CVE-2010-4091

Adobe Reader and Acrobat - Remote Code Execution via Crafted PDF Document

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4091. PoCs published by scup.

AI-analyzed exploit summary This exploit targets a vulnerability in Adobe Reader 9.4 and earlier, leveraging a crafted PDF file to achieve remote code execution. The exploit is delivered as a binary file (xpl_pdf.bin) designed to trigger the vulnerability when opened.

Description

The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED
by scup · textdoswindows
https://www.exploit-db.com/exploits/15419

This exploit targets a vulnerability in Adobe Reader 9.4 and earlier, leveraging a crafted PDF file to achieve remote code execution. The exploit is delivered as a binary file (xpl_pdf.bin) designed to trigger the vulnerability when opened.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Reader <= 9.4
No auth needed
Prerequisites: Victim must open the malicious PDF file
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (22)

Core 22
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/15419
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42095
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/69005
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0191
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43025
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3111
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2890
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201101-08.xml
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/44638
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0934.html
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0337
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025033
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42401
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1024684
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12527
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/62996
Patch, Vendor Advisory x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb10-28.html

Scores

EPSS 0.1852
EPSS Percentile 96.9%

Details

CWE
CWE-119
Status published
Products (50)
adobe/acrobat 8.0
adobe/acrobat 8.1
adobe/acrobat 8.1.1
adobe/acrobat 8.1.2
adobe/acrobat 8.1.3
adobe/acrobat 8.1.4
adobe/acrobat 8.1.5
adobe/acrobat 8.1.6
adobe/acrobat 8.1.7
adobe/acrobat 8.2
... and 40 more
Published Nov 07, 2010
Tracked Since Feb 18, 2026