Vulnerability Name:

CVE-2010-1241 (CCN-57712)

Assigned:2010-03-23
Published:2010-03-23
Updated:2017-09-19
Summary:Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MISC
Type: Exploit
http://blog.fortinet.com/the-upcoming-blackhat-europe-2010-presentation/

Source: MITRE
Type: CNA
CVE-2010-1241

Source: MLIST
Type: UNKNOWN
[dailydave] 20100401 0day, it may not be

Source: CCN
Type: RHSA-2010-0349
Critical: acroread security update

Source: CCN
Type: SA39272
Adobe Reader / Acrobat Multiple Vulnerabilities

Source: CCN
Type: Adobe Product Security Bulletin APSB10-09
Security update available for Adobe Reader and Acrobat

Source: CONFIRM
Type: UNKNOWN
http://www.adobe.com/support/security/bulletins/apsb10-09.html

Source: MISC
Type: UNKNOWN
http://www.blackhat.com/html/bh-eu-10/bh-eu-10-briefings.html#Li

Source: CCN
Type: GLSA-201009-05
Adobe Reader: Multiple vulnerabilities

Source: CCN
Type: OSVDB ID: 63618
Adobe Reader Custom Heap Management System CFF Encoding Handling Memory Corruption

Source: BID
Type: UNKNOWN
39227

Source: CCN
Type: BID-39227
Adobe Reader CVE-2010-0200 Remote Code Execution Vulnerability

Source: BID
Type: UNKNOWN
39329

Source: CCN
Type: BID-39329
RETIRED: Adobe Acrobat and Reader April 2010 Multiple Remote Vulnerabilities

Source: CCN
Type: BID-39470
Adobe Acrobat and Reader CVE-2010-1241 'CoolType.dll' Remote Code Execution Vulnerability

Source: CERT
Type: US Government Resource
TA10-103C

Source: VUPEN
Type: Vendor Advisory
ADV-2010-0873

Source: MISC
Type: UNKNOWN
http://www.youtube.com/watch?v=9EVHtY1-0q8

Source: XF
Type: UNKNOWN
reader-customheap-code-execution(57589)

Source: XF
Type: UNKNOWN
adobe-cooltype-bo(57712)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:6940

Source: SUSE
Type: SUSE-SA:2010:022
Acrobat Reader 9.3.2 update

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:9.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:adobe:acrobat:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0.5a:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0.5c:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:7.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:7.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:7.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:7.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:8.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:7.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:8.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:7.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:8.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:9.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:4.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:4.0.5a:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:4.0.5c:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:4.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:5.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:5.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:6.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:7.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:9.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:8.1.6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:11.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20101241
    V
    		CVE-2010-1241
    2015-11-16
    oval:org.mitre.oval:def:22734
    P
    		ELSA-2010:0349: acroread security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:22063
    P
    		RHSA-2010:0349: acroread security update (Critical)
    2014-02-24
    oval:org.mitre.oval:def:6940
    V
    		Adobe Reader and Acrobat Heap-based Overflow Vulnerability
    2013-08-12
    oval:com.redhat.rhsa:def:20100349
    P
    		RHSA-2010:0349: acroread security update (Critical)
    2010-04-14
    BACK
    adobe acrobat reader 8.0
    adobe acrobat reader 8.1
    adobe acrobat reader 8.1.1
    adobe acrobat reader 8.1.2
    adobe acrobat reader 8.1.4
    adobe acrobat reader 8.1.5
    adobe acrobat reader 8.1.6
    adobe acrobat reader 8.1.7
    adobe acrobat reader 8.2
    adobe acrobat reader 8.2.1
    adobe acrobat reader 9.0
    adobe acrobat reader 9.1
    adobe acrobat reader 9.1.1
    adobe acrobat reader 9.1.2
    adobe acrobat reader 9.1.3
    adobe acrobat reader 9.2
    adobe acrobat reader 9.3
    adobe acrobat reader 9.3.1
    apple mac os x *
    microsoft windows *
    adobe acrobat 7.0
    adobe acrobat 7.0.1
    adobe acrobat 3.0
    adobe acrobat 3.1
    adobe acrobat 4.0
    adobe acrobat 4.0.5
    adobe acrobat 4.0.5a
    adobe acrobat 4.0.5c
    adobe acrobat 5.0
    adobe acrobat 5.0.10
    adobe acrobat 5.0.5
    adobe acrobat 5.0.6
    adobe acrobat 6.0
    adobe acrobat 6.0.1
    adobe acrobat 6.0.2
    adobe acrobat 6.0.3
    adobe acrobat 6.0.4
    adobe acrobat 6.0.5
    adobe acrobat 7.0.2
    adobe acrobat 7.0.3
    adobe acrobat 7.0.4
    adobe acrobat 7.0.5
    adobe acrobat 7.0.6
    adobe acrobat 7.0.7
    adobe acrobat 7.0.8
    adobe acrobat 7.0.9
    adobe acrobat 8.1
    adobe acrobat 8.1.1
    adobe acrobat 9
    adobe acrobat 8.1.2
    adobe reader 7.0.1
    adobe reader 7.0.2
    adobe reader 7.0.3
    adobe reader 7.0.5
    adobe reader 7.0.7
    adobe reader 7.0.8
    adobe reader 7.0.9
    adobe reader 8.1.1
    adobe reader 9.0
    adobe reader 7.1.0
    adobe reader 8.1.2
    adobe reader 7.1.1
    adobe reader 8.1.4
    adobe reader 9.1
    adobe acrobat 9.1
    adobe acrobat 9.1.1
    adobe acrobat 9.0.0
    adobe acrobat 8.1.3
    adobe acrobat 8.1.4
    adobe acrobat 9.1.2
    adobe reader 9.1.2
    adobe acrobat 9.1.3
    adobe acrobat 7.1.3
    adobe acrobat 8.1.6
    adobe reader 3.0
    adobe reader 4.0
    adobe reader 4.0.5
    adobe reader 4.0.5a
    adobe reader 4.0.5c
    adobe reader 4.5
    adobe reader 5.0
    adobe reader 5.0.10
    adobe reader 5.0.11
    adobe reader 5.0.5
    adobe reader 6.0
    adobe reader 5.1
    adobe reader 5.0.9
    adobe reader 5.0.7
    adobe reader 5.0.6
    adobe reader 6.0.5
    adobe reader 6.0.4
    adobe reader 6.0.3
    adobe reader 6.0.2
    adobe reader 6.0.1
    adobe reader 7.1.3
    adobe reader 9.1.3
    adobe reader 8.1.6
    gentoo linux *
    redhat rhel extras 4
    novell opensuse 11.0