Vulnerability-Lookup

CVE-2010-4091 (GCVE-0-2010-4091)

Vulnerability from cvelistv5 – Published: 2010-11-07 21:00 – Updated: 2024-08-07 03:34

Summary

The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.

Severity ?

No CVSS data available.

CWE

Assigner

adobe

References

URL

Tags

	http://secunia.com/advisories/42095	third-party-advisoryx_refsource_SECUNIA
	http://osvdb.org/69005	vdb-entryx_refsource_OSVDB
	http://www.vupen.com/english/advisories/2011/0191	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/43025	third-party-advisoryx_refsource_SECUNIA
	http://blogs.adobe.com/psirt/2010/11/potential-is…	x_refsource_MISC
	http://www.vupen.com/english/advisories/2010/3111	vdb-entryx_refsource_VUPEN
	http://www.vupen.com/english/advisories/2010/2890	vdb-entryx_refsource_VUPEN
	http://security.gentoo.org/glsa/glsa-201101-08.xml	vendor-advisoryx_refsource_GENTOO
	http://www.securityfocus.com/bid/44638	vdb-entryx_refsource_BID
	http://www.redhat.com/support/errata/RHSA-2010-09…	vendor-advisoryx_refsource_REDHAT
	http://archives.neohapsis.com/archives/fulldisclo…	mailing-listx_refsource_FULLDISC
	http://www.vupen.com/english/advisories/2011/0337	vdb-entryx_refsource_VUPEN
	http://www.securitytracker.com/id?1025033	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/42401	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id?1024684	vdb-entryx_refsource_SECTRACK
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.exploit-db.com/exploits/15419	exploitx_refsource_EXPLOIT-DB
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
	http://extraexploit.blogspot.com/2010/11/full-dis…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:34:37.763Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "42095",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42095"
          },
          {
            "name": "69005",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/69005"
          },
          {
            "name": "ADV-2011-0191",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0191"
          },
          {
            "name": "43025",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43025"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html"
          },
          {
            "name": "ADV-2010-3111",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3111"
          },
          {
            "name": "ADV-2010-2890",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2890"
          },
          {
            "name": "GLSA-201101-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201101-08.xml"
          },
          {
            "name": "44638",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/44638"
          },
          {
            "name": "RHSA-2010:0934",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0934.html"
          },
          {
            "name": "20101103 [0dayz] Acrobat Reader Memory Corruption Remote Arbitrary Code Execution",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.html"
          },
          {
            "name": "ADV-2011-0337",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0337"
          },
          {
            "name": "1025033",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025033"
          },
          {
            "name": "42401",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42401"
          },
          {
            "name": "1024684",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024684"
          },
          {
            "name": "oval:org.mitre.oval:def:12527",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12527"
          },
          {
            "name": "15419",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/15419"
          },
          {
            "name": "adobe-reader-pdf-file-ce(62996)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62996"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb10-28.html"
          },
          {
            "name": "SUSE-SA:2010:058",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-11-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "name": "42095",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42095"
        },
        {
          "name": "69005",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/69005"
        },
        {
          "name": "ADV-2011-0191",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0191"
        },
        {
          "name": "43025",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43025"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html"
        },
        {
          "name": "ADV-2010-3111",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3111"
        },
        {
          "name": "ADV-2010-2890",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2890"
        },
        {
          "name": "GLSA-201101-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201101-08.xml"
        },
        {
          "name": "44638",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/44638"
        },
        {
          "name": "RHSA-2010:0934",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0934.html"
        },
        {
          "name": "20101103 [0dayz] Acrobat Reader Memory Corruption Remote Arbitrary Code Execution",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.html"
        },
        {
          "name": "ADV-2011-0337",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0337"
        },
        {
          "name": "1025033",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025033"
        },
        {
          "name": "42401",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42401"
        },
        {
          "name": "1024684",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024684"
        },
        {
          "name": "oval:org.mitre.oval:def:12527",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12527"
        },
        {
          "name": "15419",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/15419"
        },
        {
          "name": "adobe-reader-pdf-file-ce(62996)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62996"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb10-28.html"
        },
        {
          "name": "SUSE-SA:2010:058",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2010-4091",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "42095",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42095"
            },
            {
              "name": "69005",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/69005"
            },
            {
              "name": "ADV-2011-0191",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0191"
            },
            {
              "name": "43025",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43025"
            },
            {
              "name": "http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html",
              "refsource": "MISC",
              "url": "http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html"
            },
            {
              "name": "ADV-2010-3111",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/3111"
            },
            {
              "name": "ADV-2010-2890",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2890"
            },
            {
              "name": "GLSA-201101-08",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201101-08.xml"
            },
            {
              "name": "44638",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/44638"
            },
            {
              "name": "RHSA-2010:0934",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0934.html"
            },
            {
              "name": "20101103 [0dayz] Acrobat Reader Memory Corruption Remote Arbitrary Code Execution",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.html"
            },
            {
              "name": "ADV-2011-0337",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0337"
            },
            {
              "name": "1025033",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025033"
            },
            {
              "name": "42401",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42401"
            },
            {
              "name": "1024684",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024684"
            },
            {
              "name": "oval:org.mitre.oval:def:12527",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12527"
            },
            {
              "name": "15419",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/15419"
            },
            {
              "name": "adobe-reader-pdf-file-ce(62996)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62996"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb10-28.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb10-28.html"
            },
            {
              "name": "SUSE-SA:2010:058",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
            },
            {
              "name": "http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html",
              "refsource": "MISC",
              "url": "http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2010-4091",
    "datePublished": "2010-11-07T21:00:00.000Z",
    "dateReserved": "2010-10-25T00:00:00.000Z",
    "dateUpdated": "2024-08-07T03:34:37.763Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2011-AVI-076

