{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-03-31T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "reader-customheap-code-execution(57589)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57589"}, {"name": "39227", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/39227"}, {"name": "[dailydave] 20100401 0day, it may not be", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.immunitysec.com/pipermail/dailydave/2010-April/006077.html"}, {"name": "ADV-2010-0873", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0873"}, {"name": "TA10-103C", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-103C.html"}, {"name": "oval:org.mitre.oval:def:6940", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6940"}, {"name": "39329", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/39329"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-09.html"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.fortinet.com/the-upcoming-blackhat-europe-2010-presentation/"}, {"tags": ["x_refsource_MISC"], "url": "http://www.youtube.com/watch?v=9EVHtY1-0q8"}, {"tags": ["x_refsource_MISC"], "url": "http://www.blackhat.com/html/bh-eu-10/bh-eu-10-briefings.html#Li"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-1241", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "reader-customheap-code-execution(57589)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57589"}, {"name": "39227", "refsource": "BID", "url": "http://www.securityfocus.com/bid/39227"}, {"name": "[dailydave] 20100401 0day, it may not be", "refsource": "MLIST", "url": "http://lists.immunitysec.com/pipermail/dailydave/2010-April/006077.html"}, {"name": "ADV-2010-0873", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0873"}, {"name": "TA10-103C", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA10-103C.html"}, {"name": "oval:org.mitre.oval:def:6940", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6940"}, {"name": "39329", "refsource": "BID", "url": "http://www.securityfocus.com/bid/39329"}, {"name": "http://www.adobe.com/support/security/bulletins/apsb10-09.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb10-09.html"}, {"name": "http://blog.fortinet.com/the-upcoming-blackhat-europe-2010-presentation/", "refsource": "MISC", "url": "http://blog.fortinet.com/the-upcoming-blackhat-europe-2010-presentation/"}, {"name": "http://www.youtube.com/watch?v=9EVHtY1-0q8", "refsource": "MISC", "url": "http://www.youtube.com/watch?v=9EVHtY1-0q8"}, {"name": "http://www.blackhat.com/html/bh-eu-10/bh-eu-10-briefings.html#Li", "refsource": "MISC", "url": "http://www.blackhat.com/html/bh-eu-10/bh-eu-10-briefings.html#Li"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T01:14:06.842Z"}, "title": "CVE Program Container", "references": [{"name": "reader-customheap-code-execution(57589)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57589"}, {"name": "39227", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/39227"}, {"name": "[dailydave] 20100401 0day, it may not be", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.immunitysec.com/pipermail/dailydave/2010-April/006077.html"}, {"name": "ADV-2010-0873", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0873"}, {"name": "TA10-103C", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-103C.html"}, {"name": "oval:org.mitre.oval:def:6940", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6940"}, {"name": "39329", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/39329"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-09.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.fortinet.com/the-upcoming-blackhat-europe-2010-presentation/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.youtube.com/watch?v=9EVHtY1-0q8"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.blackhat.com/html/bh-eu-10/bh-eu-10-briefings.html#Li"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-1241", "datePublished": "2010-04-05T15:15:00", "dateReserved": "2010-04-05T00:00:00", "dateUpdated": "2024-08-07T01:14:06.842Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "996EB48E-D2A8-49E4-915A-EBDE26A9FB94", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "97E20936-EE31-4CEB-A710-3165A28BAD69", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5BD9952C-A1D0-4DFB-A292-9B86D7EAE5FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "C5BEA847-A71E-4336-AB67-B3C38847C1C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "39F6994B-6969-485B-9286-2592B11A47BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "FC533775-B52E-43F0-BF19-1473BE36232D", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "18D1C85E-42CC-46F2-A7B6-DAC3C3995330", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "C4670451-511E-496C-A78A-887366E1E992", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "1A2A4F62-7AB5-4134-9A65-4B4E1EA262A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "35994F76-CD13-4301-9134-FC0CBEA37D97", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "562772F1-1627-438E-A6B8-7D1AA5536086", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "27D5AF92-A8E1-41BD-B20A-EB26BB6AD4DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F25C9167-C6D4-4264-9197-50878EDA2D96", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "DD1D7308-09E9-42B2-8836-DC2326C62A9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "B5C251D2-4C9B-4029-8BED-0FCAED3B8E89", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "2432AC17-5378-4C61-A775-5172FD44EC03", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:9.3:*:*:*:*:*:*:*", "matchCriteriaId": "B6BA82F4-470D-4A46-89B2-D2F3C8FA31C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "39EDED39-664F-4B68-B422-2CCCA3B83550", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005."}, {"lang": "es", "value": "El desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en el sistema de administraci\u00f3n de la pila personalizado en Reader y Acrobat versiones 9.x anteriores a 9.3.2, y versiones 8.x anteriores a 8.2.2 de Adobe en Windows y Mac OS X, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) por medio de un documento PDF especialmente dise\u00f1ado, tambi\u00e9n se conoce como FG-VD-10-005."}], "id": "CVE-2010-1241", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-04-05T15:30:01.343", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://blog.fortinet.com/the-upcoming-blackhat-europe-2010-presentation/"}, {"source": "cve@mitre.org", "url": "http://lists.immunitysec.com/pipermail/dailydave/2010-April/006077.html"}, {"source": "cve@mitre.org", "url": "http://www.adobe.com/support/security/bulletins/apsb10-09.html"}, {"source": "cve@mitre.org", "url": "http://www.blackhat.com/html/bh-eu-10/bh-eu-10-briefings.html#Li"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/39227"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/39329"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-103C.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0873"}, {"source": "cve@mitre.org", "url": "http://www.youtube.com/watch?v=9EVHtY1-0q8"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57589"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6940"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://blog.fortinet.com/the-upcoming-blackhat-europe-2010-presentation/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.immunitysec.com/pipermail/dailydave/2010-April/006077.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.adobe.com/support/security/bulletins/apsb10-09.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.blackhat.com/html/bh-eu-10/bh-eu-10-briefings.html#Li"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/39227"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/39329"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-103C.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0873"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.youtube.com/watch?v=9EVHtY1-0q8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57589"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6940"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2010:0349", "cpe": "cpe:/a:redhat:rhel_extras:4", "package": "acroread-0:9.3.2-1.el4", "product_name": "Extras for RHEL 4", "release_date": "2010-04-14T00:00:00Z"}, {"advisory": "RHSA-2010:0349", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "acroread-0:9.3.2-1.el5", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2010-04-14T00:00:00Z"}], "bugzilla": {"description": "Acroread: Heap-based overflow by opening a specially-crafted PDF file (FG-VD-10-005)", "id": "579213", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=579213"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005."], "name": "CVE-2010-1241", "public_date": "2010-03-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-1241\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-1241"], "threat_severity": "Critical"}

{}