Adobe Acrobat And Reader 'printSeps()' Function Heap Corruption Vulnerability Network Vulnerability

Summary

This host is installed with Adobe Reader/Acrobat and is prone to heap corruption Vulnerability

Impact

Successful exploitation will let attackers to crash an affected application or compromise a vulnerable system by tricking a user into opening a specially crafted PDF file. Impact Level:Application

Solution

Upgrade to Adobe Reader/Acrobat version 9.4.1 or later For updates refer to http://www.adobe.com

Insight

This issue is caused by a heap corruption error in the 'EScript.api' plugin when processing the 'printSeps()' function within a PDF document.

Affected

Adobe Reader version 8.x to 8.1.7 and 9.x before 9.4.1 Adobe Acrobat version 8.x to 8.1.7 and 9.x before 9.4.1 on windows

References

http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html
http://secunia.com/advisories/42095
http://www.exploit-db.com/exploits/15419/
http://www.vupen.com/english/advisories/2010/2890
http://xforce.iss.net/xforce/xfdb/62996

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4091

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Windows)
Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Mac OS X)
Active Perl Locale::Maketext Module Multiple Code Injection Vulnerabilities (Windows)
Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)
Adobe Air Remote Code Execution Vulnerability -June13 (Mac OS X)

Adobe Acrobat and Reader 'printSeps()' Function Heap Corruption Vulnerability

Take action and discover your vulnerabilities