CVE-2010-0195Code Injection in Adobe Acrobat

CWE-94Code Injection7 documents4 sources
Severity
9.3CRITICALNVD
EPSS
18.1%
top 4.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedApr 14
Latest updateMay 2

Description

Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, do not properly handle fonts, which allows attackers to execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDadobe/acrobat_reader17 versions+16
NVDadobe/acrobat19 versions+18

Patches

Patch: www.adobe.comPatch: www.vupen.comPatch: www.adobe.com

🔴Vulnerability Details

1
GHSA
GHSA-p4m7-9364-7j9j: Adobe Reader and Acrobat 92022-05-02

📋Vendor Advisories

1
Red Hat
Acroread: Multiple code execution flaws (APSB10-09)2010-04-13

💬Community

2
Bugzilla
CVE-2014-0221 CVE-2014-0198 CVE-2014-0224 CVE-2014-0195 CVE-2010-5298 CVE-2014-3470 mingw-openssl: various flaws [epel-7]2014-08-07
Bugzilla
Acroread: Multiple code execution flaws (APSB10-09)2010-04-12
CVE-2010-0195 — Code Injection in Adobe Acrobat | cvebase