CVE-2010-1241

Sažetak

Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005.

Reference

http://blog.fortinet.com/the-upcoming-blackhat-europe-2010-presentation/
http://lists.immunitysec.com/pipermail/dailydave/2010-April/006077.html
http://www.adobe.com/support/security/bulletins/apsb10-09.html
http://www.blackhat.com/html/bh-eu-10/bh-eu-10-briefings.html#Li
http://www.securityfocus.com/bid/39227
http://www.securityfocus.com/bid/39329
http://www.us-cert.gov/cas/techalerts/TA10-103C.html
http://www.vupen.com/english/advisories/2010/0873
http://www.youtube.com/watch?v=9EVHtY1-0q8
https://exchange.xforce.ibmcloud.com/vulnerabilities/57589
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6940

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

19-09-2017 - 01:30

Objavljeno

05-04-2010 - 15:30