Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2010-4091 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Acrobat
Severity
9.3CRITICALNVD
EPSS
41.0%
top 2.61%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedNov 7
Latest updateMay 14
Description
The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.
CVSS vector
AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0
Affected Packages2 packages
Patches
🔴Vulnerability Details
1💥Exploits & PoCs
1🔍Detection Rules
1Suricata
▶
📋Vendor Advisories
1📄Research Papers
2💬Community
2Bugzilla▶
CVE-2011-0562 CVE-2011-0563 CVE-2011-0565 CVE-2011-0566 CVE-2011-0567 CVE-2011-0585 CVE-2011-0586 CVE-2011-0589 CVE-2011-0590 CVE-2011-0591 CVE-2011-0592 CVE-2011-0593 CVE-2011-0594 CVE-2011-0595 acro↗2011-02-08
Bugzilla▶
CVE-2010-4091 acroread: remote DoS or possible arbitrary code execution via EScript.api plugin↗2010-11-08