Adobe Reader CoolType.dll buffer overflow

Added: 09/17/2010
CVE: CVE-2010-2883
BID: 43057
OSVDB: 67849

Background

Adobe Reader is free software for viewing PDF documents.

Problem

A buffer overflow in the CoolType.dll module allows command execution when a user opens a PDF document containing a long, specially crafted field in a SING table within a TrueType font.

Resolution

Apply the fix referenced in APSA10-02 when available.

References

http://secunia.com/advisories/41340

Limitations

Exploit works on Adobe Reader 9.3.4 and requires a user to open the exploit file.

The IO::Uncompress and Compress::Zlib PERL modules must be installed on the SAINTexploit host in order to run this exploit.

Platforms

Windows

Back to exploit index