Vulnerability-Lookup

CVE-2010-2862 (GCVE-0-2010-2862)

Vulnerability from cvelistv5 – Published: 2010-08-05 18:00 – Updated: 2024-08-07 02:46

Summary

Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.

Severity ?

No CVSS data available.

CWE

Assigner

adobe

References

URL

Tags

	http://secunia.com/advisories/40766	third-party-advisoryx_refsource_SECUNIA
	http://www.us-cert.gov/cas/techalerts/TA10-231A.html	third-party-advisoryx_refsource_CERT
	http://securityevaluators.com/files/papers/CrashA…	x_refsource_MISC
	http://www.zdnet.co.uk/news/security-threats/2010…	x_refsource_MISC
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:46:48.634Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "40766",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40766"
          },
          {
            "name": "TA10-231A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-231A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/"
          },
          {
            "name": "oval:org.mitre.oval:def:11693",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-08-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "name": "40766",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40766"
        },
        {
          "name": "TA10-231A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-231A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/"
        },
        {
          "name": "oval:org.mitre.oval:def:11693",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2010-2862",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "40766",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40766"
            },
            {
              "name": "TA10-231A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-231A.html"
            },
            {
              "name": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf",
              "refsource": "MISC",
              "url": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf"
            },
            {
              "name": "http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/",
              "refsource": "MISC",
              "url": "http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/"
            },
            {
              "name": "oval:org.mitre.oval:def:11693",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2010-2862",
    "datePublished": "2010-08-05T18:00:00",
    "dateReserved": "2010-07-27T00:00:00",
    "dateUpdated": "2024-08-07T02:46:48.634Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-2862\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2010-08-05T18:17:58.087\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de entero en CoolType.dll de Adobe Reader v8.2.3 y v9.3.3, y Acrobat v9.3.3, permite a atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de fuentes TrueType con un valor maxCompositePoints grande en una tabla Maximum Profile (maxp).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E32D68D5-6A79-454B-B14F-9BC865413E3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDC2EEB6-D5EC-430F-962A-1279C9970441\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AB9BBDE-634A-47CF-BA49-67382B547900\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/40766\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityevaluators.com/files/papers/CrashAnalysis.pdf\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-231A.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/\",\"source\":\"psirt@adobe.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://secunia.com/advisories/40766\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityevaluators.com/files/papers/CrashAnalysis.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-231A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2010-ALE-012

Vulnerability from certfr_alerte - Published: 2010-08-06 - Updated: 2010-08-20

Mise à jour : l'éditeur a publié un correctif le 19 août 2010.

Une vulnérabilité affecte Adobe Reader et Adobe Acrobat. Elle permet l'exécution de code arbitraire à distance.

Description

Une vulnérabilité dans le module de traitement des polices de caractères d'Adobe Reader et d'Adobe Acrobat permet l'exécution de code arbitraire à distance.

Contournement provisoire

L'éditeur annonce un correctif pour le 19 août 2010.

En attendant, le CERTA recommande d'utiliser des logiciels alternatifs à jour.

Pour mémoire, plusieurs bonnes pratiques peuvent aider à protéger les utilisateurs :

s'assurer que les greffons de navigateur permettant d'ouvrir les fichiers PDF n'utilisent pas les logiciels faisant l'objet de cette alerte ;
désactiver l'interprétation du JavaScript ;
utiliser un compte avec des droits limités ;
de convertir les fichiers suspects au format Postscript puis de nouveau au format PDF sur une machine sas ;
de n'ouvrir que des fichiers provenant de sources vérifiées et sûres.

Ces mesures ne sont pas des garanties de protection contre cette vulnérabilité mais peuvent en limiter les impacts.

Solution

La version 9.3.4 d'Adobe Reader et Acrobat, ainsi que la version 8.2.4 d'Adobe Reader remédient à cette vulnérabilité.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Adobe Reader et Adobe Acrobat, versions 9.3.3 et antérieures, pour toutes les plateformes.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB10-17 du 19 août 2010	None	vendor-advisory
Avis CERTA-2010-AVI-394 du 20 août 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eAdobe Reader et Adobe Acrobat, versions  9.3.3 et ant\u00e9rieures, pour toutes les plateformes.\u003c/p\u003e",
  "closed_at": "2010-08-20",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans le module de traitement des polices de caract\u00e8res\nd\u0027Adobe Reader et d\u0027Adobe Acrobat permet l\u0027ex\u00e9cution de code arbitraire\n\u00e0 distance.\n\n## Contournement provisoire\n\nL\u0027\u00e9diteur annonce un correctif pour le 19 ao\u00fbt 2010.\n\nEn attendant, le CERTA recommande d\u0027utiliser des logiciels alternatifs \u00e0\njour.\n\n  \n  \n\nPour m\u00e9moire, plusieurs bonnes pratiques peuvent aider \u00e0 prot\u00e9ger les\nutilisateurs :\n\n-   s\u0027assurer que les greffons de navigateur permettant d\u0027ouvrir les\n    fichiers PDF n\u0027utilisent pas les logiciels faisant l\u0027objet de cette\n    alerte ;\n-   d\u00e9sactiver l\u0027interpr\u00e9tation du JavaScript ;\n-   utiliser un compte avec des droits limit\u00e9s ;\n-   de convertir les fichiers suspects au format Postscript puis de\n    nouveau au format PDF sur une machine sas ;\n-   de n\u0027ouvrir que des fichiers provenant de sources v\u00e9rifi\u00e9es et\n    s\u00fbres.\n\nCes mesures ne sont pas des garanties de protection contre cette\nvuln\u00e9rabilit\u00e9 mais peuvent en limiter les impacts.\n\n## Solution\n\nLa version 9.3.4 d\u0027Adobe Reader et Acrobat, ainsi que la version 8.2.4\nd\u0027Adobe Reader rem\u00e9dient \u00e0 cette vuln\u00e9rabilit\u00e9.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-2862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2862"
    }
  ],
  "initial_release_date": "2010-08-06T00:00:00",
  "last_revision_date": "2010-08-20T00:00:00",
  "links": [
    {
      "title": "Avis CERTA-2010-AVI-394 du 20 ao\u00fbt 2010 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-AVI-394/"
    }
  ],
  "reference": "CERTA-2010-ALE-012",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-08-06T00:00:00.000000"
    },
    {
      "description": "publication du correctif.",
      "revision_date": "2010-08-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Mise \u00e0 jour : l\u0027\u00e9diteur a publi\u00e9 un correctif le 19 ao\u00fbt 2010.\n\nUne vuln\u00e9rabilit\u00e9 affecte Adobe Reader et Adobe Acrobat. Elle permet\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Adobe Reader et Adobe Acrobat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB10-17 du 19 ao\u00fbt 2010",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-17.html"
    }
  ]
}

GHSA-GHWM-GWR7-M4M2

Vulnerability from github – Published: 2022-05-17 01:04 – Updated: 2025-04-11 03:37

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-2862"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-08-05T18:17:00Z",
    "severity": "HIGH"
  },
  "details": "Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.",
  "id": "GHSA-ghwm-gwr7-m4m2",
  "modified": "2025-04-11T03:37:56Z",
  "published": "2022-05-17T01:04:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2862"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/40766"
    },
    {
      "type": "WEB",
      "url": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-231A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2010-AVI-394

Vulnerability from certfr_avis - Published: 2010-08-20 - Updated: 2010-08-20

Une vulnérabilité affecte Adobe Reader et Adobe Acrobat. Elle permet l'exécution de code arbitraire à distance.

Description

Une vulnérabilité dans le module de traitement des polices de caractères d'Adobe Reader et d'Adobe Acrobat permet l'exécution de code arbitraire à distance.

Solution

La version 9.3.4 d'Adobe Reader et Acrobat, ainsi que la version 8.2.4 d'Adobe Reader remédient à cette vulnérabilité.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Adobe Reader et Adobe Acrobat, versions 9.3.3 et antérieures, pour toutes les plateformes.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB10-17 du 19 août 2010	None	vendor-advisory
Alerte CERTA-2010-ALE-012 du 20 août 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eAdobe Reader et Adobe Acrobat, versions  9.3.3 et ant\u00e9rieures, pour toutes les plateformes.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans le module de traitement des polices de caract\u00e8res\nd\u0027Adobe Reader et d\u0027Adobe Acrobat permet l\u0027ex\u00e9cution de code arbitraire\n\u00e0 distance.\n\n## Solution\n\nLa version 9.3.4 d\u0027Adobe Reader et Acrobat, ainsi que la version 8.2.4\nd\u0027Adobe Reader rem\u00e9dient \u00e0 cette vuln\u00e9rabilit\u00e9.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-2862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2862"
    }
  ],
  "initial_release_date": "2010-08-20T00:00:00",
  "last_revision_date": "2010-08-20T00:00:00",
  "links": [
    {
      "title": "Alerte CERTA-2010-ALE-012 du 20 ao\u00fbt 2010 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-ALE-012/"
    }
  ],
  "reference": "CERTA-2010-AVI-394",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-08-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 affecte Adobe Reader et Adobe Acrobat. Elle permet\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Adobe Acrobat et Reader",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB10-17 du 19 ao\u00fbt 2010",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-17.html"
    }
  ]
}

GSD-2010-2862

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-2862

Aliases

CVE-2010-2862

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-2862",
    "description": "Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.",
    "id": "GSD-2010-2862",
    "references": [
      "https://www.suse.com/security/cve/CVE-2010-2862.html",
      "https://access.redhat.com/errata/RHSA-2010:0636"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-2862"
      ],
      "details": "Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.",
      "id": "GSD-2010-2862",
      "modified": "2023-12-13T01:21:30.933391Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2010-2862",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "40766",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/40766"
          },
          {
            "name": "TA10-231A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-231A.html"
          },
          {
            "name": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf",
            "refsource": "MISC",
            "url": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf"
          },
          {
            "name": "http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/",
            "refsource": "MISC",
            "url": "http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/"
          },
          {
            "name": "oval:org.mitre.oval:def:11693",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2010-2862"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-189"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "40766",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/40766"
            },
            {
              "name": "http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/"
            },
            {
              "name": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf",
              "refsource": "MISC",
              "tags": [],
              "url": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf"
            },
            {
              "name": "TA10-231A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-231A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:11693",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-09-19T01:31Z",
      "publishedDate": "2010-08-05T18:17Z"
    }
  }
}

RHSA-2010:0636

Vulnerability from csaf_redhat - Published: 2010-08-20 11:40 - Updated: 2026-01-08 09:24

