NVD Vulnerability Detail

CVE-2010-4091

Summary	The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.
Publication Date	Nov. 8, 2010, 7 a.m.
Registration Date	Jan. 29, 2021, 11:07 a.m.
Last Update	Nov. 21, 2024, 10:20 a.m.

CVSS2.0 : HIGH
Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:adobe:acrobat_reader:8.0:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1.1:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1.2:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1.4:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1.5:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1.6:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1.7:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.2:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.2.1:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.2.2:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.2.3:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.2.4:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.0:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.1:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.1.1:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.1.2:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.1.3:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.2:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.3:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.3.1:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.3.2:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.3.3:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.3.4:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.4:::::::*
cpe:2.3:a:adobe:acrobat_reader:10.0:::::::*
execution environment
1	cpe:2.3:o:apple:mac_os_x::::::::
2	cpe:2.3:o:microsoft:windows::::::::

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:adobe:acrobat:8.0:::::::*
cpe:2.3:a:adobe:acrobat:8.1:::::::*
cpe:2.3:a:adobe:acrobat:8.1.1:::::::*
cpe:2.3:a:adobe:acrobat:8.1.2:::::::*
cpe:2.3:a:adobe:acrobat:8.1.3:::::::*
cpe:2.3:a:adobe:acrobat:8.1.4:::::::*
cpe:2.3:a:adobe:acrobat:8.1.5:::::::*
cpe:2.3:a:adobe:acrobat:8.1.6:::::::*
cpe:2.3:a:adobe:acrobat:8.1.7:::::::*
cpe:2.3:a:adobe:acrobat:8.2:::::::*
cpe:2.3:a:adobe:acrobat:8.2.1:::::::*
cpe:2.3:a:adobe:acrobat:8.2.2:::::::*
cpe:2.3:a:adobe:acrobat:8.2.3:::::::*
cpe:2.3:a:adobe:acrobat:8.2.4:::::::*
cpe:2.3:a:adobe:acrobat:9.0:::::::*
cpe:2.3:a:adobe:acrobat:9.1:::::::*
cpe:2.3:a:adobe:acrobat:9.1.1:::::::*
cpe:2.3:a:adobe:acrobat:9.1.2:::::::*
cpe:2.3:a:adobe:acrobat:9.1.3:::::::*
cpe:2.3:a:adobe:acrobat:9.2:::::::*
cpe:2.3:a:adobe:acrobat:9.3:::::::*
cpe:2.3:a:adobe:acrobat:9.3.1:::::::*
cpe:2.3:a:adobe:acrobat:9.3.2:::::::*
cpe:2.3:a:adobe:acrobat:9.3.3:::::::*
cpe:2.3:a:adobe:acrobat:9.3.4:::::::*
cpe:2.3:a:adobe:acrobat:9.4:::::::*
cpe:2.3:a:adobe:acrobat:10.0:::::::*
execution environment
1	cpe:2.3:o:apple:mac_os_x::::::::
2	cpe:2.3:o:microsoft:windows::::::::

