Adobe Reader Font Parsing Integer Overflow Vulnerability (Linux) Network Vulnerability

Summary

This host is installed with Adobe Reader and are prone to font parsing integer overflow vulnerability.

Impact

Successful exploitation results in memory corruption via a PDF file containing a specially crafted TrueType font. Impact Level: Application

Solution

Upgrade to version 8.2.4 or 9.3.4 or later, For updates refer to http://www.adobe.com

Insight

The flaw is due to an integer overflow error in 'CoolType.dll' when parsing the 'maxCompositePoints' field value in the 'maxp' (Maximum Profile) table of a TrueType font.

Affected

Adobe Reader version 8.2.3 and 9.3.3

References

http://secunia.com/advisories/40766
http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2862

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows)
Adobe Acrobat Multiple Vulnerabilities April-2012 (Mac OS X)
Adobe AIR Multiple Vulnerabilities-01 Jun14 (Windows)
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Windows)
Adobe Acrobat and Reader 'printSeps()' Function Heap Corruption Vulnerability

Take action and discover your vulnerabilities