CVE-2010-2862

2010-08-0518:17:58

CWE-189

adobe

web.nvd.nist.gov

110

cve-2010-2862

adobe reader

integer overflow

cooltype.dll

truetype font

arbitrary code

remote execution

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.91

Percentile

98.9%

JSON

Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.

Affected configurations

Nvd

Node

adobeacrobat_readerMatch8.2.3

adobeacrobat_readerMatch9.3.3

Node

adobeacrobatMatch9.3.3

VendorProductVersionCPE
adobeacrobat_reader8.2.3cpe:2.3:a:adobe:acrobat_reader:8.2.3:*:*:*:*:*:*:*
adobeacrobat_reader9.3.3cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*
adobeacrobat9.3.3cpe:2.3:a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	acrobat_reader	8.2.3	cpe:2.3:a:adobe:acrobat_reader:8.2.3:::::::*
adobe	acrobat_reader	9.3.3	cpe:2.3:a:adobe:acrobat_reader:9.3.3:::::::*
adobe	acrobat	9.3.3	cpe:2.3:a:adobe:acrobat:9.3.3:::::::*