Multiple vulnerabilities in Adobe Reader and Acrobat



| Updated: 2017-03-24
Risk High
Patch available YES
Number of vulnerabilities 22
CVE-ID CVE-2010-3657
CVE-2010-3656
CVE-2010-3658
CVE-2010-3632
CVE-2010-3631
CVE-2010-3630
CVE-2010-3629
CVE-2010-3628
CVE-2010-3627
CVE-2010-3626
CVE-2010-3625
CVE-2010-3624
CVE-2010-3623
CVE-2010-3622
CVE-2010-3621
CVE-2010-3620
CVE-2010-3619
CVE-2010-2890
CVE-2010-2889
CVE-2010-2888
CVE-2010-2887
CVE-2010-2884
CWE-ID CWE-20
CWE-119
CWE-129
Exploitation vector Network
Public exploit Public exploit code for vulnerability #5 is available.
Vulnerability #16 is being exploited in the wild.
Vulnerability #17 is being exploited in the wild.
Vulnerability #22 is being exploited in the wild.
Vulnerable software
Adobe Reader
Client/Desktop applications / Office applications

Adobe Acrobat
Client/Desktop applications / Office applications

Vendor Adobe

Security Bulletin

This security bulletin contains information about 22 vulnerabilities.

1) Improper input validation

EUVDB-ID: #VU3509

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-3657

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause denial of service conditions.

The vulnerability exists due to improper input validation error when processing PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it and trigger application crash.


Mitigation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

Vulnerable software versions

Adobe Reader: 8.1.1 - 9.3.4

Adobe Acrobat: 8.1.1 - 9.3.4

CPE2.3 External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU3508

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-3656

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause denial of service conditions.

The vulnerability exists due to improper input validation error when processing PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it and trigger application crash.


Mitigation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

Vulnerable software versions

Adobe Reader: 8.1.1 - 9.3.4

Adobe Acrobat: 8.1.1 - 9.3.4

CPE2.3 External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Memory corruption

EUVDB-ID: #VU3507

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-3658

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Mitigation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

Vulnerable software versions

Adobe Reader: 8.1.1 - 9.3.4

Adobe Acrobat: 8.1.1 - 9.3.4

CPE2.3 External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Memory corruption

EUVDB-ID: #VU3506

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-3632

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Mitigation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

Vulnerable software versions

Adobe Reader: 8.1.1 - 9.3.4

Adobe Acrobat: 8.1.1 - 9.3.4

CPE2.3 External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper validation of array index

EUVDB-ID: #VU3505

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2010-3631

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper validation of array index when processing images within PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Mitigation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

Vulnerable software versions

Adobe Reader: 8.1.1 - 9.3.4

Adobe Acrobat: 8.1.1 - 9.3.4

CPE2.3 External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

6) Memory corruption

EUVDB-ID: #VU3504

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-3630

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing images within PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and cause denial of service or execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Mitigation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

Vulnerable software versions

Adobe Reader: 8.1.1 - 9.3.4

Adobe Acrobat: 8.1.1 - 9.3.4

CPE2.3 External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Memory corruption

EUVDB-ID: #VU3503

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-3629

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing images within PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Mitigation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

Vulnerable software versions

Adobe Reader: 8.1.1 - 9.3.4

Adobe Acrobat: 8.1.1 - 9.3.4

CPE2.3 External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Memory corruption

EUVDB-ID: #VU3502

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-3628

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Mitigation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

Vulnerable software versions

Adobe Reader: 8.1.1 - 9.3.4

Adobe Acrobat: 8.1.1 - 9.3.4

CPE2.3 External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Memory corruption

EUVDB-ID: #VU3501

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-3627

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Mitigation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

Vulnerable software versions

Adobe Reader: 8.1.1 - 9.3.4

Adobe Acrobat: 8.1.1 - 9.3.4

CPE2.3 External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Memory corruption

EUVDB-ID: #VU3500

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-3626

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when parsing fonts within PDF document. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Mitigation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

Vulnerable software versions

Adobe Reader: 8.1.1 - 9.3.4

Adobe Acrobat: 8.1.1 - 9.3.4

CPE2.3 External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper input validation

EUVDB-ID: #VU3498

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-3625

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing PDF protocol handlers. A remote attacker can create a specially crafted URI, trick the victim into clicking on it and execute arbitrary commands on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Mitigation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

Vulnerable software versions

Adobe Reader: 8.1.1 - 9.3.4

Adobe Acrobat: 8.1.1 - 9.3.4

CPE2.3 External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Memory corruption

EUVDB-ID: #VU3497

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-3624

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing images within PDF files on Macintosh platforms. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Mitigation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

Vulnerable software versions

Adobe Reader: 8.1.1 - 9.3.4

Adobe Acrobat: 8.1.1 - 9.3.4

CPE2.3 External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Memory corruption

EUVDB-ID: #VU3496

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-3623

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing PDF files on Macintosh platforms. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Mitigation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

Vulnerable software versions

Adobe Reader: 8.1.1 - 9.3.4

Adobe Acrobat: 8.1.1 - 9.3.4

CPE2.3 External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Memory corruption

EUVDB-ID: #VU3495

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-3622

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Mitigation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

Vulnerable software versions

Adobe Reader: 8.1.1 - 9.3.4

Adobe Acrobat: 8.1.1 - 9.3.4

CPE2.3 External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Memory corruption

EUVDB-ID: #VU3494

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-3621

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Mitigation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

Vulnerable software versions

Adobe Reader: 8.1.1 - 9.3.4

Adobe Acrobat: 8.1.1 - 9.3.4

CPE2.3 External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Memory corruption

EUVDB-ID: #VU3493

Risk: High

CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2010-3620

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing images within PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Mitigation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

Vulnerable software versions

Adobe Reader: 8.1.1 - 9.3.4

Adobe Acrobat: 8.1.1 - 9.3.4

CPE2.3 External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

17) Memory corruption

EUVDB-ID: #VU3492

Risk: High

CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2010-3619

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Mitigation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

Vulnerable software versions

Adobe Reader: 8.1.1 - 9.3.4

Adobe Acrobat: 8.1.1 - 9.3.4

CPE2.3 External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

18) Memory corruption

EUVDB-ID: #VU3491

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-2890

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Mitigation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

Vulnerable software versions

Adobe Reader: 8.1.1 - 9.3.4

Adobe Acrobat: 8.1.1 - 9.3.4

CPE2.3 External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Memory corruption

EUVDB-ID: #VU3490

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-2889

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when parsing fonts within PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it in Internet Explorer, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Mitigation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

Vulnerable software versions

Adobe Reader: 8.1.1 - 9.3.4

Adobe Acrobat: 8.1.1 - 9.3.4

CPE2.3 External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper input validation

EUVDB-ID: #VU3489

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-2888

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error within ActiveX component when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it in Internet Explorer, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Mitigation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

Vulnerable software versions

Adobe Reader: 8.1.1 - 9.3.4

Adobe Acrobat: 8.1.1 - 9.3.4

CPE2.3 External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Privilege escalation in Linux version

EUVDB-ID: #VU3488

Risk: Low

CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-2887

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due unknown error. A local user can escalate privileges on vulnerable Linux system.

Mitigation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

Vulnerable software versions

Adobe Reader: 8.1.1 - 9.3.4

Adobe Acrobat: 8.1.1 - 9.3.4

CPE2.3 External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Memory corruption

EUVDB-ID: #VU3487

Risk: High

CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2010-2884

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing malicious SWF files. A remote attacker can create a specially crafted .swf document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Mitigation

Update Adobe Reader and Acrobat 8.x to version 8.2.5. Update Adobe Reader and Acrobat 9.x to version 9.4.

Vulnerable software versions

Adobe Acrobat: 8.0 - 9.4

Adobe Reader: 8.0 - 9.4

CPE2.3 External links

http://www.adobe.com/support/security/bulletins/apsb10-22.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.



###SIDEBAR###