Summary

Red Hat Security Advisory: acroread security update

Notes

Topic

Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Details

Adobe Reader allows users to view and print documents in Portable Document Format (PDF). This update fixes a vulnerability in Adobe Reader. This vulnerability is detailed on the Adobe security page APSB10-17, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2010-2862) Multiple security flaws were found in Adobe Flash Player embedded in Adobe Reader. These vulnerabilities are detailed on the Adobe security page APSB10-16, listed in the References section. A PDF file with embedded specially-crafted SWF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2010-0209, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.3.4, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated acroread packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise\nLinux 5 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nThis update fixes a vulnerability in Adobe Reader. This vulnerability is\ndetailed on the Adobe security page APSB10-17, listed in the References\nsection. A specially-crafted PDF file could cause Adobe Reader to crash or,\npotentially, execute arbitrary code as the user running Adobe Reader when\nopened. (CVE-2010-2862)\n\nMultiple security flaws were found in Adobe Flash Player embedded in Adobe\nReader. These vulnerabilities are detailed on the Adobe security page\nAPSB10-16, listed in the References section. A PDF file with embedded\nspecially-crafted SWF file could cause Adobe Reader to crash or,\npotentially, execute arbitrary code as the user running Adobe Reader when\nopened. (CVE-2010-0209, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215,\nCVE-2010-2216)\n\nAll Adobe Reader users should install these updated packages. They contain\nAdobe Reader version 9.3.4, which is not vulnerable to these issues. All\nrunning instances of Adobe Reader must be restarted for the update to take\neffect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2010:0636",
        "url": "https://access.redhat.com/errata/RHSA-2010:0636"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb10-16.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb10-16.html"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb10-17.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb10-17.html"
      },
      {
        "category": "external",
        "summary": "621687",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=621687"
      },
      {
        "category": "external",
        "summary": "622947",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=622947"
      },
      {
        "category": "external",
        "summary": "624838",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=624838"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0636.json"
      }
    ],
    "title": "Red Hat Security Advisory: acroread security update",
    "tracking": {
      "current_release_date": "2026-01-08T09:24:02+00:00",
      "generator": {
        "date": "2026-01-08T09:24:02+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.14"
        }
      },
      "id": "RHSA-2010:0636",
      "initial_release_date": "2010-08-20T11:40:00+00:00",
      "revision_history": [
        {
          "date": "2010-08-20T11:40:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2010-08-20T08:09:32+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-01-08T09:24:02+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4 Extras",
                  "product_id": "4AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "4Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4 Extras",
                  "product_id": "4ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4 Extras",
                  "product_id": "4WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "acroread-plugin-0:9.3.4-1.el4.i386",
                "product": {
                  "name": "acroread-plugin-0:9.3.4-1.el4.i386",
                  "product_id": "acroread-plugin-0:9.3.4-1.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread-plugin@9.3.4-1.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-0:9.3.4-1.el4.i386",
                "product": {
                  "name": "acroread-0:9.3.4-1.el4.i386",
                  "product_id": "acroread-0:9.3.4-1.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread@9.3.4-1.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-plugin-0:9.3.4-1.el5.i386",
                "product": {
                  "name": "acroread-plugin-0:9.3.4-1.el5.i386",
                  "product_id": "acroread-plugin-0:9.3.4-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread-plugin@9.3.4-1.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-0:9.3.4-1.el5.i386",
                "product": {
                  "name": "acroread-0:9.3.4-1.el5.i386",
                  "product_id": "acroread-0:9.3.4-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread@9.3.4-1.el5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:9.3.4-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:acroread-0:9.3.4-1.el4.i386"
        },
        "product_reference": "acroread-0:9.3.4-1.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:9.3.4-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386"
        },
        "product_reference": "acroread-plugin-0:9.3.4-1.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:9.3.4-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:acroread-0:9.3.4-1.el4.i386"
        },
        "product_reference": "acroread-0:9.3.4-1.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:9.3.4-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386"
        },
        "product_reference": "acroread-plugin-0:9.3.4-1.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:9.3.4-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:acroread-0:9.3.4-1.el4.i386"
        },
        "product_reference": "acroread-0:9.3.4-1.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:9.3.4-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386"
        },
        "product_reference": "acroread-plugin-0:9.3.4-1.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:9.3.4-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:acroread-0:9.3.4-1.el4.i386"
        },
        "product_reference": "acroread-0:9.3.4-1.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:9.3.4-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386"
        },
        "product_reference": "acroread-plugin-0:9.3.4-1.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:9.3.4-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:acroread-0:9.3.4-1.el5.i386"
        },
        "product_reference": "acroread-0:9.3.4-1.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:9.3.4-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
        },
        "product_reference": "acroread-plugin-0:9.3.4-1.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:9.3.4-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:acroread-0:9.3.4-1.el5.i386"
        },
        "product_reference": "acroread-0:9.3.4-1.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:9.3.4-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
        },
        "product_reference": "acroread-plugin-0:9.3.4-1.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2010-0209",
      "discovery_date": "2010-08-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "622947"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "No description is available for this CVE.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple security flaws (APSB10-16)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-LACD:acroread-0:9.3.4-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
          "4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
          "4ES-LACD:acroread-0:9.3.4-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
          "4WS-LACD:acroread-0:9.3.4-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
          "5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
          "5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-0209"
        },
        {
          "category": "external",
          "summary": "RHBZ#622947",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=622947"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0209",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-0209"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0209",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0209"
        }
      ],
      "release_date": "2010-08-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-20T11:40:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-LACD:acroread-0:9.3.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4ES-LACD:acroread-0:9.3.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4WS-LACD:acroread-0:9.3.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0636"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-LACD:acroread-0:9.3.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4ES-LACD:acroread-0:9.3.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4WS-LACD:acroread-0:9.3.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple security flaws (APSB10-16)"
    },
    {
      "cve": "CVE-2010-2213",
      "discovery_date": "2010-08-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "622947"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2214, and CVE-2010-2216.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple security flaws (APSB10-16)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-LACD:acroread-0:9.3.4-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
          "4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
          "4ES-LACD:acroread-0:9.3.4-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
          "4WS-LACD:acroread-0:9.3.4-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
          "5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
          "5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-2213"
        },
        {
          "category": "external",
          "summary": "RHBZ#622947",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=622947"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-2213",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-2213"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2213",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2213"
        }
      ],
      "release_date": "2010-08-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-20T11:40:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-LACD:acroread-0:9.3.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4ES-LACD:acroread-0:9.3.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4WS-LACD:acroread-0:9.3.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0636"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-LACD:acroread-0:9.3.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4ES-LACD:acroread-0:9.3.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4WS-LACD:acroread-0:9.3.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple security flaws (APSB10-16)"
    },
    {
      "cve": "CVE-2010-2214",
      "discovery_date": "2010-08-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "622947"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2216.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple security flaws (APSB10-16)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-LACD:acroread-0:9.3.4-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
          "4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
          "4ES-LACD:acroread-0:9.3.4-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
          "4WS-LACD:acroread-0:9.3.4-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
          "5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
          "5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-2214"
        },
        {
          "category": "external",
          "summary": "RHBZ#622947",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=622947"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-2214",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-2214"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2214",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2214"
        }
      ],
      "release_date": "2010-08-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-20T11:40:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-LACD:acroread-0:9.3.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4ES-LACD:acroread-0:9.3.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4WS-LACD:acroread-0:9.3.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0636"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-LACD:acroread-0:9.3.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4ES-LACD:acroread-0:9.3.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4WS-LACD:acroread-0:9.3.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple security flaws (APSB10-16)"
    },
    {
      "cve": "CVE-2010-2215",
      "discovery_date": "2010-08-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "622947"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a \"click-jacking\" issue.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple security flaws (APSB10-16)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-LACD:acroread-0:9.3.4-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
          "4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
          "4ES-LACD:acroread-0:9.3.4-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
          "4WS-LACD:acroread-0:9.3.4-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
          "5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
          "5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-2215"
        },
        {
          "category": "external",
          "summary": "RHBZ#622947",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=622947"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-2215",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-2215"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2215",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2215"
        }
      ],
      "release_date": "2010-08-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-20T11:40:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-LACD:acroread-0:9.3.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4ES-LACD:acroread-0:9.3.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4WS-LACD:acroread-0:9.3.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0636"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-LACD:acroread-0:9.3.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4ES-LACD:acroread-0:9.3.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4WS-LACD:acroread-0:9.3.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple security flaws (APSB10-16)"
    },
    {
      "cve": "CVE-2010-2216",
      "discovery_date": "2010-08-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "622947"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2214.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple security flaws (APSB10-16)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-LACD:acroread-0:9.3.4-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
          "4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
          "4ES-LACD:acroread-0:9.3.4-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
          "4WS-LACD:acroread-0:9.3.4-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
          "5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
          "5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-2216"
        },
        {
          "category": "external",
          "summary": "RHBZ#622947",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=622947"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-2216",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-2216"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2216",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2216"
        }
      ],
      "release_date": "2010-08-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-20T11:40:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-LACD:acroread-0:9.3.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4ES-LACD:acroread-0:9.3.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4WS-LACD:acroread-0:9.3.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0636"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-LACD:acroread-0:9.3.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4ES-LACD:acroread-0:9.3.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4WS-LACD:acroread-0:9.3.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple security flaws (APSB10-16)"
    },
    {
      "cve": "CVE-2010-2862",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2010-08-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "621687"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "acroread: integer overflow flaw allows remote arbitrary code execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-LACD:acroread-0:9.3.4-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
          "4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
          "4ES-LACD:acroread-0:9.3.4-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
          "4WS-LACD:acroread-0:9.3.4-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
          "5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
          "5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-2862"
        },
        {
          "category": "external",
          "summary": "RHBZ#621687",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=621687"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-2862",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-2862"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2862",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2862"
        }
      ],
      "release_date": "2010-08-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-20T11:40:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-LACD:acroread-0:9.3.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4ES-LACD:acroread-0:9.3.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4WS-LACD:acroread-0:9.3.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0636"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-LACD:acroread-0:9.3.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4ES-LACD:acroread-0:9.3.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "4WS-LACD:acroread-0:9.3.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "acroread: integer overflow flaw allows remote arbitrary code execution"
    }
  ]
}