Vulnerability from certfr_avis - Published: 2011-02-09 - Updated: 2011-02-09

De multiples vulnérabilités ont été corrigées dans Adobe Reader et Adobe Acrobat. Certaines d'entre elles permettent l'exécution de code arbitraire à distance.

Description

Sur les 29 vulnérabilités corrigées, 27 d'entre-elles permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance. Les autres permettent de l'injection de code indirecte à distance. Les vulnérabilités affectent différents modules, comme la gestion de l'affichage d'images ou de rendu 3D. Une personne malveillante peut les exploiter avec un fichier PDF spécialement conçu, qui sera ouvert par la victime.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	Acrobat	Adobe Acrobat X (10.0) pour systèmes Windows et Macintosh.
Adobe	Acrobat	Adobe Reader 9.4.1 et versions antérieures pour systèmes Windows, Macintosh et Unix ;
Adobe	Acrobat	Adobe Reader X (10.0) pour systèmes Windows et Macintosh ;

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe apsb11-03 du 09 février 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Acrobat X (10.0) pour syst\u00e8mes Windows et Macintosh.",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Reader 9.4.1 et versions ant\u00e9rieures pour syst\u00e8mes Windows, Macintosh et Unix ;",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Reader X (10.0) pour syst\u00e8mes Windows et Macintosh ;",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nSur les 29 vuln\u00e9rabilit\u00e9s corrig\u00e9es, 27 d\u0027entre-elles permettent \u00e0 un\nutilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance. Les\nautres permettent de l\u0027injection de code indirecte \u00e0 distance. Les\nvuln\u00e9rabilit\u00e9s affectent diff\u00e9rents modules, comme la gestion de\nl\u0027affichage d\u0027images ou de rendu 3D. Une personne malveillante peut les\nexploiter avec un fichier PDF sp\u00e9cialement con\u00e7u, qui sera ouvert par la\nvictime.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0591"
    },
    {
      "name": "CVE-2011-0600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0600"
    },
    {
      "name": "CVE-2011-0567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0567"
    },
    {
      "name": "CVE-2011-0605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0605"
    },
    {
      "name": "CVE-2011-0594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0594"
    },
    {
      "name": "CVE-2011-0568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0568"
    },
    {
      "name": "CVE-2011-0564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0564"
    },
    {
      "name": "CVE-2011-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0590"
    },
    {
      "name": "CVE-2011-0586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0586"
    },
    {
      "name": "CVE-2011-0596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0596"
    },
    {
      "name": "CVE-2011-0589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0589"
    },
    {
      "name": "CVE-2011-0606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0606"
    },
    {
      "name": "CVE-2011-0588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0588"
    },
    {
      "name": "CVE-2011-0598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0598"
    },
    {
      "name": "CVE-2011-0566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0566"
    },
    {
      "name": "CVE-2011-0585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0585"
    },
    {
      "name": "CVE-2011-0563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0563"
    },
    {
      "name": "CVE-2011-0602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0602"
    },
    {
      "name": "CVE-2011-0587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0587"
    },
    {
      "name": "CVE-2011-0593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0593"
    },
    {
      "name": "CVE-2011-0599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0599"
    },
    {
      "name": "CVE-2011-0595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0595"
    },
    {
      "name": "CVE-2011-0565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0565"
    },
    {
      "name": "CVE-2011-0570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0570"
    },
    {
      "name": "CVE-2010-4091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4091"
    },
    {
      "name": "CVE-2011-0603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0603"
    },
    {
      "name": "CVE-2011-0604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0604"
    },
    {
      "name": "CVE-2011-0562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0562"
    },
    {
      "name": "CVE-2011-0592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0592"
    }
  ],
  "initial_release_date": "2011-02-09T00:00:00",
  "last_revision_date": "2011-02-09T00:00:00",
  "links": [],
  "reference": "CERTA-2011-AVI-076",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-02-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Adobe Reader et Adobe\nAcrobat. Certaines d\u0027entre elles permettent l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Reader et Adobe Acrobat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb11-03 du 09 f\u00e9vrier 2011",
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
    }
  ]
}

