Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2010-2862 (GCVE-0-2010-2862)
Vulnerability from cvelistv5
Published
2010-08-05 18:00
Modified
2024-08-07 02:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40766"
},
{
"name": "TA10-231A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-231A.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/"
},
{
"name": "oval:org.mitre.oval:def:11693",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "40766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40766"
},
{
"name": "TA10-231A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-231A.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/"
},
{
"name": "oval:org.mitre.oval:def:11693",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40766"
},
{
"name": "TA10-231A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-231A.html"
},
{
"name": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf",
"refsource": "MISC",
"url": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf"
},
{
"name": "http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/",
"refsource": "MISC",
"url": "http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/"
},
{
"name": "oval:org.mitre.oval:def:11693",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2010-2862",
"datePublished": "2010-08-05T18:00:00",
"dateReserved": "2010-07-27T00:00:00",
"dateUpdated": "2024-08-07T02:46:48.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2010-2862\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2010-08-05T18:17:58.087\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de entero en CoolType.dll de Adobe Reader v8.2.3 y v9.3.3, y Acrobat v9.3.3, permite a atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de fuentes TrueType con un valor maxCompositePoints grande en una tabla Maximum Profile (maxp).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E32D68D5-6A79-454B-B14F-9BC865413E3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDC2EEB6-D5EC-430F-962A-1279C9970441\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AB9BBDE-634A-47CF-BA49-67382B547900\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/40766\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityevaluators.com/files/papers/CrashAnalysis.pdf\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-231A.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/\",\"source\":\"psirt@adobe.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://secunia.com/advisories/40766\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityevaluators.com/files/papers/CrashAnalysis.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-231A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
rhsa-2010_0636
Vulnerability from csaf_redhat
Published
2010-08-20 11:40
Modified
2024-11-14 10:49
Summary
Red Hat Security Advisory: acroread security update
Notes
Topic
Updated acroread packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise
Linux 5 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).
This update fixes a vulnerability in Adobe Reader. This vulnerability is
detailed on the Adobe security page APSB10-17, listed in the References
section. A specially-crafted PDF file could cause Adobe Reader to crash or,
potentially, execute arbitrary code as the user running Adobe Reader when
opened. (CVE-2010-2862)
Multiple security flaws were found in Adobe Flash Player embedded in Adobe
Reader. These vulnerabilities are detailed on the Adobe security page
APSB10-16, listed in the References section. A PDF file with embedded
specially-crafted SWF file could cause Adobe Reader to crash or,
potentially, execute arbitrary code as the user running Adobe Reader when
opened. (CVE-2010-0209, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215,
CVE-2010-2216)
All Adobe Reader users should install these updated packages. They contain
Adobe Reader version 9.3.4, which is not vulnerable to these issues. All
running instances of Adobe Reader must be restarted for the update to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated acroread packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise\nLinux 5 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nThis update fixes a vulnerability in Adobe Reader. This vulnerability is\ndetailed on the Adobe security page APSB10-17, listed in the References\nsection. A specially-crafted PDF file could cause Adobe Reader to crash or,\npotentially, execute arbitrary code as the user running Adobe Reader when\nopened. (CVE-2010-2862)\n\nMultiple security flaws were found in Adobe Flash Player embedded in Adobe\nReader. These vulnerabilities are detailed on the Adobe security page\nAPSB10-16, listed in the References section. A PDF file with embedded\nspecially-crafted SWF file could cause Adobe Reader to crash or,\npotentially, execute arbitrary code as the user running Adobe Reader when\nopened. (CVE-2010-0209, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215,\nCVE-2010-2216)\n\nAll Adobe Reader users should install these updated packages. They contain\nAdobe Reader version 9.3.4, which is not vulnerable to these issues. All\nrunning instances of Adobe Reader must be restarted for the update to take\neffect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0636",
"url": "https://access.redhat.com/errata/RHSA-2010:0636"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/bulletins/apsb10-16.html",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-16.html"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/bulletins/apsb10-17.html",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-17.html"
},
{
"category": "external",
"summary": "621687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=621687"
},
{
"category": "external",
"summary": "622947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=622947"
},
{
"category": "external",
"summary": "624838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=624838"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0636.json"
}
],
"title": "Red Hat Security Advisory: acroread security update",
"tracking": {
"current_release_date": "2024-11-14T10:49:47+00:00",
"generator": {
"date": "2024-11-14T10:49:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2010:0636",
"initial_release_date": "2010-08-20T11:40:00+00:00",
"revision_history": [
{
"date": "2010-08-20T11:40:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-08-20T08:09:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T10:49:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 4 Extras",
"product": {
"name": "Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "acroread-plugin-0:9.3.4-1.el4.i386",
"product": {
"name": "acroread-plugin-0:9.3.4-1.el4.i386",
"product_id": "acroread-plugin-0:9.3.4-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@9.3.4-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:9.3.4-1.el4.i386",
"product": {
"name": "acroread-0:9.3.4-1.el4.i386",
"product_id": "acroread-0:9.3.4-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@9.3.4-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:9.3.4-1.el5.i386",
"product": {
"name": "acroread-plugin-0:9.3.4-1.el5.i386",
"product_id": "acroread-plugin-0:9.3.4-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@9.3.4-1.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:9.3.4-1.el5.i386",
"product": {
"name": "acroread-0:9.3.4-1.el5.i386",
