Multiple vulnerabilities in Adobe Reader and Acrobat



Published: 2010-04-13
Risk Critical
Patch available YES
Number of vulnerabilities 15
CVE ID CVE-2010-1241
CVE-2010-0204
CVE-2010-0203
CVE-2010-0202
CVE-2010-0201
CVE-2010-0199
CVE-2010-0198
CVE-2010-0197
CVE-2010-0196
CVE-2010-0195
CVE-2010-0194
CVE-2010-0193
CVE-2010-0192
CVE-2010-0191
CVE-2010-0190
CWE ID CWE-119
CWE-20
CWE-79
Exploitation vector Network
Public exploit Vulnerability #1 is being exploited in the wild.
Vulnerable software
Subscribe
Adobe Acrobat
Client/Desktop applications / Office applications

Adobe Reader
Client/Desktop applications / Office applications

Vendor Adobe

Security Advisory

1) Heap-based buffer overflow

Risk: Critical

CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C] [PCI]

CVE-ID: CVE-2010-1241

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in the custom heap management system in Adobe Reader and Acrobat. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild.

Mitigation

The vendor has issued the following versions to address this vulnerability: 9.3.2, 8.2.2

Vulnerable software versions

Adobe Acrobat: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

Adobe Reader: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

CPE External links

http://www.adobe.com/support/security/bulletins/apsb10-09.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

2) Input validation error

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2010-0204

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to input validation error when processing PDF files in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X. A remote attacker can create a specially specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability will result in system compromise.

Mitigation

The vendor has issued the following versions to address this vulnerability: 9.3.2, 8.2.2

Vulnerable software versions

Adobe Acrobat: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

Adobe Reader: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

CPE External links

http://www.adobe.com/support/security/bulletins/apsb10-09.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2010-0203

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to input validation error when processing PDF files in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X. A remote attacker can create a specially specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability will result in system compromise.

Mitigation

The vendor has issued the following versions to address this vulnerability: 9.3.2, 8.2.2

Vulnerable software versions

Adobe Acrobat: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

Adobe Reader: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

CPE External links

http://www.adobe.com/support/security/bulletins/apsb10-09.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2010-0202

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to input validation error when processing PDF files in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X. A remote attacker can create a specially specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability will result in system compromise.

Mitigation

The vendor has issued the following versions to address this vulnerability: 9.3.2, 8.2.2

Vulnerable software versions

Adobe Acrobat: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

Adobe Reader: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

CPE External links

http://www.adobe.com/support/security/bulletins/apsb10-09.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2010-0201

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to input validation error when processing PDF files in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X. A remote attacker can create a specially specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability will result in system compromise.

Mitigation

The vendor has issued the following versions to address this vulnerability: 9.3.2, 8.2.2

Vulnerable software versions

Adobe Acrobat: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

Adobe Reader: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

CPE External links

http://www.adobe.com/support/security/bulletins/apsb10-09.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2010-0199

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to boundary error when processing PDF files in Adobe Reader and Acrobat. A remote attacker can create a specially specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability will result in system compromise.

Mitigation

The vendor has issued the following versions to address this vulnerability: 9.3.2, 8.2.2

Vulnerable software versions

Adobe Acrobat: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

Adobe Reader: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

CPE External links

http://www.adobe.com/support/security/bulletins/apsb10-09.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2010-0198

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to boundary error when processing PDF files in Adobe Reader and Acrobat. A remote attacker can create a specially specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability will result in system compromise.

Mitigation

The vendor has issued the following versions to address this vulnerability: 9.3.2, 8.2.2

Vulnerable software versions

Adobe Acrobat: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

Adobe Reader: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

CPE External links

http://www.adobe.com/support/security/bulletins/apsb10-09.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Input validation error

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2010-0197

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to input validation error when processing PDF files in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X. A remote attacker can create a specially specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability will result in system compromise.

Mitigation

The vendor has issued the following versions to address this vulnerability: 9.3.2, 8.2.2

Vulnerable software versions

Adobe Acrobat: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

Adobe Reader: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

CPE External links

http://www.adobe.com/support/security/bulletins/apsb10-09.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Input validation error

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2010-0196

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to input validation error when processing PDF files in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X. A remote attacker can create a specially specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability will result in system compromise.

Mitigation

The vendor has issued the following versions to address this vulnerability: 9.3.2, 8.2.2

Vulnerable software versions

Adobe Acrobat: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

Adobe Reader: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

CPE External links

http://www.adobe.com/support/security/bulletins/apsb10-09.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Memory corruption

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2010-0195

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to boundary error when processing fonts within PDF files. A remote attacker can create a specially specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability will result in system compromise.

Mitigation

The vendor has issued the following versions to address this vulnerability: 9.3.2, 8.2.2

Vulnerable software versions

Adobe Acrobat: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

Adobe Reader: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

CPE External links

http://www.adobe.com/support/security/bulletins/apsb10-09.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Input validation error

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2010-0194

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to input validation error when processing PDF files in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X. A remote attacker can create a specially specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability will result in system compromise.

Mitigation

The vendor has issued the following versions to address this vulnerability: 9.3.2, 8.2.2

Vulnerable software versions

Adobe Acrobat: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

Adobe Reader: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

CPE External links

http://www.adobe.com/support/security/bulletins/apsb10-09.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Input validation error

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2010-0193

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to input validation error when processing PDF files in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X. A remote attacker can create a specially specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability will result in system compromise.

Mitigation

The vendor has issued the following versions to address this vulnerability: 9.3.2, 8.2.2

Vulnerable software versions

Adobe Acrobat: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

Adobe Reader: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

CPE External links

http://www.adobe.com/support/security/bulletins/apsb10-09.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Input validation error

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2010-0192

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to input validation error when processing PDF files in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X. A remote attacker can create a specially specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability will result in system compromise.

Mitigation

The vendor has issued the following versions to address this vulnerability: 9.3.2, 8.2.2

Vulnerable software versions

Adobe Acrobat: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

Adobe Reader: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

CPE External links

http://www.adobe.com/support/security/bulletins/apsb10-09.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper input validation

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2010-0191

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to input validation error when handling protocol URIs. A remote attacker can create a specially crafted shortcut, trick the victim into clicking it and execute arbitrary commands on the target system with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

The vendor has issued the following versions to address this vulnerability: 9.3.2, 8.2.2

Vulnerable software versions

Adobe Acrobat: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

Adobe Reader: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

CPE External links

http://www.adobe.com/support/security/bulletins/apsb10-09.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Cross-site scripting

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2010-0190

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

Vulnerability allows a remote authenticated attacker to perform XSS attacks.

The vulnerability is caused by an input validation error in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X. A remote attacker can trick the victim to open a specially specially crafted PDF file and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


Mitigation

The vendor has issued the following versions to address this vulnerability: 9.3.2, 8.2.2

Vulnerable software versions

Adobe Acrobat: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

Adobe Reader: 8.0, 8.1, 8.1.1, 8.1.2, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2.1, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1

CPE External links

http://www.adobe.com/support/security/bulletins/apsb10-09.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###