Adobe Acrobat And Reader SING 'uniqueName' Buffer Overflow Vulnerability (Linux) Network Vulnerability

Summary

This host is installed with Adobe Reader and is prone to buffer overflow vulnerability.

Impact

Successful exploitation will let attackers to crash an affected application or execute arbitrary code by tricking a user into opening a specially crafted PDF document. Impact Level: Application

Solution

Upgrade to Adobe Reader version 9.4, For updates refer to http://www.adobe.com

Insight

The flaw is due to a boundary error within 'CoolType.dll' when processing the 'uniqueName' entry of SING tables in fonts.

Affected

Adobe Reader version 9.3.4 and prior.

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html
http://secunia.com/advisories/41340
http://www.adobe.com/support/security/advisories/apsa10-02.html
http://www.osvdb.com/67849

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2883
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

BarCodeWiz 'BarcodeWiz.dll' ActiveX Control BOF Vulnerability
Attachmate Reflection FTP Client LIST Command Remote Heap Buffer Overflow Vulnerability
Becky! Internet Mail Buffer Overflow Vulnerability
BigAnt IM Server HTTP GET Request Buffer Overflow Vulnerability
ALLMediaServer Request Handling Buffer Overflow Vulnerability

Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Linux)

Take action and discover your vulnerabilities