Think you have a false positive on this rule?

Sid 1-52483

Message

FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt

Summary

This event is generated when a file containing an Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt is detected.

Impact

Attempted User Privilege Gain

CVE-2010-2883:

CVSS base score 9.3

CVSS impact score 10.0

CVSS exploitability score 8.6

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2010-2883: Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.

Affected systems

  • adobe acrobat 8.0.0
  • adobe acrobat 8.1
  • adobe acrobat 8.1.1
  • adobe acrobat 8.1.2
  • adobe acrobat 8.1.3
  • adobe acrobat 8.1.4
  • adobe acrobat 8.1.5
  • adobe acrobat 8.1.6
  • adobe acrobat 8.1.7
  • adobe acrobat 8.2
  • adobe acrobat 8.2.1
  • adobe acrobat 8.2.2
  • adobe acrobat 8.2.4
  • adobe acrobat 9.0
  • adobe acrobat 9.1
  • adobe acrobat 9.1.1
  • adobe acrobat 9.1.2
  • adobe acrobat 9.1.3
  • adobe acrobat 9.2
  • adobe acrobat 9.3
  • adobe acrobat 9.3.1
  • adobe acrobat 9.3.2
  • adobe acrobat 9.3.3
  • adobe acrobat 9.3.4
  • adobe acrobat_reader 8.0
  • adobe acrobat_reader 8.1
  • adobe acrobat_reader 8.1.1
  • adobe acrobat_reader 8.1.2
  • adobe acrobat_reader 8.1.4
  • adobe acrobat_reader 8.1.5
  • adobe acrobat_reader 8.1.6
  • adobe acrobat_reader 8.1.7
  • adobe acrobat_reader 8.2.1
  • adobe acrobat_reader 8.2.2
  • adobe acrobat_reader 8.2.3
  • adobe acrobat_reader 8.2.4
  • adobe acrobat_reader 9.0
  • adobe acrobat_reader 9.1
  • adobe acrobat_reader 9.1.1
  • adobe acrobat_reader 9.1.2
  • adobe acrobat_reader 9.1.3
  • adobe acrobat_reader 9.2
  • adobe acrobat_reader 9.3
  • adobe acrobat_reader 9.3.1
  • adobe acrobat_reader 9.3.2
  • adobe acrobat_reader 9.3.3
  • adobe acrobat_reader 9.3.4

Ease of attack

CVE-2010-2883:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

False negatives

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • www.adobe.com/support/security/advisories/apsa10-02.html