CVE-2010-2206: Buffer Overflow
First published: Wed Jun 30 2010(Updated: )
Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and triggers a heap-based buffer overflow.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader | =9.0 | |
| Adobe Acrobat Reader | =9.1 | |
| Adobe Acrobat Reader | =9.1.1 | |
| Adobe Acrobat Reader | =9.1.2 | |
| Adobe Acrobat Reader | =9.1.3 | |
| Adobe Acrobat Reader | =9.2 | |
| Adobe Acrobat Reader | =9.3 | |
| Adobe Acrobat Reader | =9.3.1 | |
| Adobe Acrobat Reader | =9.3.2 | |
| Apple iOS and macOS | ||
| Microsoft Windows | ||
| Adobe Acrobat Reader Notification Manager | =9.0 | |
| Adobe Acrobat Reader Notification Manager | =9.1 | |
| Adobe Acrobat Reader Notification Manager | =9.1.1 | |
| Adobe Acrobat Reader Notification Manager | =9.1.2 | |
| Adobe Acrobat Reader Notification Manager | =9.1.3 | |
| Adobe Acrobat Reader Notification Manager | =9.2 | |
| Adobe Acrobat Reader Notification Manager | =9.3 | |
| Adobe Acrobat Reader Notification Manager | =9.3.1 | |
| Adobe Acrobat Reader Notification Manager | =9.3.2 | |
| Adobe Acrobat Reader | =8.0 | |
| Adobe Acrobat Reader | =8.1 | |
| Adobe Acrobat Reader | =8.1.1 | |
| Adobe Acrobat Reader | =8.1.2 | |
| Adobe Acrobat Reader | =8.1.3 | |
| Adobe Acrobat Reader | =8.1.4 | |
| Adobe Acrobat Reader | =8.1.5 | |
| Adobe Acrobat Reader | =8.1.6 | |
| Adobe Acrobat Reader | =8.1.7 | |
| Adobe Acrobat Reader | =8.2 | |
| Adobe Acrobat Reader | =8.2.1 | |
| Adobe Acrobat Reader | =8.2.2 | |
| Adobe Acrobat Reader Notification Manager | =8.0 | |
| Adobe Acrobat Reader Notification Manager | =8.1 | |
| Adobe Acrobat Reader Notification Manager | =8.1.1 | |
| Adobe Acrobat Reader Notification Manager | =8.1.2 | |
| Adobe Acrobat Reader Notification Manager | =8.1.4 | |
| Adobe Acrobat Reader Notification Manager | =8.1.5 | |
| Adobe Acrobat Reader Notification Manager | =8.1.6 | |
| Adobe Acrobat Reader Notification Manager | =8.1.7 | |
| Adobe Acrobat Reader Notification Manager | =8.2.1 | |
| Adobe Acrobat Reader Notification Manager | =8.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.adobe.com/support/security/bulletins/apsb10-15.html
- http://secunia.com/secunia_research/2010-88/
- http://www.securityfocus.com/bid/41241
- http://www.vupen.com/english/advisories/2010/1636
- http://www.securitytracker.com/id?1024159
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7200
- http://www.securityfocus.com/archive/1/512092/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2010-2206?
The severity of CVE-2010-2206 is considered critical due to its potential for remote code execution.
How do I fix CVE-2010-2206?
To fix CVE-2010-2206, update Adobe Reader and Acrobat to version 9.3.3 or later, or 8.2.3 or later.
What type of vulnerability is CVE-2010-2206?
CVE-2010-2206 is a heap-based buffer overflow vulnerability.
Which applications are affected by CVE-2010-2206?
CVE-2010-2206 affects Adobe Reader and Acrobat version 9.x before 9.3.3 and 8.x before 8.2.3.
Can CVE-2010-2206 be exploited remotely?
Yes, CVE-2010-2206 can be exploited remotely through a specially crafted GIF image embedded in a PDF.
- collector/nvd-historical
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/remedy
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/9.0
- version/adobe acrobat reader/9.1
- version/adobe acrobat reader/9.1.1
- version/adobe acrobat reader/9.1.2
- version/adobe acrobat reader/9.1.3
- version/adobe acrobat reader/9.2
- version/adobe acrobat reader/9.3
- version/adobe acrobat reader/9.3.1
- version/adobe acrobat reader/9.3.2
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows
- canonical/adobe acrobat reader notification manager
- version/adobe acrobat reader notification manager/9.0
- version/adobe acrobat reader notification manager/9.1
- version/adobe acrobat reader notification manager/9.1.1
- version/adobe acrobat reader notification manager/9.1.2
- version/adobe acrobat reader notification manager/9.1.3
- version/adobe acrobat reader notification manager/9.2
- version/adobe acrobat reader notification manager/9.3
- version/adobe acrobat reader notification manager/9.3.1
- version/adobe acrobat reader notification manager/9.3.2
- version/adobe acrobat reader/8.0
- version/adobe acrobat reader/8.1
- version/adobe acrobat reader/8.1.1
- version/adobe acrobat reader/8.1.2
- version/adobe acrobat reader/8.1.3
- version/adobe acrobat reader/8.1.4
- version/adobe acrobat reader/8.1.5
- version/adobe acrobat reader/8.1.6
- version/adobe acrobat reader/8.1.7
- version/adobe acrobat reader/8.2
- version/adobe acrobat reader/8.2.1
- version/adobe acrobat reader/8.2.2
- version/adobe acrobat reader notification manager/8.0
- version/adobe acrobat reader notification manager/8.1
- version/adobe acrobat reader notification manager/8.1.1
- version/adobe acrobat reader notification manager/8.1.2
- version/adobe acrobat reader notification manager/8.1.4
- version/adobe acrobat reader notification manager/8.1.5
- version/adobe acrobat reader notification manager/8.1.6
- version/adobe acrobat reader notification manager/8.1.7
- version/adobe acrobat reader notification manager/8.2.1
- version/adobe acrobat reader notification manager/8.2.2