Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-2201Improper Input Validation in Adobe Acrobat

CWE-20Improper Input ValidationCWE-39913 documents6 sources
Severity
9.3CRITICALNVD
EPSS
13.5%
top 5.75%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedJun 30
Latest updateMay 14

Description

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content involving the (1) pushstring (0x2C) operator, (2) debugfile (0xF1) operator, and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2168.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDadobe/acrobat_reader19 versions+18
NVDadobe/acrobat21 versions+20

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

3
GHSA
GHSA-qm3q-8q36-x3vh: Adobe Reader and Acrobat 92022-05-14
GHSA
GHSA-2qrp-v3mf-g36h: Adobe Reader and Acrobat 92022-05-14
GHSA
GHSA-96r2-72m9-m58r: Adobe Reader and Acrobat 92022-05-02

💥Exploits & PoCs

1
Exploit-DB
Adobe Acrobat and Reader - 'pushstring' Memory Corruption2010-09-12

🔍Detection Rules

2
Suricata
ET WEB_CLIENT Possible Adobe Acrobat and Reader Pushstring Memory Corruption Attempt2010-09-27
Suricata
ET WEB_CLIENT PDF With Embedded Adobe Shockwave Flash Possibly Related to Remote Code Execution Attempt2010-09-27

📋Vendor Advisories

3
Red Hat
acroread: multiple code execution flaws (APSB10-15)2010-06-29
Red Hat
acroread: multiple code execution flaws (APSB10-15)2010-06-29
Red Hat
acroread: multiple code execution flaws (APSB10-15)2010-06-29

💬Community

1
Bugzilla
acroread: multiple code execution flaws (APSB10-15)2010-06-29
CVE-2010-2201 — Improper Input Validation in Adobe | cvebase