The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.41046.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Adobe Subscribe
Acrobat Subscribe
Acrobat Reader Subscribe
Apple Subscribe
Mac Os X Subscribe
Microsoft Subscribe
Windows Subscribe
Redhat Subscribe
Rhel Extras Subscribe

Configuration 1 [-]

AND
OR cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.2.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.2.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.2.4:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.3.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.3.4:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.4:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:10.0:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.2.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.2.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.2.4:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.3.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.3.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.3.4:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.4:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Extras for RHEL 4
acroread-0:9.4.1-1.el4 cpe:/a:redhat:rhel_extras:4 RHSA-2010:0934 2010-12-01T00:00:00Z
Red Hat Enterprise Linux 6 Supplementary
acroread-0:9.4.1-1.el6 cpe:/a:redhat:rhel_extras:6 RHSA-2010:0934 2010-12-01T00:00:00Z
Supplementary for Red Hat Enterprise Linux 5
acroread-0:9.4.1-1.el5 cpe:/a:redhat:rhel_extras:5 RHSA-2010:0934 2010-12-01T00:00:00Z

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.html cve-icon cve-icon
http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html cve-icon cve-icon
http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html cve-icon cve-icon
http://osvdb.org/69005 cve-icon cve-icon
http://secunia.com/advisories/42095 cve-icon cve-icon
http://secunia.com/advisories/42401 cve-icon cve-icon
http://secunia.com/advisories/43025 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-201101-08.xml cve-icon cve-icon
http://www.adobe.com/support/security/bulletins/apsb10-28.html cve-icon cve-icon
http://www.adobe.com/support/security/bulletins/apsb11-03.html cve-icon cve-icon
http://www.exploit-db.com/exploits/15419 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0934.html cve-icon cve-icon
http://www.securityfocus.com/bid/44638 cve-icon cve-icon
http://www.securitytracker.com/id?1024684 cve-icon cve-icon
http://www.securitytracker.com/id?1025033 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/2890 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/3111 cve-icon cve-icon
http://www.vupen.com/english/advisories/2011/0191 cve-icon cve-icon
http://www.vupen.com/english/advisories/2011/0337 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/62996 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2010-4091 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12527 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2010-4091 cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2024-08-07T03:34:37.763Z

Reserved: 2010-10-25T00:00:00

Link: CVE-2010-4091

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2010-11-07T22:00:03.410

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-4091

cve-icon Redhat

Severity : Critical

Publid Date: 2010-11-04T00:00:00Z

Links: CVE-2010-4091 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses