Zero-day vulnerability in Adobe Reader

Integer overflow
CVE-2010-2862

The vulnerability was presented by the researcher Charlie Miller at the Black Hat USA 2010 security conference on July, 25 in Las Vegas.

Adobe credits Google security engineer Tavis Ormandy with its discovery. Apparently this is one of the relatively rare cases where two security researchers discover the same vulnerability independently of each other. In this case Mr. Ormandy reported it to Adobe first and in private.
According to Symantec the first exploitation of the vulnerability was discovered on  2009-03-05.

Known malware:

Exploit: Boodhound.Exploit.353

Vulnerability details

Advisory: SB2010080701 - Two vulnerabilities in Adobe Reader and Acrobat

Vulnerable component: Adobe Reader

CVE-ID: CVE-2010-2862

CVSSv3 score: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Description:

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in CoolType.dll when processing TrueType fonts with a large maxCompositePoints value in a Maximum Profile (maxp) table within PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild.


Public Exploits:

External links:

http://www.adobe.com/support/security/bulletins/apsb10-17.html
https://threatpost.com/demo-cve-2010-2862-adobe-reader-flaw-exploit-090210/74418/
http://www.zdnet.com/article/adobe-confirms-pdf-security-hole-in-reader/
https://www.suse.com/fr-fr/security/cve/CVE-2010-2862
https://www.cnet.com/forums/discussions/out-of-band-security-updates-for-adobe-reader-and-acrobat-40...
http://news.softpedia.com/news/Out-of-Band-Critical-Security-Updates-for-Reader-and-Acrobat-Released...
http://www.itprofessionalservices.net/ARPatch1017.shtml
http://securitygarden.blogspot.com/2010/08/adobe-reader-and-acrobat-critical.html
ttp://www.zdnet.com/article/adobe-readies-emergency-fix-for-critical-pdf-reader-security-hole/
https://www.youtube.com/watch?v=4OL8Kwz5b6Y
http://blog.shavlik.com/new-adobe-security-advisory-released/
https://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2010/av10-033-eng.aspx
http://beqiraj.de/post/Adobe-Reader-and-Acrobat-8-2-4-update-available
http://www.planetpdf.com/enterprise/article.asp?ContentID=Adobe_releases_patch_for_Reader_and_Acroba...
http://www.bleepingcomputer.com/forums/t/340741/adobe-reader-out-of-band-security-updates-on-august-...
http://www.itproportal.com/2010/08/06/adobe-prepares-patch-zero-day-pdf-flaw/
http://www.theregister.co.uk/2010/08/05/emergency_adobe_reader_patch/
http://www.pcworld.com/article/203692/patch_critical_security_flaws_in_adobe_reader_and_acrobat.html
https://community.landesk.com/docs/DOC-14222
http://windowssecrets.com/forums/showthread.php/131549-Patch-Watch-update-Critical-Adobe-Reader-patc...
http://www.divinge.com/news/Adobe-readies-emergency-fix-for-critical-PDF-Reader-security-hole/
https://fe-ddis.dk/cfcs/CFCSDocuments/Zeroday.pdf
https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.