Risk | High |
Patch available | YES |
Number of vulnerabilities | 22 |
CVE-ID | CVE-2010-3657 CVE-2010-3656 CVE-2010-3658 CVE-2010-3632 CVE-2010-3631 CVE-2010-3630 CVE-2010-3629 CVE-2010-3628 CVE-2010-3627 CVE-2010-3626 CVE-2010-3625 CVE-2010-3624 CVE-2010-3623 CVE-2010-3622 CVE-2010-3621 CVE-2010-3620 CVE-2010-3619 CVE-2010-2890 CVE-2010-2889 CVE-2010-2888 CVE-2010-2887 CVE-2010-2884 |
CWE-ID | CWE-20 CWE-119 CWE-129 |
Exploitation vector | Network |
Public exploit |
Public exploit code for vulnerability #5 is available. Vulnerability #16 is being exploited in the wild. Vulnerability #17 is being exploited in the wild. Vulnerability #22 is being exploited in the wild. |
Vulnerable software |
Adobe Reader Client/Desktop applications / Office applications Adobe Acrobat Client/Desktop applications / Office applications |
Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 22 vulnerabilities.
EUVDB-ID: #VU3509
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2010-3657
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause denial of service conditions.
The vulnerability exists due to improper input validation error when processing PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it and trigger application crash.
Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.
Adobe Reader: 8.1.1 - 9.3.4
Adobe Acrobat: 8.1.1 - 9.3.4
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU3508
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2010-3656
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause denial of service conditions.
The vulnerability exists due to improper input validation error when processing PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it and trigger application crash.
Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.
Adobe Reader: 8.1.1 - 9.3.4
Adobe Acrobat: 8.1.1 - 9.3.4
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU3507
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2010-3658
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.
Adobe Reader: 8.1.1 - 9.3.4
Adobe Acrobat: 8.1.1 - 9.3.4
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU3506
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2010-3632
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.
Adobe Reader: 8.1.1 - 9.3.4
Adobe Acrobat: 8.1.1 - 9.3.4
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU3505
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2010-3631
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper validation of array index when processing images within PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.
Adobe Reader: 8.1.1 - 9.3.4
Adobe Acrobat: 8.1.1 - 9.3.4
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU3504
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2010-3630
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing images within PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and cause denial of service or execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.
Adobe Reader: 8.1.1 - 9.3.4
Adobe Acrobat: 8.1.1 - 9.3.4
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU3503
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2010-3629
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing images within PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.
Adobe Reader: 8.1.1 - 9.3.4
Adobe Acrobat: 8.1.1 - 9.3.4
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU3502
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2010-3628
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.
Adobe Reader: 8.1.1 - 9.3.4
Adobe Acrobat: 8.1.1 - 9.3.4
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU3501
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2010-3627
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.
Adobe Reader: 8.1.1 - 9.3.4
Adobe Acrobat: 8.1.1 - 9.3.4
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU3500
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2010-3626
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when parsing fonts within PDF document. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.
Adobe Reader: 8.1.1 - 9.3.4
Adobe Acrobat: 8.1.1 - 9.3.4
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU3498
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2010-3625
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing PDF protocol handlers. A remote attacker can create a specially crafted URI, trick the victim into clicking on it and execute arbitrary commands on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.
Adobe Reader: 8.1.1 - 9.3.4
Adobe Acrobat: 8.1.1 - 9.3.4
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU3497
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2010-3624
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing images within PDF files on Macintosh platforms. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.
Adobe Reader: 8.1.1 - 9.3.4
Adobe Acrobat: 8.1.1 - 9.3.4
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU3496
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2010-3623
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing PDF files on Macintosh platforms. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.
Adobe Reader: 8.1.1 - 9.3.4
Adobe Acrobat: 8.1.1 - 9.3.4
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU3495
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2010-3622
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.
Adobe Reader: 8.1.1 - 9.3.4
Adobe Acrobat: 8.1.1 - 9.3.4
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU3494
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2010-3621
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.
Adobe Reader: 8.1.1 - 9.3.4
Adobe Acrobat: 8.1.1 - 9.3.4
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU3493
Risk: High
CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2010-3620
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing images within PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.
Adobe Reader: 8.1.1 - 9.3.4
Adobe Acrobat: 8.1.1 - 9.3.4
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU3492
Risk: High
CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2010-3619
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.
Adobe Reader: 8.1.1 - 9.3.4
Adobe Acrobat: 8.1.1 - 9.3.4
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU3491
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2010-2890
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.
Adobe Reader: 8.1.1 - 9.3.4
Adobe Acrobat: 8.1.1 - 9.3.4
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU3490
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2010-2889
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when parsing fonts within PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it in Internet Explorer, cause memory corruption and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.
Adobe Reader: 8.1.1 - 9.3.4
Adobe Acrobat: 8.1.1 - 9.3.4
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU3489
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2010-2888
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error within ActiveX component when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it in Internet Explorer, cause memory corruption and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.
Adobe Reader: 8.1.1 - 9.3.4
Adobe Acrobat: 8.1.1 - 9.3.4
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU3488
Risk: Low
CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2010-2887
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due unknown error. A local user can escalate privileges on vulnerable Linux system.
MitigationInstall the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.
Adobe Reader: 8.1.1 - 9.3.4
Adobe Acrobat: 8.1.1 - 9.3.4
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-21.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU3487
Risk: High
CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2010-2884
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing malicious SWF files. A remote attacker can create a specially crafted .swf document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationUpdate Adobe Reader and Acrobat 8.x to version 8.2.5. Update Adobe Reader and Acrobat 9.x to version 9.4.
Vulnerable software versionsAdobe Acrobat: 8.0 - 9.4
Adobe Reader: 8.0 - 9.4
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-22.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.