader ICC remote memory corruption attempt
RuleID : 28260 - Revision : 6 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader ICC remote memory corruption attempt
RuleID : 28257 - Revision : 7 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader ICC mluc integer overflow attempt
RuleID : 28256 - Revision : 6 - Type : FILE-PDF
2014-01-10 Teletubbies exploit kit payload download
RuleID : 27887 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Teletubbies exploit kit exploit attempt for Adobe Flash Player
RuleID : 27882 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 18991 - Revision : 13 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 18990 - Revision : 13 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 18989 - Revision : 13 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 18988 - Revision : 12 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution...
RuleID : 18987 - Revision : 15 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution...
RuleID : 18986 - Revision : 15 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader ICC mluc integer overflow attempt
RuleID : 18308 - Revision : 15 - Type : FILE-PDF
2014-01-10 Adobe Flash Player and Reader remote code execution attempt
RuleID : 17257 - Revision : 12 - Type : FILE-FLASH
2014-01-10 Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 17233 - Revision : 13 - Type : FILE-PDF

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_flash-player-100921.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_acroread-101007.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_flash-player-7165.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread-7181.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread_ja-7182.nasl - Type : ACT_GATHER_INFO
2011-01-24 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201101-09.nasl - Type : ACT_GATHER_INFO
2011-01-24 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201101-08.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_acroread-101007.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_acroread_ja-101007.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_flash-player-100921.nasl - Type : ACT_GATHER_INFO
2010-11-10 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO
2010-11-10 Name : The remote host is missing a Mac OS X update that fixes security issues.
File : macosx_SecUpd2010-007.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_acroread-101007.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_acroread-101007.nasl - Type : ACT_GATHER_INFO
2010-10-07 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0743.nasl - Type : ACT_GATHER_INFO
2010-09-23 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_8a34d9e6c66211dfb2e1001b2134ef46.nasl - Type : ACT_GATHER_INFO
2010-09-22 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_flash-player-100921.nasl - Type : ACT_GATHER_INFO
2010-09-22 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_flash-player-100921.nasl - Type : ACT_GATHER_INFO
2010-09-22 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0706.nasl - Type : ACT_GATHER_INFO
2010-09-21 Name : The remote Windows host contains a browser plug-in that is affected by a code...
File : flash_player_apsb10-22.nasl - Type : ACT_GATHER_INFO
2010-09-09 Name : The version of Adobe Acrobat on the remote Windows host is affected by multip...
File : adobe_acrobat_apsa10-02.nasl - Type : ACT_GATHER_INFO
2010-09-09 Name : The version of Adobe Reader on the remote Windows host is affected by multipl...
File : adobe_reader_apsa10-02.nasl - Type : ACT_GATHER_INFO