Related information, measures and tools

No	URL	タグ
1	http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.html	Exploit
2	http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.html	Exploit
3	http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html
4	http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html
5	http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html
6	http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html
7	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html
8	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html
9	http://osvdb.org/69005
10	http://osvdb.org/69005
11	http://secunia.com/advisories/42095	Vendor Advisory
12	http://secunia.com/advisories/42095	Vendor Advisory
13	http://secunia.com/advisories/42401	Vendor Advisory
14	http://secunia.com/advisories/42401	Vendor Advisory
15	http://secunia.com/advisories/43025	Vendor Advisory
16	http://secunia.com/advisories/43025	Vendor Advisory
17	http://security.gentoo.org/glsa/glsa-201101-08.xml
18	http://security.gentoo.org/glsa/glsa-201101-08.xml
19	http://www.adobe.com/support/security/bulletins/apsb10-28.html	Patch Vendor Advisory
20	http://www.adobe.com/support/security/bulletins/apsb10-28.html	Patch Vendor Advisory
21	http://www.adobe.com/support/security/bulletins/apsb11-03.html
22	http://www.adobe.com/support/security/bulletins/apsb11-03.html
23	http://www.exploit-db.com/exploits/15419	Exploit
24	http://www.exploit-db.com/exploits/15419	Exploit
25	http://www.redhat.com/support/errata/RHSA-2010-0934.html
26	http://www.redhat.com/support/errata/RHSA-2010-0934.html
27	http://www.securityfocus.com/bid/44638
28	http://www.securityfocus.com/bid/44638
29	http://www.securitytracker.com/id?1024684
30	http://www.securitytracker.com/id?1024684
31	http://www.securitytracker.com/id?1025033
32	http://www.securitytracker.com/id?1025033
33	http://www.vupen.com/english/advisories/2010/2890	Vendor Advisory
34	http://www.vupen.com/english/advisories/2010/2890	Vendor Advisory
35	http://www.vupen.com/english/advisories/2010/3111	Vendor Advisory
36	http://www.vupen.com/english/advisories/2010/3111	Vendor Advisory
37	http://www.vupen.com/english/advisories/2011/0191	Vendor Advisory
38	http://www.vupen.com/english/advisories/2011/0191	Vendor Advisory
39	http://www.vupen.com/english/advisories/2011/0337	Vendor Advisory
40	http://www.vupen.com/english/advisories/2011/0337	Vendor Advisory
41	https://exchange.xforce.ibmcloud.com/vulnerabilities/62996
42	https://exchange.xforce.ibmcloud.com/vulnerabilities/62996
43	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12527
44	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12527

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

JVN Vulnerability Information

Adobe Reader および Acrobat の EScript.api プラグインにおける任意のコードを実行される脆弱性

Title	Adobe Reader および Acrobat の EScript.api プラグインにおける任意のコードを実行される脆弱性
Summary	Adobe Reader および Acrobat の EScript.api プラグインには、サービス運用妨害 (DoS) 状態となる、または任意のコードを実行される脆弱性が存在します。
Possible impacts	第三者により、巧妙に細工された PDF ドキュメントを介して、メモリの破損を誘発され、サービス運用妨害 (DoS) 状態にされる、または任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Nov. 7, 2010, midnight
Registration Date	Dec. 9, 2010, 2:54 p.m.
Last Update	Feb. 23, 2011, 3:22 p.m.

Affected System

レッドハット

Red Hat Enterprise Linux Extras 4 extras

Red Hat Enterprise Linux Extras 4.8.z extras

Red Hat Enterprise Linux Server Supplementary 6

Red Hat Enterprise Linux Workstation Supplementary 6

RHEL Desktop Supplementary 5 (client)

RHEL Desktop Supplementary 6

RHEL Supplementary 5 (server)

アドビシステムズ

Adobe Acrobat 9.4 およびそれ以前 for Windows and Macintosh

Adobe Acrobat X (10.0) およびそれ以前 for Windows and Macintosh

Adobe Reader 9.4 およびそれ以前 for Windows, Macintosh and UNIX

Adobe Reader 9.4.1 およびそれ以前 for Windows, Macintosh and UNIX

Adobe Reader X (10.0) for Windows and Macintosh

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-4091	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4091
National Vulnerability Database (NVD)
2	CVE-2010-4091	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4091

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Adobe Security Bulletin
1	APSB10-28	http://www.adobe.com/support/security/bulletins/apsb10-28.html
2	APSB11-03	http://www.adobe.com/support/security/bulletins/apsb11-03.html
Adobe セキュリティ情報
3	APSB10-28	http://www.adobe.com/jp/support/security/bulletins/apsb10-28.html
4	cpsid_88012	http://kb2.adobe.com/jp/cps/880/cpsid_88012.html
5	cpsid_89065	http://kb2.adobe.com/jp/cps/890/cpsid_89065.html
Red Hat Security Advisory
6	RHSA-2010:0934	https://rhn.redhat.com/errata/RHSA-2010-0934.html

