Vulnerability Name:

CVE-2010-2862 (CCN-60901)

Assigned:2010-08-04
Published:2010-08-04
Updated:2017-09-19
Summary:Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-189
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2010-2862

Source: CCN
Type: RHSA-2010-0636
Critical: acroread security update

Source: CCN
Type: SA40766
Adobe Reader/Acrobat Font Parsing Integer Overflow Vulnerability

Source: SECUNIA
Type: Vendor Advisory
40766

Source: CCN
Type: Independent Security Evaluators
Crash analysis with BitBlaze (page 51 - 58)

Source: MISC
Type: UNKNOWN
http://securityevaluators.com/files/papers/CrashAnalysis.pdf

Source: CCN
Type: Adobe Web site
Acrobat and Reader

Source: CCN
Type: Adobe Product Security Bulletin APSB10-17
Security Advisory for Adobe Reader and Acrobat

Source: CCN
Type: OSVDB ID: 66859
Adobe Reader / Acrobat CoolType.dll maxp Table maxComponentPoints Field Font Handling Overflow

Source: CCN
Type: BID-42203
Adobe Acrobat and Reader Font Parsing Remote Code Execution Vulnerability

Source: CCN
Type: BID-42238
Adobe Acrobat and Reader APSB10-17 Multiple Remote Vulnerabilities

Source: CERT
Type: US Government Resource
TA10-231A

Source: MISC
Type: UNKNOWN
http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/

Source: XF
Type: UNKNOWN
adobe-cooltype-overflow(60901)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11693

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [08-14-2010]

Source: SUSE
Type: SUSE-SA:2010:037
Acrobat Reader 9.3.4 update

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:acrobat_reader:8.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:adobe:reader:9.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*
  • AND
  • cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20102862
    V
    		CVE-2010-2862
    2015-11-16
    oval:org.mitre.oval:def:22927
    P
    		ELSA-2010:0636: acroread security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:22354
    P
    		RHSA-2010:0636: acroread security update (Critical)
    2014-02-24
    oval:org.mitre.oval:def:11693
    V
    		Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3
    2013-08-12
    oval:com.redhat.rhsa:def:20100636
    P
    		RHSA-2010:0636: acroread security update (Critical)
    2010-08-20
    BACK
    adobe acrobat reader 8.2.3
    adobe acrobat reader 9.3.3
    adobe acrobat 9.3.3
    adobe reader 9.3.3
    adobe acrobat 9.3.3
    redhat rhel extras 4