The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Adobe
  • Acrobat
  • Acrobat Reader
Apple
  • Mac Os X
Microsoft
  • Windows
Redhat
  • Rhel Extras

Configuration 1 [-]

AND
OR cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.2.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.2.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.2.4:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.3.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.3.4:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.4:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:10.0:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.2.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.2.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.2.4:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.3.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.3.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.3.4:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.4:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Extras for RHEL 4
acroread-0:9.4.1-1.el4 cpe:/a:redhat:rhel_extras:4 RHSA-2010:0934 2010-12-01T00:00:00Z
Red Hat Enterprise Linux 6 Supplementary
acroread-0:9.4.1-1.el6 cpe:/a:redhat:rhel_extras:6 RHSA-2010:0934 2010-12-01T00:00:00Z
Supplementary for Red Hat Enterprise Linux 5
acroread-0:9.4.1-1.el5 cpe:/a:redhat:rhel_extras:5 RHSA-2010:0934 2010-12-01T00:00:00Z
References
Link Providers
http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.html cve-icon cve-icon
http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html cve-icon cve-icon
http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html cve-icon cve-icon
http://osvdb.org/69005 cve-icon cve-icon
http://secunia.com/advisories/42095 cve-icon cve-icon
http://secunia.com/advisories/42401 cve-icon cve-icon
http://secunia.com/advisories/43025 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-201101-08.xml cve-icon cve-icon
http://www.adobe.com/support/security/bulletins/apsb10-28.html cve-icon cve-icon
http://www.adobe.com/support/security/bulletins/apsb11-03.html cve-icon cve-icon
http://www.exploit-db.com/exploits/15419 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0934.html cve-icon cve-icon
http://www.securityfocus.com/bid/44638 cve-icon cve-icon
http://www.securitytracker.com/id?1024684 cve-icon cve-icon
http://www.securitytracker.com/id?1025033 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/2890 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/3111 cve-icon cve-icon
http://www.vupen.com/english/advisories/2011/0191 cve-icon cve-icon
http://www.vupen.com/english/advisories/2011/0337 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/62996 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2010-4091 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12527 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2010-4091 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2010-11-07T21:00:00

Updated: 2024-08-07T03:34:37.763Z

Reserved: 2010-10-25T00:00:00

Link: CVE-2010-4091

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2010-11-07T22:00:03.410

Modified: 2024-11-21T01:20:13.397

Link: CVE-2010-4091

cve-icon Redhat

Severity : Critical

Publid Date: 2010-11-04T00:00:00Z

Links: CVE-2010-4091 - Bugzilla