Adobe Reader/Acrobat Font Parsing Integer Overflow Vulnerability (Win) Network Vulnerability

Summary

This host is installed with Adobe products and are prone to font parsing integer overflow vulnerability.

Impact

Successful exploitation results in memory corruption via a PDF file containing a specially crafted TrueType font. Impact Level: Application

Solution

Upgrade to version 8.2.4 or 9.3.4 or later, For updates refer to http://www.adobe.com

Insight

The flaw is due to an integer overflow error in 'CoolType.dll' when parsing the 'maxCompositePoints' field value in the 'maxp' (Maximum Profile) table of a TrueType font.

Affected

Adobe Reader version 8.2.3 and 9.3.3 Adobe Acrobat version 9.3.3 on Windows.

References

http://secunia.com/advisories/40766
http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2862

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Windows)
Adobe AIR Multiple Vulnerabilities-01 Jun14 (Windows)
Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Windows)
Adobe Air Remote Code Execution Vulnerability -June13 (Mac OS X)
Adobe Air Multiple Vulnerabilities June-2012 (Windows)

Take action and discover your vulnerabilities