CVE-2010-2862

Name of the Vulnerable Software and Affected Versions Adobe Reader versions 8.2.3 and 9.3.3 Adobe Acrobat version 9.3.3

Description The issue is related to an integer overflow in CoolType.dll, which allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table. This can be exploited by a remote attacker to gain control over the system.

Recommendations For Adobe Reader versions 8.2.3 and 9.3.3, update to a version that fixes the integer overflow issue in CoolType.dll. For Adobe Acrobat version 9.3.3, update to a version that fixes the integer overflow issue in CoolType.dll. As a temporary workaround, consider avoiding the use of TrueType fonts with large maxCompositePoints values in the Maximum Profile (maxp) table until a patch is available.