CVE-2010-2862
published 2010-08-05CVE-2010-2862: Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with…
PriorityP273critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
16.30%
96.6th percentile
Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for TrueType font files embedded in PDF documents containing an abnormally large maxCompositePoints value in the Maximum Profile (maxp) table, which triggers an integer overflow in CoolType.dll. ↗
- →The vulnerability is in CoolType.dll; monitor process memory or crash telemetry involving this DLL when processing PDF files with embedded TrueType fonts. ↗
- ·The Tenable blog post misattributes CVE-2010-2862 to Adobe ColdFusion 'directory traversal'; the actual CVE describes an integer overflow in Adobe Reader/Acrobat CoolType.dll. Treat any tooling or signatures referencing this CVE in a ColdFusion context as mislabeled. ↗
- ·CVE-2010-1240 was reused in APSB10-17 for an incomplete fix rather than being assigned a new CVE; detections tied to CVE-2010-1240 in this bulletin context may overlap with or be confused with CVE-2010-2862 coverage. ↗
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ghwm-gwr7-m4m2: Integer overflow in CoolType
ghsa_unreviewed·2022-05-17
CVE-2010-2862 [HIGH] GHSA-ghwm-gwr7-m4m2: Integer overflow in CoolType
Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.
VulnCheck
Adobe Reader CoolType.dll Remote Code Execution
vulncheck·2010·CVSS 9.3
CVE-2010-2862 [CRITICAL] Adobe Reader CoolType.dll Remote Code Execution
Adobe Reader CoolType.dll Remote Code Execution
Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.
Affected: Adobe Acrobat and Reader
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf
Red Hat
acroread: integer overflow flaw allows remote arbitrary code execution
vendor_redhat·2010-08-04·CVSS 9.3
CVE-2010-2862 [CRITICAL] CWE-190 acroread: integer overflow flaw allows remote arbitrary code execution
acroread: integer overflow flaw allows remote arbitrary code execution
Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.
Suricata
ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-2862 [HIGH] ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php ASCII
ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php ASCII"; flow:established,to_server; http.uri; content:"/cart.inc.php?"; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-2862; reference:url,www.securityfocus.com/archive/1/archive/1/469301/100/0/threaded; classtype:web-application-attack; sid:2004039; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T
Suricata
ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-2862 [HIGH] ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php SELECT
ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php SELECT"; flow:established,to_server; http.uri; content:"/cart.inc.php?"; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-2862; reference:url,www.securityfocus.com/archive/1/archive/1/469301/100/0/threaded; classtype:web-application-attack; sid:2004035; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T
Suricata
ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-2862 [HIGH] ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php UPDATE
ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php UPDATE"; flow:established,to_server; http.uri; content:"/cart.inc.php?"; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2007-2862; reference:url,www.securityfocus.com/archive/1/archive/1/469301/100/0/threaded; classtype:web-application-attack; sid:2004040; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1
Suricata
ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-2862 [HIGH] ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php DELETE
ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php DELETE"; flow:established,to_server; http.uri; content:"/cart.inc.php?"; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-2862; reference:url,www.securityfocus.com/archive/1/archive/1/469301/100/0/threaded; classtype:web-application-attack; sid:2004038; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T
Suricata
ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-2862 [HIGH] ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php UNION SELECT
ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php UNION SELECT"; flow:established,to_server; http.uri; content:"/cart.inc.php?"; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-2862; reference:url,www.securityfocus.com/archive/1/archive/1/469301/100/0/threaded; classtype:web-application-attack; sid:2004036; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_t
Suricata
ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-2862 [HIGH] ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php INSERT
ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php INSERT"; flow:established,to_server; http.uri; content:"/cart.inc.php?"; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2007-2862; reference:url,www.securityfocus.com/archive/1/archive/1/469301/100/0/threaded; classtype:web-application-attack; sid:2004037; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T
Tenable
Tenable Network Security Podcast - Episode 46
blogs_tenable·2010-08-19
Tenable Network Security Podcast - Episode 46
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Tenable Network Security Podcast - Episode 46
blogs_tenable·2010-08-19·CVSS 9.3
[CRITICAL] Tenable Network Security Podcast - Episode 46
Blog /
Subscribe
# Tenable Network Security Podcast - Episode 46
Paul Asadoorian
August 19, 2010
3 Min Read
Welcome to the Tenable Network Security Podcast - Episode 56
Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst
### Announcements
- Two new blog posts have been published this week, including:
- Microsoft Patch Tuesday Roundup - August 2010 - "Geronimo!" Edition
- San Francisco Security Showcase - Sept 15, 2010
### Stories
- Ruby XSS Vulnerability - I find two things interesting about this article. First, I think it's scary when a programming language itself, or supporting libraries, contains a flaw. This means that all of the programs using it are vulnerable. I think this is also scary because we don't often audit code that is popular and has been
Bugzilla
acroread: multiple critical security flaws (APSB10-17)
bugzilla·2010-08-17·CVSS 9.3
CVE-2010-2862 [CRITICAL] acroread: multiple critical security flaws (APSB10-17)
acroread: multiple critical security flaws (APSB10-17)
Adobe has announced a forthcoming update to Adobe Acrobat Reader that will address critical security issues:
http://www.adobe.com/support/security/bulletins/apsb10-17.html
Discussion:
The bulletin addresses:
* These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2010-2862).
* These updates further mitigate a social engineering attack that could lead to code execution (CVE-2010-1240).
* These updates incorporate the Adobe Flash Player update as noted in Security Bulletin APSB10-16.
The first issue is tracked via bug #621687 and the Flash Player-related issues are tracked via bug #622947.
CVE-2010-1240 was previously noted to have been corrected in APSB10-15 (see bug #609203), so Adobe s
Bugzilla
CVE-2010-2862 acroread: integer overflow flaw allows remote arbitrary code execution
bugzilla·2010-08-05·CVSS 9.3
CVE-2010-2862 [CRITICAL] CVE-2010-2862 acroread: integer overflow flaw allows remote arbitrary code execution
CVE-2010-2862 acroread: integer overflow flaw allows remote arbitrary code execution
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2862 to
the following vulnerability:
Name: CVE-2010-2862
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2862
Assigned: 20100727
Reference: MISC: http://securityevaluators.com/files/papers/CrashAnalysis.pdf
Reference: MISC: http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/
Reference: SECUNIA:40766
Reference: URL: http://secunia.com/advisories/40766
Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and
Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a
TrueType font with a large maxCompositePoints value in a Maximum
Profile (maxp)
http://secunia.com/advisories/40766http://securityevaluators.com/files/papers/CrashAnalysis.pdfhttp://www.us-cert.gov/cas/techalerts/TA10-231A.htmlhttp://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693http://secunia.com/advisories/40766http://securityevaluators.com/files/papers/CrashAnalysis.pdfhttp://www.us-cert.gov/cas/techalerts/TA10-231A.htmlhttp://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693
2010-08-05
Published
Exploited in the wild