CVE-2010-2206

HIGH

Description

Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and triggers a heap-based buffer overflow.

References

http://secunia.com/secunia_research/2010-88/

http://www.adobe.com/support/security/bulletins/apsb10-15.html

http://www.securityfocus.com/archive/1/512092/100/0/threaded

http://www.securityfocus.com/bid/41241

http://www.securitytracker.com/id?1024159

http://www.vupen.com/english/advisories/2010/1636

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7200

Details

Source: MITRE

Published: 2010-06-30

Updated: 2018-10-30

Type: CWE-189

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH