CVE-2010-4091
published 2010-11-07CVE-2010-4091: The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers…
PriorityP356critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
18.52%
96.9th percentile
The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.
Affected
53 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g5vr-3wpw-49ph: The EScript
ghsa_unreviewed·2022-05-14
CVE-2010-4091 [HIGH] CWE-119 GHSA-g5vr-3wpw-49ph: The EScript
The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.
Red Hat
acroread: remote DoS or possible arbitrary code execution via EScript.api plugin
vendor_redhat·2010-11-04·CVSS 9.3
CVE-2010-4091 [CRITICAL] acroread: remote DoS or possible arbitrary code execution via EScript.api plugin
acroread: remote DoS or possible arbitrary code execution via EScript.api plugin
The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.
Suricata
ET WEB_CLIENT Possible Adobe Reader 9.4 this.printSeps Memory Corruption Attempt
suricata·2010-11-09
CVE-2010-4091 ET WEB_CLIENT Possible Adobe Reader 9.4 this.printSeps Memory Corruption Attempt
ET WEB_CLIENT Possible Adobe Reader 9.4 this.printSeps Memory Corruption Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Possible Adobe Reader 9.4 this.printSeps Memory Corruption Attempt"; flow:established,to_client; file.data; content:".printSeps"; nocase; pcre:"/(this|doc)\x2EprintSeps/i"; reference:bid,44638; reference:cve,2010-4091; classtype:attempted-user; sid:2011910; rev:7; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2010_11_09, cve CVE_2010_4091, deployment Perimeter, confidence Low, signature_severity Major, tag Web_Client_Attacks, updated_at 2024_04_09;)
arXiv
Machine Learning With Feature Selection Using Principal Component Analysis for Malware Detection: A Case Study
arxiv_fulltext·2019-02-10
Machine Learning With Feature Selection Using Principal Component Analysis for Malware Detection: A Case Study
Jason Zhang, Ph.D.
Senior Threat Researcher
Sophos, Abingdon OX14 3YP, U.K.
[email protected]
plain
plain
## Abstract
Cyber security threats have been growing significantly in both volume and sophistication over the past decade. This poses great challenges to malware detection without considerable automation. In this paper, we have proposed a novel approach by extending our recently suggested artificial neural network (ANN) based model with feature selection using the principal component analysis (PCA) technique for malware detection. The effectiveness of the approach has been successfully demonstrated with the application in PDF malware detection. A varying number of principal components is examined in the comparative study. Our evaluation shows that the model with PCA can signif
arXiv
MLPdf: An Effective Machine Learning Based Approach for PDF Malware Detection
arxiv_fulltext·2018-08-21
MLPdf: An Effective Machine Learning Based Approach for PDF Malware Detection
Jason Zhang, Ph.D.
Senior Threat Researcher
Sophos, Abingdon OX14 3YP, U.K.
[email protected]
plain
plain
## Abstract
Due to the popularity of portable document format (PDF) and increasing number of vulnerabilities in major PDF viewer applications, malware writers continue to use it to deliver malware via web downloads, email attachments and other methods in both targeted and non-targeted attacks. The topic on how to effectively block malicious PDF documents has received huge research interests in both cyber security industry and academia with no sign of slowing down. In this paper, we propose a novel approach based on a multilayer perceptron (MLP) neural network model, termed MLP_df, for the detection of PDF based malware. More specifically, the MLP_df model uses a backpropagatio
Bugzilla
CVE-2011-0562 CVE-2011-0563 CVE-2011-0565 CVE-2011-0566 CVE-2011-0567 CVE-2011-0585 CVE-2011-0586 CVE-2011-0589 CVE-2011-0590 CVE-2011-0591 CVE-2011-0592 CVE-2011-0593 CVE-2011-0594 CVE-2011-0595 acro
bugzilla·2011-02-08·CVSS 6.9
CVE-2011-0562 [MEDIUM] CVE-2011-0562 CVE-2011-0563 CVE-2011-0565 CVE-2011-0566 CVE-2011-0567 CVE-2011-0585 CVE-2011-0586 CVE-2011-0589 CVE-2011-0590 CVE-2011-0591 CVE-2011-0592 CVE-2011-0593 CVE-2011-0594 CVE-2011-0595 acro
CVE-2011-0562 CVE-2011-0563 CVE-2011-0565 CVE-2011-0566 CVE-2011-0567 CVE-2011-0585 CVE-2011-0586 CVE-2011-0589 CVE-2011-0590 CVE-2011-0591 CVE-2011-0592 CVE-2011-0593 CVE-2011-0594 CVE-2011-0595 acroread: critical APSB11-03
Adobe security bulletin APSB11-03 describes multiple security flaws that can lead to arbitrary code execution when a malicious PDF file is opened in Adobe Reader.
