CVE-2010-2862 Information

Description

Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3 and Acrobat 9.3.3 allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.

Reference

http://secunia.com/advisories/40766 http://securityevaluators.com/files/papers/CrashAnalysis.pdf http://www.us-cert.gov/cas/techalerts/TA10-231A.html http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/ https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11693