CERTA-2010-AVI-551

Vulnerability from certfr_avis - Published: 2010-11-17 - Updated: 2010-11-17

Deux vulnérabilités dans Adobe Reader et Acrobat permettent à un utilisateur malveillant d'exécuter du code arbitraire. Leur exploitation peut se faire à distance par l'intermédiaire des greffons dans les navigateurs.

Description

Deux vulnérabilités permettent à un utilisateur malveillant d'exécuter du code arbitraire :

une corruption de la mémoire affecte uniquement les versions 9.x d'Adobe Reader et d'Acrobat ;
une autre corruption de la mémoire n'affecte qu'Adobe Reader.

L'exploitation de ces vulnérabilités peut se faire à distance par l'intermédiaire des greffons dans les navigateurs.

Solution

La version 9.4.1 des deux logiciels remédie à ces problèmes.

Le correctif pour Acrobat sur Unix sera publié le 30 novembre 2010.

Le correctif pour la version 8 sera publié ultérieurement.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Adobe	Acrobat	Adobe Reader et Acrobat 9.x à partir de la version 9.2 pour les systèmes UNIX.
	Adobe	Acrobat	Adobe Reader et Acrobat 9.x à partir de la version 9.2 et 8.x à partir de la version 8.1.7, pour les systèmes Windows et Macintosh ;

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe apsb10-28 du 16 novembre 2010	None	vendor-advisory
Document du CERTA CERTA-2010-ALE-020 du 17 novembre 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Reader et Acrobat 9.x \u00e0 partir de la version 9.2 pour les syst\u00e8mes UNIX.",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Reader et Acrobat 9.x \u00e0 partir de la version 9.2 et 8.x \u00e0 partir de la version 8.1.7, pour les syst\u00e8mes Windows et Macintosh ;",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s permettent \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter\ndu code arbitraire\u00a0:\n\n-   une corruption de la m\u00e9moire affecte uniquement les versions 9.x\n    d\u0027Adobe Reader et d\u0027Acrobat\u00a0;\n-   une autre corruption de la m\u00e9moire n\u0027affecte qu\u0027Adobe Reader.\n\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s peut se faire \u00e0 distance par\nl\u0027interm\u00e9diaire des greffons dans les navigateurs.\n\n## Solution\n\nLa version 9.4.1 des deux logiciels rem\u00e9die \u00e0 ces probl\u00e8mes.\n\nLe correctif pour Acrobat sur Unix sera publi\u00e9 le 30 novembre 2010.\n\nLe correctif pour la version 8 sera publi\u00e9 ult\u00e9rieurement.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-3654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3654"
    },
    {
      "name": "CVE-2010-4091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4091"
    }
  ],
  "initial_release_date": "2010-11-17T00:00:00",
  "last_revision_date": "2010-11-17T00:00:00",
  "links": [
    {
      "title": "Document du CERTA CERTA-2010-ALE-020 du 17 novembre 2010 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-ALE-020/index.html"
    }
  ],
  "reference": "CERTA-2010-AVI-551",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-11-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s dans Adobe Reader et Acrobat permettent \u00e0 un\nutilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire. Leur exploitation\npeut se faire \u00e0 distance par l\u0027interm\u00e9diaire des greffons dans les\nnavigateurs.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Adobe Reader et Acrobat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb10-28 du 16 novembre 2010",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-28.html"
    }
  ]
}

