Adobe Reader Font Parsing Integer Overflow Vulnerability (Linux) Network Vulnerability

Summary

This host is installed with Adobe Reader and are prone to font parsing integer overflow vulnerability.

Impact

Successful exploitation results in memory corruption via a PDF file containing a specially crafted TrueType font. Impact Level: Application

Solution

Upgrade to version 8.2.4 or 9.3.4 or later, For updates refer to http://www.adobe.com

Insight

The flaw is due to an integer overflow error in 'CoolType.dll' when parsing the 'maxCompositePoints' field value in the 'maxp' (Maximum Profile) table of a TrueType font.

Affected

Adobe Reader version 8.2.3 and 9.3.3

References

http://secunia.com/advisories/40766
http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2862

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities -01 April 13 (Windows)
7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Mac OS X)
Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Mac OS X)
Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)

Take action and discover your vulnerabilities