CVE-2010-2883

HIGH KEV

Adobe Reader/Acrobat <9.4-8.2.5 - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.

Exploits (6)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/16619

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16494

View Code ZIP pw:eip

nomisec WORKING POC

by avielzecharia · poc

https://github.com/avielzecharia/CVE-2010-2883

View Code ZIP pw:eip

github STUB

by AmazingOut · cpoc

https://github.com/AmazingOut/CVE_POC/tree/main/CVE-2010-2883

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by Unknown, sn0wfl0w, jduck · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_cooltype_sing.rb

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by Unknown, sn0wfl0w, jduck · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/adobe_cooltype_sing.rb

View Code ZIP pw:eip

References (20)

[Broken Link] http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html

[Broken Link] http://community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspx

[Broken Link] http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html

[Broken Link] http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

[Broken Link, Vendor Advisory] http://secunia.com/advisories/41340

[Broken Link, Vendor Advisory] http://secunia.com/advisories/43025

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-201101-08.xml

[Vendor Advisory] http://www.adobe.com/support/security/advisories/apsa10-02.html

[Vendor Advisory] http://www.adobe.com/support/security/bulletins/apsb10-21.html

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/491991

[Broken Link] http://www.redhat.com/support/errata/RHSA-2010-0743.html

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/43057

[Broken Link] http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt

[Third Party Advisory, US Government Resource] http://www.us-cert.gov/cas/techalerts/TA10-279A.html

[Broken Link, Vendor Advisory] http://www.vupen.com/english/advisories/2010/2331

[Broken Link, Vendor Advisory] http://www.vupen.com/english/advisories/2011/0191

[Broken Link, Vendor Advisory] http://www.vupen.com/english/advisories/2011/0344

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/61635

[Broken Link] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11586

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2883

Scores

CVSS v3 7.3

EPSS 0.9319

EPSS Percentile 99.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-06-08

VulnCheck KEV 2010-09-09

InTheWild.io 2018-10-30

ENISA EUVD EUVD-2010-2887

CWE

CWE-787

Status published

Products (2)

adobe/acrobat 8.0 - 8.2.5

adobe/acrobat_reader 8.0 - 8.2.5

Published Sep 09, 2010

KEV Added Jun 08, 2022

Tracked Since Feb 18, 2026