cbcvebase.
CVE-2010-1241
published 2010-04-05

CVE-2010-1241: Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X…

PriorityP269critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
9.21%
94.7th percentile
Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005.

Affected

18 ranges
VendorProductVersion rangeFixed in
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability is triggered by opening a specially-crafted PDF file targeting Adobe Reader's custom heap management system, resulting in a heap-based buffer overflow. Detect suspicious PDF files being opened by Adobe Reader/Acrobat processes, especially those causing memory corruption or unexpected code execution.
  • A working exploit for this vulnerability was demonstrated publicly at Black Hat Europe 2010 (April 12–15, Barcelona), targeting Adobe Reader 9.3.1 with DEP enabled. Threat intel feeds and retrospective log analysis should account for exploitation attempts around this timeframe.
  • ·The vulnerability affects Adobe Reader and Acrobat 9.x before 9.3.2 and 8.x before 8.2.2 on Windows and Mac OS X only. Linux versions are not listed as affected platforms.
  • ·The exploit was demonstrated against Adobe Reader 9.3.1 specifically with Data Execution Prevention (DEP) enabled by default, indicating the attacker technique bypasses DEP. Detection/mitigation strategies relying solely on DEP may be insufficient.

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.