FKIE_CVE-2010-2862

Vulnerability from fkie_nvd - Published: 2010-08-05 18:17 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
psirt@adobe.com	http://secunia.com/advisories/40766	Vendor Advisory
psirt@adobe.com	http://securityevaluators.com/files/papers/CrashAnalysis.pdf
psirt@adobe.com	http://www.us-cert.gov/cas/techalerts/TA10-231A.html	US Government Resource
psirt@adobe.com	http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/40766	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityevaluators.com/files/papers/CrashAnalysis.pdf
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA10-231A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693

Impacted products

Vendor	Product	Version
adobe	acrobat_reader	8.2.3
adobe	acrobat_reader	9.3.3
adobe	acrobat	9.3.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E32D68D5-6A79-454B-B14F-9BC865413E3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC2EEB6-D5EC-430F-962A-1279C9970441",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AB9BBDE-634A-47CF-BA49-67382B547900",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de entero en CoolType.dll de Adobe Reader v8.2.3 y v9.3.3, y Acrobat v9.3.3, permite a atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de fuentes TrueType con un valor maxCompositePoints grande en una tabla Maximum Profile (maxp)."
    }
  ],
  "id": "CVE-2010-2862",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-08-05T18:17:58.087",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40766"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-231A.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40766"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-231A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-2862 (GCVE-0-2010-2862)

CERTA-2010-ALE-012

Description

Contournement provisoire

Solution

GHSA-GHWM-GWR7-M4M2

CERTA-2010-AVI-394

Description

Solution

GSD-2010-2862

RHSA-2010:0636

FKIE_CVE-2010-2862

Tags

Sightings

Nomenclature