CVE-2010-2206

critical

Description

Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and triggers a heap-based buffer overflow.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7200

http://www.vupen.com/english/advisories/2010/1636

http://www.securitytracker.com/id?1024159

http://www.securityfocus.com/bid/41241

http://www.securityfocus.com/archive/1/512092/100/0/threaded

http://www.adobe.com/support/security/bulletins/apsb10-15.html

http://secunia.com/secunia_research/2010-88/

Details

Source: Mitre, NVD

Published: 2010-06-30

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical