Main Vulnerability Database Vulnerabilities #VU6151

#VU6151 Arbitrary code execution in Adobe Acrobat and Adobe Reader - CVE-2010-0188

Published: March 22, 2017 / Updated: November 20, 2020

Vulnerability identifier: #VU6151

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2010-0188

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Adobe Acrobat
Adobe Reader

Software vendor:
Adobe

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to improper permissions control. A remote attacker can gain elevated privileges, cause the target application to crash or even execute arbitrary code.

Successful exploitation of this vulnerability may result in arbitrary code execution.

Remediation

Update Adobe Reader and Adobe Acrobat 8.x to version 8.2.1.
Update Adobe Reader and Adobe Acrobat 9.x to version 9.3.1.

External links

http://www.adobe.com/support/security/bulletins/apsb10-07.html