Adobe Acrobat And Reader SING 'uniqueName' Buffer Overflow Vulnerability (Win) Network Vulnerability

Summary

This host is installed with Adobe Reader/Acrobat and is prone to buffer overflow vulnerability

Impact

Successful exploitation will let attackers to crash an affected application or execute arbitrary code by tricking a user into opening a specially crafted PDF document. Impact Level: Application

Solution

Upgrade to Adobe Reader/Adobe Acrobat version 9.4 or later. For updates refer http://www.adobe.com/downloads/

Insight

The flaw is due to a boundary error within 'CoolType.dll' when processing the 'uniqueName' entry of SING tables in fonts.

Affected

Adobe Reader version 9.3.4 and prior. Adobe Acrobat version 9.3.4 and prior on windows.

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html
http://secunia.com/advisories/41340
http://www.adobe.com/support/security/advisories/apsa10-02.html
http://www.osvdb.com/67849

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2883
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Attachmate Reflection FTP Client LIST Command Remote Heap Buffer Overflow Vulnerability
Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Windows)
Adobe Reader Integer Overflow Vulnerability - Jan 12 (Linux)
CA ARCserve Backup Multiple Bufffer Overflow Vulnerabilities
CA eTrust PestPatrol Anti-Spyware 'ppctl.dll' ActiveX Control BOF Vulnerability

Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Win)

Take action and discover your vulnerabilities