その他

No	Name	URL
ISS X-Force Database
1	62996	http://xforce.iss.net/xforce/xfdb/62996
JPCERT 緊急報告
2	JPCERT-AT-2010-0031	http://www.jpcert.or.jp/at/2010/at100031.txt
OPEN SOURCE VULNERABILITY DATABASE (OSVDB)
3	690005	http://osvdb.org/69005
Secunia Advisory
4	SA42095	http://secunia.com/advisories/42095
SecurityFocus
5	44638	http://www.securityfocus.com/bid/44638
6	44838	http://www.securityfocus.com/bid/44838
VUPEN Security
7	VUPEN/ADV-2010-2890	http://www.vupen.com/english/advisories/2010/2890
警察庁 @police
8	アドビシステムズ社の Adobe Reader および Adobe Acrobat のセキュリティ修正プログラムについて	http://www.npa.go.jp/cyberpolice/#topics

Change Log

No	Changed Details	Date of change
0	[2010年12月09日] 掲載 [2011年02月23日] 影響を受けるシステム：アドビシステムズ (APSB11-03) の情報を追加影響を受けるシステム：アドビシステムズ (cpsid_89065) の情報を追加ベンダ情報：アドビシステムズ (APSB11-03) を追加ベンダ情報：アドビシステムズ (cpsid_89065) を追加	Feb. 17, 2018, 10:37 a.m.

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:adobe:acrobat_reader:8.0:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1.1:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1.2:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1.4:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1.5:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1.6:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1.7:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.2:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.2.1:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.2.2:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.2.3:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.2.4:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.0:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.1:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.1.1:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.1.2:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.1.3:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.2:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.3:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.3.1:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.3.2:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.3.3:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.3.4:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.4:::::::*
cpe:2.3:a:adobe:acrobat_reader:10.0:::::::*
execution environment
1	cpe:2.3:o:apple:mac_os_x::::::::
2	cpe:2.3:o:microsoft:windows::::::::

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:adobe:acrobat:8.0:::::::*
cpe:2.3:a:adobe:acrobat:8.1:::::::*
cpe:2.3:a:adobe:acrobat:8.1.1:::::::*
cpe:2.3:a:adobe:acrobat:8.1.2:::::::*
cpe:2.3:a:adobe:acrobat:8.1.3:::::::*
cpe:2.3:a:adobe:acrobat:8.1.4:::::::*
cpe:2.3:a:adobe:acrobat:8.1.5:::::::*
cpe:2.3:a:adobe:acrobat:8.1.6:::::::*
cpe:2.3:a:adobe:acrobat:8.1.7:::::::*
cpe:2.3:a:adobe:acrobat:8.2:::::::*
cpe:2.3:a:adobe:acrobat:8.2.1:::::::*
cpe:2.3:a:adobe:acrobat:8.2.2:::::::*
cpe:2.3:a:adobe:acrobat:8.2.3:::::::*
cpe:2.3:a:adobe:acrobat:8.2.4:::::::*
cpe:2.3:a:adobe:acrobat:9.0:::::::*
cpe:2.3:a:adobe:acrobat:9.1:::::::*
cpe:2.3:a:adobe:acrobat:9.1.1:::::::*
cpe:2.3:a:adobe:acrobat:9.1.2:::::::*
cpe:2.3:a:adobe:acrobat:9.1.3:::::::*
cpe:2.3:a:adobe:acrobat:9.2:::::::*
cpe:2.3:a:adobe:acrobat:9.3:::::::*
cpe:2.3:a:adobe:acrobat:9.3.1:::::::*
cpe:2.3:a:adobe:acrobat:9.3.2:::::::*
cpe:2.3:a:adobe:acrobat:9.3.3:::::::*
cpe:2.3:a:adobe:acrobat:9.3.4:::::::*
cpe:2.3:a:adobe:acrobat:9.4:::::::*
cpe:2.3:a:adobe:acrobat:10.0:::::::*
execution environment
1	cpe:2.3:o:apple:mac_os_x::::::::
2	cpe:2.3:o:microsoft:windows::::::::