Release DateAug 13, 2010 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against an integer-overflow vulnerability in Adobe Acrobat and Reader.The vulnerability is caused by an error when the vulnerable software handles PDF files with a malformed value for a certain TrueType Font field. It allows a remote attacker to execute arbitrary code via sending a crafted PDF file. |
Affected ProductsAdobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3 |
Recommended ActionsDo not open untrusted PDF files. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2010-2862 |
Reference/shttp://www.adobe.com/support/security/bulletins/apsb10-17.htmlhttp://www.frsirt.com/english/advisories/2010/2004 (FrSIRT) http://www.securityfocus.com/bid/42203 (BugTraq) |
