Multiple vulnerabilities in Adobe Reader and Acrobat

Published: 2010-10-05 19:39:48 | Updated: 2017-03-24
Severity High
Patch available YES
Number of vulnerabilities 22
CVE ID CVE-2010-3657
CVE-2010-3656
CVE-2010-3658
CVE-2010-3632
CVE-2010-3631
CVE-2010-3630
CVE-2010-3629
CVE-2010-3628
CVE-2010-3627
CVE-2010-3626
CVE-2010-3625
CVE-2010-3624
CVE-2010-3623
CVE-2010-3622
CVE-2010-3621
CVE-2010-3620
CVE-2010-3619
CVE-2010-2890
CVE-2010-2889
CVE-2010-2888
CVE-2010-2887
CVE-2010-2884
CVSSv3 5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
7.5 [CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-20
CWE-119
CWE-129
Exploitation vector Network
Public exploit Public exploit code for vulnerability #5 is available.
Vulnerable software Adobe Reader
Adobe Acrobat
Vulnerable software versions Adobe Reader 8.2.4
Adobe Reader 8.2.3
Adobe Reader 8.2.2

Show more

Adobe Acrobat 8.2.4
Adobe Acrobat 8.2.3
Adobe Acrobat 8.2.2

Show more

Vendor URL Adobe

Security Advisory

1) Improper input validation

Description

The vulnerability allows a remote attacker to cause denial of service conditions.

The vulnerability exists due to improper input validation error when processing PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it and trigger application crash.


Remediation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html

2) Improper input validation

Description

The vulnerability allows a remote attacker to cause denial of service conditions.

The vulnerability exists due to improper input validation error when processing PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it and trigger application crash.


Remediation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html

3) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html

4) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html

5) Improper validation of array index

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper validation of array index when processing images within PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html

6) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing images within PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and cause denial of service or execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html

7) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing images within PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html

8) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html

9) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing PDF documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html

10) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when parsing fonts within PDF document. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html

11) Improper input validation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing PDF protocol handlers. A remote attacker can create a specially crafted URI, trick the victim into clicking on it and execute arbitrary commands on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html

12) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing images within PDF files on Macintosh platforms. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html

13) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing PDF files on Macintosh platforms. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html

14) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html

15) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html

16) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing images within PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html

17) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html

18) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html

19) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when parsing fonts within PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it in Internet Explorer, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html

20) Improper input validation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error within ActiveX component when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it in Internet Explorer, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html

21) Privilege escalation in Linux version

Description

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due unknown error. A local user can escalate privileges on vulnerable Linux system.

Remediation

Install the latest version from vendor's website. The vulnerability is fixed in Adobe Reader and Acrobat 9.4 and 8.2.5.

External links

http://www.adobe.com/support/security/bulletins/apsb10-21.html

22) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing malicious SWF files. A remote attacker can create a specially crafted .swf document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Update Adobe Reader and Acrobat 8.x to version 8.2.5. Update Adobe Reader and Acrobat 9.x to version 9.4.

External links

http://www.adobe.com/support/security/bulletins/apsb10-22.html

Back to List