CVE-2010-2883

HIGH KEV

Adobe Reader/Acrobat <9.4-8.2.5 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2010-2883 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 8, 2022. EIP tracks 6 public exploits from researchers including Metasploit, avielzecharia, AmazingOut, including a Metasploit module exploits/windows/browser/adobe_cooltype_sing.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in Adobe Reader's CoolType SING table handling (CVE-2010-2883) via a maliciously crafted PDF file. It uses ROP chains and heap spraying to bypass DEP and ASLR, achieving remote code execution.

Description

Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.

Exploits (6)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/16619

This Metasploit module exploits a stack buffer overflow in Adobe Reader's CoolType SING table handling (CVE-2010-2883) via a maliciously crafted PDF file. It uses ROP chains and heap spraying to bypass DEP and ASLR, achieving remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Adobe Reader 8.2.4, 9.3.4, and prior versions
No auth needed
Prerequisites: Victim must open the malicious PDF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16494

This Metasploit module exploits a stack buffer overflow in Adobe Reader's CoolType SING table handling (CVE-2010-2883) via a crafted PDF with embedded TTF font. It uses ROP chains and heap spraying to bypass DEP/ASLR and achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Adobe Reader 8.2.4, 9.3.4 (and prior versions)
No auth needed
Prerequisites: Victim must open a malicious PDF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by avielzecharia · poc
https://github.com/avielzecharia/CVE-2010-2883

This repository contains a functional Metasploit module exploiting CVE-2010-2883, a stack buffer overflow in Adobe Reader's CoolType SING table handling. The exploit uses ROP chains, heap spraying, and DEP bypass techniques to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Adobe Reader versions 8.2.4 and 9.3.4 (and likely prior versions)
No auth needed
Prerequisites: vulnerable Adobe Reader installation · user interaction to open malicious PDF
devstral-2 · analyzed Feb 27, 2026 Full analysis →
github STUB
by AmazingOut · cpoc
https://github.com/AmazingOut/CVE_POC/tree/main/CVE-2010-2883

The repository contains only a minimal README with a table listing CVE-2010-2883 details but no actual exploit code or technical analysis. It references Metasploit but provides no functional PoC or technical depth.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Windows XP SP3
No auth needed
devstral-2 · analyzed Feb 27, 2026 Full analysis →
metasploit WORKING POC GREAT
by Unknown, sn0wfl0w, jduck · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_cooltype_sing.rb

This Metasploit module exploits a stack buffer overflow in Adobe CoolType's SING table handling (CVE-2010-2883) via a crafted PDF with embedded TTF font. It uses ROP chains, heap spraying, and ret2lib to bypass DEP/ASLR and achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Adobe Reader 8.2.4, 9.3.4, and prior versions
No auth needed
Prerequisites: Victim opens malicious PDF · Adobe Reader with vulnerable CoolType library
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC GREAT
by Unknown, sn0wfl0w, jduck · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/adobe_cooltype_sing.rb

This Metasploit module exploits a stack buffer overflow in Adobe Reader's CoolType SING table handling (CVE-2010-2883) via a crafted PDF with embedded TTF font and JavaScript heap spray to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Adobe Reader 8.2.4, 9.3.4, and prior versions
No auth needed
Prerequisites: Victim must open the malicious PDF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (20)

Core 20
Core References
Broken Link, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0191
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43025
Broken Link, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0344
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201101-08.xml
Broken Link, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2331
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/491991
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0743.html
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA10-279A.html
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41340
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/61635
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/43057
Broken Link vendor-advisory x_refsource_turbo
http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt

Scores

CVSS v3 7.3
EPSS 0.9276
EPSS Percentile 99.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2022-06-08
VulnCheck KEV 2010-09-09
InTheWild.io 2018-10-30
ENISA EUVD EUVD-2010-2887
CWE
CWE-787
Status published
Products (2)
adobe/acrobat 8.0 - 8.2.5
adobe/acrobat_reader 8.0 - 8.2.5
Published Sep 09, 2010
KEV Added Jun 08, 2022
Tracked Since Feb 18, 2026