FKIE_CVE-2010-4091

Vulnerability from fkie_nvd - Published: 2010-11-07 22:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
psirt@adobe.com	http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.html	Exploit
psirt@adobe.com	http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html
psirt@adobe.com	http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html
psirt@adobe.com	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html
psirt@adobe.com	http://osvdb.org/69005
psirt@adobe.com	http://secunia.com/advisories/42095	Vendor Advisory
psirt@adobe.com	http://secunia.com/advisories/42401	Vendor Advisory
psirt@adobe.com	http://secunia.com/advisories/43025	Vendor Advisory
psirt@adobe.com	http://security.gentoo.org/glsa/glsa-201101-08.xml
psirt@adobe.com	http://www.adobe.com/support/security/bulletins/apsb10-28.html	Patch, Vendor Advisory
psirt@adobe.com	http://www.adobe.com/support/security/bulletins/apsb11-03.html
psirt@adobe.com	http://www.exploit-db.com/exploits/15419	Exploit
psirt@adobe.com	http://www.redhat.com/support/errata/RHSA-2010-0934.html
psirt@adobe.com	http://www.securityfocus.com/bid/44638
psirt@adobe.com	http://www.securitytracker.com/id?1024684
psirt@adobe.com	http://www.securitytracker.com/id?1025033
psirt@adobe.com	http://www.vupen.com/english/advisories/2010/2890	Vendor Advisory
psirt@adobe.com	http://www.vupen.com/english/advisories/2010/3111	Vendor Advisory
psirt@adobe.com	http://www.vupen.com/english/advisories/2011/0191	Vendor Advisory
psirt@adobe.com	http://www.vupen.com/english/advisories/2011/0337	Vendor Advisory
psirt@adobe.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/62996
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12527
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html
af854a3a-2127-422b-91ae-364da2661108	http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/69005
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42095	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42401	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43025	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201101-08.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb10-28.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb11-03.html
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/15419	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2010-0934.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/44638
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024684
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1025033
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2890	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/3111	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0191	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0337	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/62996
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12527

Impacted products

Vendor	Product	Version
adobe	acrobat_reader	8.0
adobe	acrobat_reader	8.1
adobe	acrobat_reader	8.1.1
adobe	acrobat_reader	8.1.2
adobe	acrobat_reader	8.1.4
adobe	acrobat_reader	8.1.5
adobe	acrobat_reader	8.1.6
adobe	acrobat_reader	8.1.7
adobe	acrobat_reader	8.2
adobe	acrobat_reader	8.2.1
adobe	acrobat_reader	8.2.2
adobe	acrobat_reader	8.2.3
adobe	acrobat_reader	8.2.4
adobe	acrobat_reader	9.0
adobe	acrobat_reader	9.1
adobe	acrobat_reader	9.1.1
adobe	acrobat_reader	9.1.2
adobe	acrobat_reader	9.1.3
adobe	acrobat_reader	9.2
adobe	acrobat_reader	9.3
adobe	acrobat_reader	9.3.1
adobe	acrobat_reader	9.3.2
adobe	acrobat_reader	9.3.3
adobe	acrobat_reader	9.3.4
adobe	acrobat_reader	9.4
adobe	acrobat_reader	10.0
apple	mac_os_x	*
microsoft	windows	*
adobe	acrobat	8.0
adobe	acrobat	8.1
adobe	acrobat	8.1.1
adobe	acrobat	8.1.2
adobe	acrobat	8.1.3
adobe	acrobat	8.1.4
adobe	acrobat	8.1.5
adobe	acrobat	8.1.6
adobe	acrobat	8.1.7
adobe	acrobat	8.2
adobe	acrobat	8.2.1
adobe	acrobat	8.2.2
adobe	acrobat	8.2.3
adobe	acrobat	8.2.4
adobe	acrobat	9.0
adobe	acrobat	9.1
adobe	acrobat	9.1.1
adobe	acrobat	9.1.2
adobe	acrobat	9.1.3
adobe	acrobat	9.2
adobe	acrobat	9.3
adobe	acrobat	9.3.1
adobe	acrobat	9.3.2
adobe	acrobat	9.3.3
adobe	acrobat	9.3.4
adobe	acrobat	9.4
adobe	acrobat	10.0
apple	mac_os_x	*
microsoft	windows	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "996EB48E-D2A8-49E4-915A-EBDE26A9FB94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97E20936-EE31-4CEB-A710-3165A28BAD69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BD9952C-A1D0-4DFB-A292-9B86D7EAE5FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5BEA847-A71E-4336-AB67-B3C38847C1C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "39F6994B-6969-485B-9286-2592B11A47BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC533775-B52E-43F0-BF19-1473BE36232D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "18D1C85E-42CC-46F2-A7B6-DAC3C3995330",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4670451-511E-496C-A78A-887366E1E992",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A2A4F62-7AB5-4134-9A65-4B4E1EA262A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "35994F76-CD13-4301-9134-FC0CBEA37D97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FB61191-F955-4DE6-A86B-36E031DE1F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E32D68D5-6A79-454B-B14F-9BC865413E3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A57581C-A139-41C3-B9DB-0C4CFA7A1BB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "562772F1-1627-438E-A6B8-7D1AA5536086",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "27D5AF92-A8E1-41BD-B20A-EB26BB6AD4DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F25C9167-C6D4-4264-9197-50878EDA2D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD1D7308-09E9-42B2-8836-DC2326C62A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5C251D2-4C9B-4029-8BED-0FCAED3B8E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2432AC17-5378-4C61-A775-5172FD44EC03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6BA82F4-470D-4A46-89B2-D2F3C8FA31C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "39EDED39-664F-4B68-B422-2CCCA3B83550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:9.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B508C5CE-1386-47B3-B301-B78DBB3A75D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC2EEB6-D5EC-430F-962A-1279C9970441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:9.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DC590C7-5BDE-4E46-9605-01E95B17F01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCFE67F4-6907-4967-96A3-1757EADA72BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9731EFE2-A5BE-4389-A92D-DDC573633B6C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "26AE76F7-D7F6-4AF2-A5C6-708B5642C288",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "749FFB51-65D4-4A4B-95F3-742440276897",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8665E53-EC1E-4B95-9064-2565BC12113E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "24218FDA-F9DA-465A-B5D5-76A55C7EE04E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2C5F1C5-85CD-47B9-897F-E51D6902AF72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0E190FF-3EBC-44AB-8072-4D964E843E8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A624D44-C135-4ED3-9BA4-F4F8A044850B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B95C0A99-42E4-40A9-BF61-507E4E4DC052",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B9F55CC-3681-4A67-99D1-3F40447392D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9C0AC89-804B-44A1-929A-118993B6BAA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "39B174C3-1BA6-4654-BFA4-CC126454E147",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ACDAA2B-3977-4590-9F16-5DDB6FF6545B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB7C4E07-0909-4114-BBFB-92626AFC49BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7832B75B-7868-44DE-A9A4-CBD9CC117DB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AA53564-9ACD-4CFB-9AAC-A77440026A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7EC46E3-77B7-4455-B3E0-A45C6B69B3DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F475858-DCE2-4C93-A51A-04718DF17593",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88687272-4CD0-42A2-B727-C322ABDE3549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E5C4FA4-3786-47AF-BD7D-8E75927EB3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B35CC915-EEE3-4E86-9E09-1893C725E07B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "76201694-E5C5-4CA3-8919-46937AFDAAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:9.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "397AB988-1C2C-4247-9B34-806094197CB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:9.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA0B8C3-8060-4685-A241-9852BD63B7A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AB9BBDE-634A-47CF-BA49-67382B547900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:9.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F56B1726-4F05-4732-9D8B-077EF593EAEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A258374F-55CB-48D2-9094-CD70E1288F60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B57C5136-7853-478B-A342-6013528B41B4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "El plugin EScript.api en Adobe Reader y Acrobat versi\u00f3n 10.x anterior a 10.0.1, versi\u00f3n 9.x anterior a 9.4.1 y versi\u00f3n 8.x anterior a 8.2.6 en Windows y Mac OS X, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) por medio de un documento PDF creado que desencadena una corrupci\u00f3n de memoria, que involucran a la funci\u00f3n printSeps. NOTA: algunos de estos datos se consiguen de la informaci\u00f3n de terceros."
    }
  ],
  "id": "CVE-2010-4091",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-11-07T22:00:03.410",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://osvdb.org/69005"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42095"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42401"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43025"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://security.gentoo.org/glsa/glsa-201101-08.xml"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-28.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/15419"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0934.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securityfocus.com/bid/44638"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securitytracker.com/id?1024684"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securitytracker.com/id?1025033"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2890"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/3111"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0191"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0337"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62996"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12527"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/69005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42401"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201101-08.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-28.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/15419"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0934.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/44638"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024684"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025033"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2890"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/3111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0337"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62996"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12527"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2010-4091

