CVE-2010-2206 | Vulnerability Database | Aqua Security

Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and triggers a heap-based buffer overflow.

Affected Software

Name	Vendor	Start Version	End Version
Acrobat	Adobe	9.0 (including)	9.0 (including)
Acrobat	Adobe	9.1 (including)	9.1 (including)
Acrobat	Adobe	9.1.1 (including)	9.1.1 (including)
Acrobat	Adobe	9.1.2 (including)	9.1.2 (including)
Acrobat	Adobe	9.1.3 (including)	9.1.3 (including)
Acrobat	Adobe	9.2 (including)	9.2 (including)
Acrobat	Adobe	9.3 (including)	9.3 (including)
Acrobat	Adobe	9.3.1 (including)	9.3.1 (including)
Acrobat	Adobe	9.3.2 (including)	9.3.2 (including)
Extras for RHEL 4	RedHat	acroread-0:9.3.3-2.el4	*
Supplementary for Red Hat Enterprise Linux 5	RedHat	acroread-0:9.3.3-1.el5	*
Acroread	Ubuntu	dapper	*
Acroread	Ubuntu	hardy	*
Acroread	Ubuntu	jaunty	*
Acroread	Ubuntu	karmic	*
Acroread	Ubuntu	lucid	*
Acroread	Ubuntu	upstream	*

References

http://secunia.com/secunia_research/2010-88/
http://www.adobe.com/support/security/bulletins/apsb10-15.html
http://www.securityfocus.com/archive/1/512092/100/0/threaded
http://www.securityfocus.com/bid/41241
http://www.securitytracker.com/id?1024159
http://www.vupen.com/english/advisories/2010/1636
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7200
http://secunia.com/secunia_research/2010-88/
http://www.adobe.com/support/security/bulletins/apsb10-15.html
http://www.securityfocus.com/archive/1/512092/100/0/threaded
http://www.securityfocus.com/bid/41241
http://www.securitytracker.com/id?1024159
http://www.vupen.com/english/advisories/2010/1636
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7200

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-2206
CWE	https://cwe.mitre.org/data/definitions/189.html