CVE-2010-2888Improper Input Validation in Adobe Acrobat

CWE-20Improper Input Validation3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
9.3%
top 7.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedOct 6
Latest updateMay 14

Description

Multiple unspecified vulnerabilities in an ActiveX control in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Windows allow attackers to execute arbitrary code via unknown vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDadobe/acrobat_reader24 versions+23
NVDadobe/acrobat25 versions+24

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

1
GHSA
GHSA-hxm7-hg74-hf87: Multiple unspecified vulnerabilities in an ActiveX control in Adobe Reader and Acrobat 82022-05-14

💥Exploits & PoCs

1
Exploit-DB
UltraISO - '.cue' File Parsing Buffer Overflow (Metasploit)2010-04-30
CVE-2010-2888 — Improper Input Validation in Adobe | cvebase