CVE-2010-4091

Published: Nov 7, 2010Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.

Affected (53)

Products: Adobe: Acrobat Reader, Acrobat

2 products

Configuration A

26 vulnerable

Vulnerable Software	Affected Versions
Adobe Acrobat Reader	Version 10.0
Adobe Acrobat Reader	Version 8.0
Adobe Acrobat Reader	Version 8.1.1
Adobe Acrobat Reader	Version 8.1.2
Adobe Acrobat Reader	Version 8.1.4
Adobe Acrobat Reader	Version 8.1.5
Adobe Acrobat Reader	Version 8.1.6
Adobe Acrobat Reader	Version 8.1.7
Adobe Acrobat Reader	Version 8.1
Adobe Acrobat Reader	Version 8.2.1
Adobe Acrobat Reader	Version 8.2.2
Adobe Acrobat Reader	Version 8.2.3
Adobe Acrobat Reader	Version 8.2.4
Adobe Acrobat Reader	Version 8.2
Adobe Acrobat Reader	Version 9.0
Adobe Acrobat Reader	Version 9.1.1
Adobe Acrobat Reader	Version 9.1.2
Adobe Acrobat Reader	Version 9.1.3
Adobe Acrobat Reader	Version 9.1
Adobe Acrobat Reader	Version 9.2
Adobe Acrobat Reader	Version 9.3.1
Adobe Acrobat Reader	Version 9.3.2
Adobe Acrobat Reader	Version 9.3.3
Adobe Acrobat Reader	Version 9.3.4
Adobe Acrobat Reader	Version 9.3
Adobe Acrobat Reader	Version 9.4

Configuration B

27 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Adobe Acrobat	Version 10.0
Adobe Acrobat	Version 8.0
Adobe Acrobat	Version 8.1.1
Adobe Acrobat	Version 8.1.2
Adobe Acrobat	Version 8.1.3
Adobe Acrobat	Version 8.1.4
Adobe Acrobat	Version 8.1.5
Adobe Acrobat	Version 8.1.6
Adobe Acrobat	Version 8.1.7
Adobe Acrobat	Version 8.1
Adobe Acrobat	Version 8.2.1
Adobe Acrobat	Version 8.2.2
Adobe Acrobat	Version 8.2.3
Adobe Acrobat	Version 8.2.4
Adobe Acrobat	Version 8.2
Adobe Acrobat	Version 9.0
Adobe Acrobat	Version 9.1.1
Adobe Acrobat	Version 9.1.2
Adobe Acrobat	Version 9.1.3
Adobe Acrobat	Version 9.1
Adobe Acrobat	Version 9.2
Adobe Acrobat	Version 9.3.1
Adobe Acrobat	Version 9.3.2
Adobe Acrobat	Version 9.3.3
Adobe Acrobat	Version 9.3.4
Adobe Acrobat	Version 9.3
Adobe Acrobat	Version 9.4

Running on/with	Platform Versions
Apple Mac Os X	All versions
Microsoft Windows	All versions

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (44)

http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.html

Source: psirt@adobe.com

Exploit

http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html

Source: psirt@adobe.com

http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html

Source: psirt@adobe.com

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html

Source: psirt@adobe.com

http://osvdb.org/69005

Source: psirt@adobe.com

http://secunia.com/advisories/42095

Source: psirt@adobe.com

Vendor Advisory

http://secunia.com/advisories/42401

Source: psirt@adobe.com

Vendor Advisory

http://secunia.com/advisories/43025

Source: psirt@adobe.com

Vendor Advisory

http://security.gentoo.org/glsa/glsa-201101-08.xml

Source: psirt@adobe.com

http://www.adobe.com/support/security/bulletins/apsb10-28.html

Source: psirt@adobe.com

PatchVendor Advisory

http://www.adobe.com/support/security/bulletins/apsb11-03.html

Source: psirt@adobe.com

http://www.exploit-db.com/exploits/15419

Source: psirt@adobe.com

Exploit

http://www.redhat.com/support/errata/RHSA-2010-0934.html

Source: psirt@adobe.com

http://www.securityfocus.com/bid/44638

Source: psirt@adobe.com

http://www.securitytracker.com/id?1024684

Source: psirt@adobe.com

http://www.securitytracker.com/id?1025033

Source: psirt@adobe.com

http://www.vupen.com/english/advisories/2010/2890

Source: psirt@adobe.com

Vendor Advisory

http://www.vupen.com/english/advisories/2010/3111

Source: psirt@adobe.com

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0191

Source: psirt@adobe.com

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0337

Source: psirt@adobe.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/62996

Source: psirt@adobe.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12527

Source: psirt@adobe.com

http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/69005

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/42095

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/42401

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/43025

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://security.gentoo.org/glsa/glsa-201101-08.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.adobe.com/support/security/bulletins/apsb10-28.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.adobe.com/support/security/bulletins/apsb11-03.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.exploit-db.com/exploits/15419

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.redhat.com/support/errata/RHSA-2010-0934.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/44638

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1024684

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1025033

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/2890

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2010/3111

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0191

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0337

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/62996

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12527

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.