"product_id": "acroread-0:9.3.4-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@9.3.4-1.el5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.4-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-0:9.3.4-1.el4.i386"
},
"product_reference": "acroread-0:9.3.4-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.4-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3.4-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.4-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-0:9.3.4-1.el4.i386"
},
"product_reference": "acroread-0:9.3.4-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.4-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3.4-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.4-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-0:9.3.4-1.el4.i386"
},
"product_reference": "acroread-0:9.3.4-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.4-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3.4-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.4-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-0:9.3.4-1.el4.i386"
},
"product_reference": "acroread-0:9.3.4-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.4-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3.4-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.4-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-0:9.3.4-1.el5.i386"
},
"product_reference": "acroread-0:9.3.4-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.4-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
},
"product_reference": "acroread-plugin-0:9.3.4-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.4-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-0:9.3.4-1.el5.i386"
},
"product_reference": "acroread-0:9.3.4-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.4-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
},
"product_reference": "acroread-plugin-0:9.3.4-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2010-0209",
"discovery_date": "2010-08-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "622947"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2213, CVE-2010-2214, and CVE-2010-2216.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-16)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0209"
},
{
"category": "external",
"summary": "RHBZ#622947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=622947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0209",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0209"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0209",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0209"
}
],
"release_date": "2010-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-20T11:40:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0636"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-16)"
},
{
"cve": "CVE-2010-2213",
"discovery_date": "2010-08-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "622947"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2214, and CVE-2010-2216.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-16)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2213"
},
{
"category": "external",
"summary": "RHBZ#622947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=622947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2213",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2213"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2213",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2213"
}
],
"release_date": "2010-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-20T11:40:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0636"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-16)"
},
{
"cve": "CVE-2010-2214",
"discovery_date": "2010-08-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "622947"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2216.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-16)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2214"
},
{
"category": "external",
"summary": "RHBZ#622947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=622947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2214",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2214"
}
],
"release_date": "2010-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-20T11:40:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0636"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-16)"
},
{
"cve": "CVE-2010-2215",
"discovery_date": "2010-08-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "622947"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a \"click-jacking\" issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-16)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2215"
},
{
"category": "external",
"summary": "RHBZ#622947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=622947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2215",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2215"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2215",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2215"
}
],
"release_date": "2010-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-20T11:40:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0636"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-16)"
},
{
"cve": "CVE-2010-2216",
"discovery_date": "2010-08-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "622947"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2214.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-16)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2216"
},
{
"category": "external",
"summary": "RHBZ#622947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=622947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2216",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2216"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2216",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2216"
}
],
"release_date": "2010-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-20T11:40:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0636"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-16)"
},
{
"cve": "CVE-2010-2862",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2010-08-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "621687"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: integer overflow flaw allows remote arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2862"
},
{
"category": "external",
"summary": "RHBZ#621687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=621687"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2862",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2862"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2862",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2862"
}
],
"release_date": "2010-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-20T11:40:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0636"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: integer overflow flaw allows remote arbitrary code execution"
}
]
}
rhsa-2010:0636
Vulnerability from csaf_redhat
Published
2010-08-20 11:40
Modified
2025-11-08 03:27
Summary
Red Hat Security Advisory: acroread security update
Notes
Topic
Updated acroread packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise
Linux 5 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).
This update fixes a vulnerability in Adobe Reader. This vulnerability is
detailed on the Adobe security page APSB10-17, listed in the References
section. A specially-crafted PDF file could cause Adobe Reader to crash or,
potentially, execute arbitrary code as the user running Adobe Reader when
opened. (CVE-2010-2862)
Multiple security flaws were found in Adobe Flash Player embedded in Adobe
Reader. These vulnerabilities are detailed on the Adobe security page
APSB10-16, listed in the References section. A PDF file with embedded
specially-crafted SWF file could cause Adobe Reader to crash or,
potentially, execute arbitrary code as the user running Adobe Reader when
opened. (CVE-2010-0209, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215,
CVE-2010-2216)
All Adobe Reader users should install these updated packages. They contain
Adobe Reader version 9.3.4, which is not vulnerable to these issues. All
running instances of Adobe Reader must be restarted for the update to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated acroread packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise\nLinux 5 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nThis update fixes a vulnerability in Adobe Reader. This vulnerability is\ndetailed on the Adobe security page APSB10-17, listed in the References\nsection. A specially-crafted PDF file could cause Adobe Reader to crash or,\npotentially, execute arbitrary code as the user running Adobe Reader when\nopened. (CVE-2010-2862)\n\nMultiple security flaws were found in Adobe Flash Player embedded in Adobe\nReader. These vulnerabilities are detailed on the Adobe security page\nAPSB10-16, listed in the References section. A PDF file with embedded\nspecially-crafted SWF file could cause Adobe Reader to crash or,\npotentially, execute arbitrary code as the user running Adobe Reader when\nopened. (CVE-2010-0209, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215,\nCVE-2010-2216)\n\nAll Adobe Reader users should install these updated packages. They contain\nAdobe Reader version 9.3.4, which is not vulnerable to these issues. All\nrunning instances of Adobe Reader must be restarted for the update to take\neffect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0636",
"url": "https://access.redhat.com/errata/RHSA-2010:0636"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/bulletins/apsb10-16.html",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-16.html"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/bulletins/apsb10-17.html",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-17.html"
},
{
"category": "external",
"summary": "621687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=621687"
},
{
"category": "external",
"summary": "622947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=622947"
},
{
"category": "external",
"summary": "624838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=624838"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0636.json"
}
],
"title": "Red Hat Security Advisory: acroread security update",
"tracking": {
"current_release_date": "2025-11-08T03:27:23+00:00",
"generator": {
"date": "2025-11-08T03:27:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2010:0636",
"initial_release_date": "2010-08-20T11:40:00+00:00",
"revision_history": [
{
"date": "2010-08-20T11:40:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-08-20T08:09:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-08T03:27:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 4 Extras",
"product": {
"name": "Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "acroread-plugin-0:9.3.4-1.el4.i386",
"product": {
"name": "acroread-plugin-0:9.3.4-1.el4.i386",
"product_id": "acroread-plugin-0:9.3.4-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@9.3.4-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:9.3.4-1.el4.i386",
"product": {
"name": "acroread-0:9.3.4-1.el4.i386",
"product_id": "acroread-0:9.3.4-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@9.3.4-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:9.3.4-1.el5.i386",
"product": {
"name": "acroread-plugin-0:9.3.4-1.el5.i386",
"product_id": "acroread-plugin-0:9.3.4-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@9.3.4-1.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:9.3.4-1.el5.i386",
"product": {
"name": "acroread-0:9.3.4-1.el5.i386",
"product_id": "acroread-0:9.3.4-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@9.3.4-1.el5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.4-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-0:9.3.4-1.el4.i386"
},
"product_reference": "acroread-0:9.3.4-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.4-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3.4-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.4-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-0:9.3.4-1.el4.i386"
},
"product_reference": "acroread-0:9.3.4-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.4-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3.4-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.4-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-0:9.3.4-1.el4.i386"
},
"product_reference": "acroread-0:9.3.4-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.4-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3.4-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.4-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-0:9.3.4-1.el4.i386"
},
"product_reference": "acroread-0:9.3.4-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.4-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3.4-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.4-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-0:9.3.4-1.el5.i386"
},
"product_reference": "acroread-0:9.3.4-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.4-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
},
"product_reference": "acroread-plugin-0:9.3.4-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.4-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-0:9.3.4-1.el5.i386"
},
"product_reference": "acroread-0:9.3.4-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.4-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
},
"product_reference": "acroread-plugin-0:9.3.4-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2010-0209",
"discovery_date": "2010-08-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "622947"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2213, CVE-2010-2214, and CVE-2010-2216.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-16)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0209"
},
{
"category": "external",
"summary": "RHBZ#622947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=622947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0209",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0209"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0209",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0209"
}
],
"release_date": "2010-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-20T11:40:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0636"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-16)"
},
{
"cve": "CVE-2010-2213",
"discovery_date": "2010-08-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "622947"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2214, and CVE-2010-2216.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-16)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2213"
},
{
"category": "external",
"summary": "RHBZ#622947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=622947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2213",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2213"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2213",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2213"
}
],
"release_date": "2010-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-20T11:40:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0636"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-16)"
},
{
"cve": "CVE-2010-2214",
"discovery_date": "2010-08-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "622947"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2216.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-16)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2214"
},
{
"category": "external",
"summary": "RHBZ#622947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=622947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2214",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2214"
}
],
"release_date": "2010-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-20T11:40:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0636"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-16)"
},
{
"cve": "CVE-2010-2215",
"discovery_date": "2010-08-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "622947"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a \"click-jacking\" issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-16)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2215"
},
{
"category": "external",
"summary": "RHBZ#622947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=622947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2215",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2215"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2215",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2215"
}
],
"release_date": "2010-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-20T11:40:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0636"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-16)"
},
{
"cve": "CVE-2010-2216",
"discovery_date": "2010-08-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "622947"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2214.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-16)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2216"
},
{
"category": "external",
"summary": "RHBZ#622947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=622947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2216",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2216"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2216",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2216"
}
],
"release_date": "2010-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-20T11:40:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0636"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-16)"
},
{
"cve": "CVE-2010-2862",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2010-08-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "621687"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: integer overflow flaw allows remote arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2862"
},
{
"category": "external",
"summary": "RHBZ#621687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=621687"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2862",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2862"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2862",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2862"
}
],
"release_date": "2010-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-20T11:40:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0636"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: integer overflow flaw allows remote arbitrary code execution"
}
]
}
RHSA-2010:0636
Vulnerability from csaf_redhat
Published
2010-08-20 11:40
Modified
2025-11-08 03:27
Summary
Red Hat Security Advisory: acroread security update
Notes
Topic
Updated acroread packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise
Linux 5 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).
This update fixes a vulnerability in Adobe Reader. This vulnerability is
detailed on the Adobe security page APSB10-17, listed in the References
section. A specially-crafted PDF file could cause Adobe Reader to crash or,
potentially, execute arbitrary code as the user running Adobe Reader when
opened. (CVE-2010-2862)
Multiple security flaws were found in Adobe Flash Player embedded in Adobe
Reader. These vulnerabilities are detailed on the Adobe security page
APSB10-16, listed in the References section. A PDF file with embedded
specially-crafted SWF file could cause Adobe Reader to crash or,
potentially, execute arbitrary code as the user running Adobe Reader when
opened. (CVE-2010-0209, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215,
CVE-2010-2216)
All Adobe Reader users should install these updated packages. They contain
Adobe Reader version 9.3.4, which is not vulnerable to these issues. All
running instances of Adobe Reader must be restarted for the update to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated acroread packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise\nLinux 5 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nThis update fixes a vulnerability in Adobe Reader. This vulnerability is\ndetailed on the Adobe security page APSB10-17, listed in the References\nsection. A specially-crafted PDF file could cause Adobe Reader to crash or,\npotentially, execute arbitrary code as the user running Adobe Reader when\nopened. (CVE-2010-2862)\n\nMultiple security flaws were found in Adobe Flash Player embedded in Adobe\nReader. These vulnerabilities are detailed on the Adobe security page\nAPSB10-16, listed in the References section. A PDF file with embedded\nspecially-crafted SWF file could cause Adobe Reader to crash or,\npotentially, execute arbitrary code as the user running Adobe Reader when\nopened. (CVE-2010-0209, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215,\nCVE-2010-2216)\n\nAll Adobe Reader users should install these updated packages. They contain\nAdobe Reader version 9.3.4, which is not vulnerable to these issues. All\nrunning instances of Adobe Reader must be restarted for the update to take\neffect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0636",
"url": "https://access.redhat.com/errata/RHSA-2010:0636"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/bulletins/apsb10-16.html",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-16.html"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/bulletins/apsb10-17.html",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-17.html"
},
{
"category": "external",
"summary": "621687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=621687"
},
{
"category": "external",
"summary": "622947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=622947"
},
{
"category": "external",
"summary": "624838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=624838"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0636.json"
}
],
"title": "Red Hat Security Advisory: acroread security update",
"tracking": {
"current_release_date": "2025-11-08T03:27:23+00:00",
"generator": {
"date": "2025-11-08T03:27:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2010:0636",
"initial_release_date": "2010-08-20T11:40:00+00:00",
"revision_history": [
{
"date": "2010-08-20T11:40:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-08-20T08:09:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-08T03:27:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 4 Extras",
"product": {
"name": "Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "acroread-plugin-0:9.3.4-1.el4.i386",
"product": {
"name": "acroread-plugin-0:9.3.4-1.el4.i386",
"product_id": "acroread-plugin-0:9.3.4-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@9.3.4-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:9.3.4-1.el4.i386",
"product": {
"name": "acroread-0:9.3.4-1.el4.i386",
"product_id": "acroread-0:9.3.4-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@9.3.4-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:9.3.4-1.el5.i386",
"product": {
"name": "acroread-plugin-0:9.3.4-1.el5.i386",
"product_id": "acroread-plugin-0:9.3.4-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@9.3.4-1.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:9.3.4-1.el5.i386",
"product": {
"name": "acroread-0:9.3.4-1.el5.i386",
"product_id": "acroread-0:9.3.4-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@9.3.4-1.el5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.4-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-0:9.3.4-1.el4.i386"
},
"product_reference": "acroread-0:9.3.4-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.4-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3.4-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.4-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-0:9.3.4-1.el4.i386"
},
"product_reference": "acroread-0:9.3.4-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.4-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3.4-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.4-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-0:9.3.4-1.el4.i386"
},
"product_reference": "acroread-0:9.3.4-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.4-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3.4-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.4-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-0:9.3.4-1.el4.i386"
},
"product_reference": "acroread-0:9.3.4-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.4-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3.4-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.4-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-0:9.3.4-1.el5.i386"
},
"product_reference": "acroread-0:9.3.4-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.4-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
},
"product_reference": "acroread-plugin-0:9.3.4-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3.4-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-0:9.3.4-1.el5.i386"
},
"product_reference": "acroread-0:9.3.4-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3.4-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
},
"product_reference": "acroread-plugin-0:9.3.4-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2010-0209",
"discovery_date": "2010-08-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "622947"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2213, CVE-2010-2214, and CVE-2010-2216.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-16)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0209"
},
{
"category": "external",
"summary": "RHBZ#622947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=622947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0209",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0209"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0209",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0209"
}
],
"release_date": "2010-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-20T11:40:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0636"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-16)"
},
{
"cve": "CVE-2010-2213",
"discovery_date": "2010-08-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "622947"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2214, and CVE-2010-2216.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-16)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2213"
},
{
"category": "external",
"summary": "RHBZ#622947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=622947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2213",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2213"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2213",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2213"
}
],
"release_date": "2010-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-20T11:40:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0636"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-16)"
},
{
"cve": "CVE-2010-2214",
"discovery_date": "2010-08-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "622947"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2216.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-16)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2214"
},
{
"category": "external",
"summary": "RHBZ#622947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=622947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2214",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2214"
}
],
"release_date": "2010-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-20T11:40:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0636"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-16)"
},
{
"cve": "CVE-2010-2215",
"discovery_date": "2010-08-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "622947"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a \"click-jacking\" issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-16)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2215"
},
{
"category": "external",
"summary": "RHBZ#622947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=622947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2215",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2215"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2215",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2215"
}
],
"release_date": "2010-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-20T11:40:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0636"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-16)"
},
{
"cve": "CVE-2010-2216",
"discovery_date": "2010-08-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "622947"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2214.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: multiple security flaws (APSB10-16)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2216"
},
{
"category": "external",
"summary": "RHBZ#622947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=622947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2216",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2216"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2216",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2216"
}
],
"release_date": "2010-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-20T11:40:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0636"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: multiple security flaws (APSB10-16)"
},
{
"cve": "CVE-2010-2862",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2010-08-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "621687"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: integer overflow flaw allows remote arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2862"
},
{
"category": "external",
"summary": "RHBZ#621687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=621687"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2862",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2862"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2862",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2862"
}
],
"release_date": "2010-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-20T11:40:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0636"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3.4-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3.4-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-0:9.3.4-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-0:9.3.4-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3.4-1.el4.i386",
"5Client-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3.4-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3.4-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: integer overflow flaw allows remote arbitrary code execution"
}
]
}
ghsa-ghwm-gwr7-m4m2
Vulnerability from github
Published
2022-05-17 01:04
Modified
2025-04-11 03:37
VLAI Severity ?
Details
Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.
{
"affected": [],
"aliases": [
"CVE-2010-2862"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-08-05T18:17:00Z",
"severity": "HIGH"
},
"details": "Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.",
"id": "GHSA-ghwm-gwr7-m4m2",
"modified": "2025-04-11T03:37:56Z",
"published": "2022-05-17T01:04:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2862"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40766"
},
{
"type": "WEB",
"url": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-231A.html"
},
{
"type": "WEB",
"url": "http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737"
}
],
"schema_version": "1.4.0",
"severity": []
}
CERTA-2010-ALE-012
Vulnerability from certfr_alerte
Mise à jour : l'éditeur a publié un correctif le 19 août 2010.
Une vulnérabilité affecte Adobe Reader et Adobe Acrobat. Elle permet l'exécution de code arbitraire à distance.
Description
Une vulnérabilité dans le module de traitement des polices de caractères d'Adobe Reader et d'Adobe Acrobat permet l'exécution de code arbitraire à distance.
Contournement provisoire
L'éditeur annonce un correctif pour le 19 août 2010.
En attendant, le CERTA recommande d'utiliser des logiciels alternatifs à jour.
Pour mémoire, plusieurs bonnes pratiques peuvent aider à protéger les utilisateurs :
- s'assurer que les greffons de navigateur permettant d'ouvrir les fichiers PDF n'utilisent pas les logiciels faisant l'objet de cette alerte ;
- désactiver l'interprétation du JavaScript ;
- utiliser un compte avec des droits limités ;
- de convertir les fichiers suspects au format Postscript puis de nouveau au format PDF sur une machine sas ;
- de n'ouvrir que des fichiers provenant de sources vérifiées et sûres.
Ces mesures ne sont pas des garanties de protection contre cette vulnérabilité mais peuvent en limiter les impacts.
Solution
La version 9.3.4 d'Adobe Reader et Acrobat, ainsi que la version 8.2.4 d'Adobe Reader remédient à cette vulnérabilité.
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Adobe Reader et Adobe Acrobat, versions 9.3.3 et antérieures, pour toutes les plateformes.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eAdobe Reader et Adobe Acrobat, versions 9.3.3 et ant\u00e9rieures, pour toutes les plateformes.\u003c/p\u003e",
"closed_at": "2010-08-20",
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans le module de traitement des polices de caract\u00e8res\nd\u0027Adobe Reader et d\u0027Adobe Acrobat permet l\u0027ex\u00e9cution de code arbitraire\n\u00e0 distance.\n\n## Contournement provisoire\n\nL\u0027\u00e9diteur annonce un correctif pour le 19 ao\u00fbt 2010.\n\nEn attendant, le CERTA recommande d\u0027utiliser des logiciels alternatifs \u00e0\njour.\n\n \n \n\nPour m\u00e9moire, plusieurs bonnes pratiques peuvent aider \u00e0 prot\u00e9ger les\nutilisateurs :\n\n- s\u0027assurer que les greffons de navigateur permettant d\u0027ouvrir les\n fichiers PDF n\u0027utilisent pas les logiciels faisant l\u0027objet de cette\n alerte ;\n- d\u00e9sactiver l\u0027interpr\u00e9tation du JavaScript ;\n- utiliser un compte avec des droits limit\u00e9s ;\n- de convertir les fichiers suspects au format Postscript puis de\n nouveau au format PDF sur une machine sas ;\n- de n\u0027ouvrir que des fichiers provenant de sources v\u00e9rifi\u00e9es et\n s\u00fbres.\n\nCes mesures ne sont pas des garanties de protection contre cette\nvuln\u00e9rabilit\u00e9 mais peuvent en limiter les impacts.\n\n## Solution\n\nLa version 9.3.4 d\u0027Adobe Reader et Acrobat, ainsi que la version 8.2.4\nd\u0027Adobe Reader rem\u00e9dient \u00e0 cette vuln\u00e9rabilit\u00e9.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-2862",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2862"
}
],
"initial_release_date": "2010-08-06T00:00:00",
"last_revision_date": "2010-08-20T00:00:00",
"links": [
{
"title": "Avis CERTA-2010-AVI-394 du 20 ao\u00fbt 2010 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-AVI-394/"
}
],
"reference": "CERTA-2010-ALE-012",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-08-06T00:00:00.000000"
},
{
"description": "publication du correctif.",
"revision_date": "2010-08-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Mise \u00e0 jour : l\u0027\u00e9diteur a publi\u00e9 un correctif le 19 ao\u00fbt 2010.\n\nUne vuln\u00e9rabilit\u00e9 affecte Adobe Reader et Adobe Acrobat. Elle permet\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Adobe Reader et Adobe Acrobat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB10-17 du 19 ao\u00fbt 2010",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-17.html"
}
]
}
CERTA-2010-AVI-394
Vulnerability from certfr_avis
Une vulnérabilité affecte Adobe Reader et Adobe Acrobat. Elle permet l'exécution de code arbitraire à distance.
Description
Une vulnérabilité dans le module de traitement des polices de caractères d'Adobe Reader et d'Adobe Acrobat permet l'exécution de code arbitraire à distance.
Solution
La version 9.3.4 d'Adobe Reader et Acrobat, ainsi que la version 8.2.4 d'Adobe Reader remédient à cette vulnérabilité.
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Adobe Reader et Adobe Acrobat, versions 9.3.3 et antérieures, pour toutes les plateformes.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eAdobe Reader et Adobe Acrobat, versions 9.3.3 et ant\u00e9rieures, pour toutes les plateformes.\u003c/p\u003e",
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans le module de traitement des polices de caract\u00e8res\nd\u0027Adobe Reader et d\u0027Adobe Acrobat permet l\u0027ex\u00e9cution de code arbitraire\n\u00e0 distance.\n\n## Solution\n\nLa version 9.3.4 d\u0027Adobe Reader et Acrobat, ainsi que la version 8.2.4\nd\u0027Adobe Reader rem\u00e9dient \u00e0 cette vuln\u00e9rabilit\u00e9.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-2862",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2862"
}
],
"initial_release_date": "2010-08-20T00:00:00",
"last_revision_date": "2010-08-20T00:00:00",
"links": [
{
"title": "Alerte CERTA-2010-ALE-012 du 20 ao\u00fbt 2010 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-ALE-012/"
}
],
"reference": "CERTA-2010-AVI-394",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-08-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 affecte Adobe Reader et Adobe Acrobat. Elle permet\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Adobe Acrobat et Reader",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB10-17 du 19 ao\u00fbt 2010",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-17.html"
}
]
}
gsd-2010-2862
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2010-2862",
"description": "Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.",
"id": "GSD-2010-2862",
"references": [
"https://www.suse.com/security/cve/CVE-2010-2862.html",
"https://access.redhat.com/errata/RHSA-2010:0636"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2010-2862"
],
"details": "Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.",
"id": "GSD-2010-2862",
"modified": "2023-12-13T01:21:30.933391Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40766"
},
{
"name": "TA10-231A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-231A.html"
},
{
"name": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf",
"refsource": "MISC",
"url": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf"
},
{
"name": "http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/",
"refsource": "MISC",
"url": "http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/"
},
{
"name": "oval:org.mitre.oval:def:11693",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2862"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40766",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40766"
},
{
"name": "http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/",
"refsource": "MISC",
"tags": [],
"url": "http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/"
},
{
"name": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf",
"refsource": "MISC",
"tags": [],
"url": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf"
},
{
"name": "TA10-231A",
"refsource": "CERT",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-231A.html"
},
{
"name": "oval:org.mitre.oval:def:11693",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2017-09-19T01:31Z",
"publishedDate": "2010-08-05T18:17Z"
}
}
}
fkie_cve-2010-2862
Vulnerability from fkie_nvd
Published
2010-08-05 18:17
Modified
2025-04-11 00:51
Severity ?
Summary
Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | http://secunia.com/advisories/40766 | Vendor Advisory | |
| psirt@adobe.com | http://securityevaluators.com/files/papers/CrashAnalysis.pdf | ||
| psirt@adobe.com | http://www.us-cert.gov/cas/techalerts/TA10-231A.html | US Government Resource | |
| psirt@adobe.com | http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/ | ||
| psirt@adobe.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/40766 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityevaluators.com/files/papers/CrashAnalysis.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA10-231A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | acrobat_reader | 8.2.3 | |
| adobe | acrobat_reader | 9.3.3 | |
| adobe | acrobat | 9.3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E32D68D5-6A79-454B-B14F-9BC865413E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC2EEB6-D5EC-430F-962A-1279C9970441",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB9BBDE-634A-47CF-BA49-67382B547900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table."
},
{
"lang": "es",
"value": "Desbordamiento de entero en CoolType.dll de Adobe Reader v8.2.3 y v9.3.3, y Acrobat v9.3.3, permite a atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de fuentes TrueType con un valor maxCompositePoints grande en una tabla Maximum Profile (maxp)."
}
],
"id": "CVE-2010-2862",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-08-05T18:17:58.087",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40766"
},
{
"source": "psirt@adobe.com",
"url": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf"
},
{
"source": "psirt@adobe.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-231A.html"
},
{
"source": "psirt@adobe.com",
"url": "http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/"
},
{
"source": "psirt@adobe.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-231A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11693"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…