CVE-2010-2883 Information

Description

Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4 and 8.x before 8.2.5 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.

Reference

http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html http://community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspx http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://secunia.com/advisories/41340 http://secunia.com/advisories/43025 http://security.gentoo.org/glsa/glsa-201101-08.xml http://www.adobe.com/support/security/advisories/apsa10-02.html http://www.adobe.com/support/security/bulletins/apsb10-21.html http://www.kb.cert.org/vuls/id/491991 http://www.redhat.com/support/errata/RHSA-2010-0743.html http://www.securityfocus.com/bid/43057 http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt http://www.us-cert.gov/cas/techalerts/TA10-279A.html http://www.vupen.com/english/advisories/2010/2331 http://www.vupen.com/english/advisories/2011/0191 http://www.vupen.com/english/advisories/2011/0344 https://exchange.xforce.ibmcloud.com/vulnerabilities/61635 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11586