CVE-2010-1241
published 2010-04-05CVE-2010-1241: Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X…
PriorityP269critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
9.21%
94.7th percentile
Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered by opening a specially-crafted PDF file targeting Adobe Reader's custom heap management system, resulting in a heap-based buffer overflow. Detect suspicious PDF files being opened by Adobe Reader/Acrobat processes, especially those causing memory corruption or unexpected code execution. ↗
- →A working exploit for this vulnerability was demonstrated publicly at Black Hat Europe 2010 (April 12–15, Barcelona), targeting Adobe Reader 9.3.1 with DEP enabled. Threat intel feeds and retrospective log analysis should account for exploitation attempts around this timeframe. ↗
- ·The vulnerability affects Adobe Reader and Acrobat 9.x before 9.3.2 and 8.x before 8.2.2 on Windows and Mac OS X only. Linux versions are not listed as affected platforms. ↗
- ·The exploit was demonstrated against Adobe Reader 9.3.1 specifically with Data Execution Prevention (DEP) enabled by default, indicating the attacker technique bypasses DEP. Detection/mitigation strategies relying solely on DEP may be insufficient. ↗
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Adobe Acrobat Reader up to 9.1.0 memory corruption (Nessus ID 45504 / ID 165590)
vuldb·2026-05-05·CVSS 9.3
CVE-2010-1241 [CRITICAL] Adobe Acrobat Reader up to 9.1.0 memory corruption (Nessus ID 45504 / ID 165590)
A vulnerability identified as critical has been detected in Adobe Acrobat Reader up to 9.1.0. Affected is an unknown function. This manipulation causes memory corruption.
The identification of this vulnerability is CVE-2010-1241. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
You should upgrade the affected component.
GHSA
GHSA-fcqq-w27v-8hfw: Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9
ghsa_unreviewed·2022-05-02
CVE-2010-1241 [HIGH] CWE-119 GHSA-fcqq-w27v-8hfw: Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9
Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005.
VulnCheck
Adobe Acrobat and Reader Improper Restriction of Operations within the Bounds of a Memory Buffer
vulncheck·2010·CVSS 9.3
CVE-2010-1241 [CRITICAL] Adobe Acrobat and Reader Improper Restriction of Operations within the Bounds of a Memory Buffer
Adobe Acrobat and Reader Improper Restriction of Operations within the Bounds of a Memory Buffer
Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005.
Affected: Adobe Acrobat and Reader
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf
Red Hat
Acroread: Heap-based overflow by opening a specially-crafted PDF file (FG-VD-10-005)
vendor_redhat·2010-03-23·CVSS 9.3
CVE-2010-1241 [CRITICAL] Acroread: Heap-based overflow by opening a specially-crafted PDF file (FG-VD-10-005)
Acroread: Heap-based overflow by opening a specially-crafted PDF file (FG-VD-10-005)
Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005.
No detection rules found.
No public exploits indexed.
http://blog.fortinet.com/the-upcoming-blackhat-europe-2010-presentation/http://lists.immunitysec.com/pipermail/dailydave/2010-April/006077.htmlhttp://www.adobe.com/support/security/bulletins/apsb10-09.htmlhttp://www.blackhat.com/html/bh-eu-10/bh-eu-10-briefings.html#Lihttp://www.securityfocus.com/bid/39227http://www.securityfocus.com/bid/39329http://www.us-cert.gov/cas/techalerts/TA10-103C.htmlhttp://www.vupen.com/english/advisories/2010/0873http://www.youtube.com/watch?v=9EVHtY1-0q8https://exchange.xforce.ibmcloud.com/vulnerabilities/57589https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6940http://blog.fortinet.com/the-upcoming-blackhat-europe-2010-presentation/http://lists.immunitysec.com/pipermail/dailydave/2010-April/006077.htmlhttp://www.adobe.com/support/security/bulletins/apsb10-09.htmlhttp://www.blackhat.com/html/bh-eu-10/bh-eu-10-briefings.html#Lihttp://www.securityfocus.com/bid/39227http://www.securityfocus.com/bid/39329http://www.us-cert.gov/cas/techalerts/TA10-103C.htmlhttp://www.vupen.com/english/advisories/2010/0873http://www.youtube.com/watch?v=9EVHtY1-0q8https://exchange.xforce.ibmcloud.com/vulnerabilities/57589https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6940
2010-04-05
Published
Exploited in the wild