Adobe Reader Font Parsing Integer Overflow Vulnerability (Linux) Network Vulnerability

Summary

This host is installed with Adobe Reader and are prone to font parsing integer overflow vulnerability.

Impact

Successful exploitation results in memory corruption via a PDF file containing a specially crafted TrueType font. Impact Level: Application

Solution

Upgrade to version 8.2.4 or 9.3.4 or later, For updates refer to http://www.adobe.com

Insight

The flaw is due to an integer overflow error in 'CoolType.dll' when parsing the 'maxCompositePoints' field value in the 'maxp' (Maximum Profile) table of a TrueType font.

Affected

Adobe Reader version 8.2.3 and 9.3.3

References

http://secunia.com/advisories/40766
http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2862
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability
Adobe AIR Multiple Vulnerabilities-01 Sep14 (Mac OS X)
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Mac OS X)
Adobe Acrobat and Reader 'printSeps()' Function Heap Corruption Vulnerability
Adobe AIR Multiple Vulnerabilities-01 Dec13 (Mac OS X)

Take action and discover your vulnerabilities