CVE-2010-0188

HIGH KEV RANSOMWARE

Adobe Acrobat and Reader 8.x < 8.2.1 and 9.x < 9.3.1 - Remote Code Execution

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2010-0188 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 3, 2022, with confirmed use in ransomware campaigns. EIP tracks 5 public exploits from researchers including Metasploit, villy, Microsoft, including a Metasploit module exploits/windows/fileformat/adobe_libtiff.

AI-analyzed exploit summary This exploit targets a buffer overflow in libtiff on Apple iOS MobileSafari (firmware versions 1.00, 1.01, 1.02, 1.1.1) by crafting a malicious TIFF file. It leverages heap manipulation and shellcode injection to achieve remote code execution.

Description

Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.

Exploits (5)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremoteios
https://www.exploit-db.com/exploits/21868

This exploit targets a buffer overflow in libtiff on Apple iOS MobileSafari (firmware versions 1.00, 1.01, 1.02, 1.1.1) by crafting a malicious TIFF file. It leverages heap manipulation and shellcode injection to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apple iOS MobileSafari (libtiff) on firmware versions 1.00, 1.01, 1.02, 1.1.1
No auth needed
Prerequisites: Target device running vulnerable iOS firmware · Victim must open a malicious TIFF file in MobileSafari
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremoteios
https://www.exploit-db.com/exploits/21869

This exploit targets a buffer overflow in libtiff on Apple iOS MobileMail (firmware versions 1.00, 1.01, 1.02, 1.1.1) via a maliciously crafted TIFF file sent as an email attachment. It leverages heap manipulation and shellcode execution to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apple iOS MobileMail (libtiff) on firmware versions 1.00, 1.01, 1.02, 1.1.1
No auth needed
Prerequisites: Target device must be running vulnerable iOS firmware · Target must open the malicious email attachment
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/16670

This exploit targets an integer overflow vulnerability in Adobe Reader and Acrobat (CVE-2010-0188) by crafting a malicious PDF file with embedded TIFF data. It leverages a DEP bypass via ret2lib using BIB.dll to execute arbitrary shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Adobe Reader 8.0-8.2, 9.0-9.3
No auth needed
Prerequisites: Victim must open the malicious PDF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by villy · pythonlocalwindows
https://www.exploit-db.com/exploits/11787

This exploit generates a malicious PDF file targeting CVE-2010-0188 (Adobe Acrobat Reader LibTiff Integer Overflow). It embeds a crafted TIFF image with shellcode to achieve remote code execution (calc.exe) when the PDF is opened.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Acrobat Reader <=8.3.0, <=9.3.0
No auth needed
Prerequisites: Victim must open the malicious PDF file
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC GOOD
by Microsoft · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/adobe_libtiff.rb

This Metasploit module exploits an integer overflow vulnerability in Adobe Reader and Acrobat (CVE-2010-0188) by crafting a malicious PDF file with embedded TIFF data. It bypasses DEP using a ret2lib technique targeting BIB.dll to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Adobe Reader 8.0-8.2, 9.0-9.3; Adobe Acrobat Professional 8.0-8.2, 9.0-9.3
No auth needed
Prerequisites: Victim must open the malicious PDF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Broken Link, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0399
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56297
Broken Link, Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0114.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
Broken Link, Vendor Advisory x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb10-07.html
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38639
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38195
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1023601
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38915

Scores

CVSS v3 7.8
EPSS 0.9355
EPSS Percentile 99.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2022-03-03
VulnCheck KEV 2010-05-01
InTheWild.io 2022-03-03
ENISA EUVD EUVD-2010-0219
Ransomware Use Confirmed
Status published
Products (2)
adobe/acrobat 8.0 - 8.2.1
adobe/acrobat_reader 8.0 - 8.2.1
Published Feb 22, 2010
KEV Added Mar 03, 2022
Tracked Since Feb 18, 2026