http://www.adobe.com/support/security/bulletins/apsb11-03.html
These updates resolve a library-loading vulnerability that could lead to code execution (CVE-2011-0562).
These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2011-0563).
These updates resolve a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CV
Bugzilla
CVE-2010-4091 acroread: remote DoS or possible arbitrary code execution via EScript.api plugin
bugzilla·2010-11-08·CVSS 9.3
CVE-2010-4091 [CRITICAL] CVE-2010-4091 acroread: remote DoS or possible arbitrary code execution via EScript.api plugin
CVE-2010-4091 acroread: remote DoS or possible arbitrary code execution via EScript.api plugin
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4091 to
the following vulnerability:
Name: CVE-2010-4091
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4091
Assigned: 20101025
Reference: EXPLOIT-DB:15419
Reference: URL: http://www.exploit-db.com/exploits/15419
Reference: FULLDISC:20101103 [0dayz] Acrobat Reader Memory Corruption Remote Arbitrary Code Execution
Reference: URL: http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.html
Reference: MISC: http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html
Reference: BID:44638
Reference: URL: http://www.securityfocus.com/bid/44638
Reference: SECUNIA:42095
Reference: URL: http://sec
http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.htmlhttp://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.htmlhttp://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.htmlhttp://osvdb.org/69005http://secunia.com/advisories/42095http://secunia.com/advisories/42401http://secunia.com/advisories/43025http://security.gentoo.org/glsa/glsa-201101-08.xmlhttp://www.adobe.com/support/security/bulletins/apsb10-28.htmlhttp://www.adobe.com/support/security/bulletins/apsb11-03.htmlhttp://www.exploit-db.com/exploits/15419http://www.redhat.com/support/errata/RHSA-2010-0934.htmlhttp://www.securityfocus.com/bid/44638http://www.securitytracker.com/id?1024684http://www.securitytracker.com/id?1025033http://www.vupen.com/english/advisories/2010/2890http://www.vupen.com/english/advisories/2010/3111http://www.vupen.com/english/advisories/2011/0191http://www.vupen.com/english/advisories/2011/0337https://exchange.xforce.ibmcloud.com/vulnerabilities/62996https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12527http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.htmlhttp://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.htmlhttp://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.htmlhttp://osvdb.org/69005http://secunia.com/advisories/42095http://secunia.com/advisories/42401http://secunia.com/advisories/43025http://security.gentoo.org/glsa/glsa-201101-08.xmlhttp://www.adobe.com/support/security/bulletins/apsb10-28.htmlhttp://www.adobe.com/support/security/bulletins/apsb11-03.htmlhttp://www.exploit-db.com/exploits/15419http://www.redhat.com/support/errata/RHSA-2010-0934.htmlhttp://www.securityfocus.com/bid/44638http://www.securitytracker.com/id?1024684http://www.securitytracker.com/id?1025033http://www.vupen.com/english/advisories/2010/2890http://www.vupen.com/english/advisories/2010/3111http://www.vupen.com/english/advisories/2011/0191http://www.vupen.com/english/advisories/2011/0337https://exchange.xforce.ibmcloud.com/vulnerabilities/62996https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12527
2010-11-07
Published