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-4091

Aliases

CVE-2010-4091

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-4091",
    "description": "The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.",
    "id": "GSD-2010-4091",
    "references": [
      "https://www.suse.com/security/cve/CVE-2010-4091.html",
      "https://access.redhat.com/errata/RHSA-2010:0934"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-4091"
      ],
      "details": "The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.",
      "id": "GSD-2010-4091",
      "modified": "2023-12-13T01:21:29.653714Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2010-4091",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "42095",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/42095"
          },
          {
            "name": "69005",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/69005"
          },
          {
            "name": "ADV-2011-0191",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0191"
          },
          {
            "name": "43025",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/43025"
          },
          {
            "name": "http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html",
            "refsource": "MISC",
            "url": "http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html"
          },
          {
            "name": "ADV-2010-3111",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/3111"
          },
          {
            "name": "ADV-2010-2890",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/2890"
          },
          {
            "name": "GLSA-201101-08",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-201101-08.xml"
          },
          {
            "name": "44638",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/44638"
          },
          {
            "name": "RHSA-2010:0934",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0934.html"
          },
          {
            "name": "20101103 [0dayz] Acrobat Reader Memory Corruption Remote Arbitrary Code Execution",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.html"
          },
          {
            "name": "ADV-2011-0337",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0337"
          },
          {
            "name": "1025033",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1025033"
          },
          {
            "name": "42401",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/42401"
          },
          {
            "name": "1024684",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1024684"
          },
          {
            "name": "oval:org.mitre.oval:def:12527",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12527"
          },
          {
            "name": "15419",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/15419"
          },
          {
            "name": "adobe-reader-pdf-file-ce(62996)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62996"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb10-28.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb10-28.html"
          },
          {
            "name": "SUSE-SA:2010:058",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
          },
          {
            "name": "http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html",
            "refsource": "MISC",
            "url": "http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.2.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.2.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2010-4091"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "42095",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/42095"
            },
            {
              "name": "15419",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.exploit-db.com/exploits/15419"
            },
            {
              "name": "http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html"
            },
            {
              "name": "ADV-2010-2890",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/2890"
            },
            {
              "name": "44638",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/44638"
            },
            {
              "name": "20101103 [0dayz] Acrobat Reader Memory Corruption Remote Arbitrary Code Execution",
              "refsource": "FULLDISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.html"
            },
            {
              "name": "http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html"
            },
            {
              "name": "69005",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/69005"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb10-28.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.adobe.com/support/security/bulletins/apsb10-28.html"
            },
            {
              "name": "RHSA-2010:0934",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0934.html"
            },
            {
              "name": "1024684",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1024684"
            },
            {
              "name": "42401",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/42401"
            },
            {
              "name": "ADV-2010-3111",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/3111"
            },
            {
              "name": "SUSE-SA:2010:058",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html"
            },
            {
              "name": "GLSA-201101-08",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-201101-08.xml"
            },
            {
              "name": "43025",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/43025"
            },
            {
              "name": "ADV-2011-0191",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0191"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
            },
            {
              "name": "ADV-2011-0337",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0337"
            },
            {
              "name": "1025033",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1025033"
            },
            {
              "name": "adobe-reader-pdf-file-ce(62996)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62996"
            },
            {
              "name": "oval:org.mitre.oval:def:12527",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12527"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-30T16:25Z",
      "publishedDate": "2010-11-07T22:00Z"
    }
  }
}

GHSA-G5VR-3WPW-49PH

Vulnerability from github – Published: 2022-05-14 02:18 – Updated: 2022-05-14 02:18

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-4091"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-11-07T22:00:00Z",
    "severity": "HIGH"
  },
  "details": "The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.",
  "id": "GHSA-g5vr-3wpw-49ph",
  "modified": "2022-05-14T02:18:03Z",
  "published": "2022-05-14T02:18:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4091"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62996"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12527"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.html"
    },
    {
      "type": "WEB",
      "url": "http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html"
    },
    {
      "type": "WEB",
      "url": "http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/69005"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42095"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42401"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43025"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201101-08.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-28.html"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/15419"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0934.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/44638"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1024684"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1025033"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/2890"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/3111"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0191"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0337"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-4091 (GCVE-0-2010-4091)

CERTA-2011-AVI-076

Description

Solution

CERTA-2010-AVI-551

Description

Solution

FKIE_CVE-2010-4091

GSD-2010-4091

GHSA-G5VR-3WPW-49PH

Tags

Sightings

Nomenclature