Trusted Design

• 重大度: Unknown
• 公開日: 2010-09-09
• 更新日: 2025-10-22

概要

Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.

このCVEに関連するMITRE ATT&CKテクニック

• T1492 - Stored Data Manipulation
• T1003.002 - Security Account Manager
• T1583.002 - DNS Server
• T1192 - Spearphishing Link
• T1121 - Regsvcs/Regasm
• T1652 - Device Driver Discovery
• T1591.003 - Identify Business Tempo
• T1484.002 - Trust Modification
• T1070.002 - Clear Linux or Mac System Logs
• T1598.003 - Spearphishing Link
• T1583.005 - Botnet
• T1007 - System Service Discovery
• T1071 - Application Layer Protocol
• T1190 - Exploit Public-Facing Application
• T1558 - Steal or Forge Kerberos Tickets
• T1070.008 - Clear Mailbox Data
• T1050 - New Service
• T1518.002 - Backup Software Discovery
• T1525 - Implant Internal Image
• T1602.002 - Network Device Configuration Dump
• T1181 - Extra Window Memory Injection
• T1145 - Private Keys
• T1155 - AppleScript
• T1563 - Remote Service Session Hijacking
• T1179 - Hooking
• T1042 - Change Default File Association
• T1055.013 - Process Doppelgänging
• T1546.008 - Accessibility Features
• T1036.002 - Right-to-Left Override
• T1027.017 - SVG Smuggling
• T1649 - Steal or Forge Authentication Certificates
• T1051 - Shared Webroot
• T1218.005 - Mshta
• T1608.005 - Link Target
• T1021.007 - Cloud Services
• T1497.002 - User Activity Based Checks
• T1071.002 - File Transfer Protocols
• T1218.001 - Compiled HTML File
• T1219.003 - Remote Access Hardware
• T1601 - Modify System Image
• T1110.004 - Credential Stuffing
• T1486 - Data Encrypted for Impact
• T1587.004 - Exploits
• T1137.004 - Outlook Home Page
• T1037.003 - Network Logon Script
• T1499 - Endpoint Denial of Service
• T1027.004 - Compile After Delivery
• T1065 - Uncommonly Used Port
• T1500 - Compile After Delivery
• T1213.003 - Code Repositories
• T1565.002 - Transmitted Data Manipulation
• T1543.001 - Launch Agent
• T1059.003 - Windows Command Shell
• T1223 - Compiled HTML File
• T1159 - Launch Agent
• T1564.005 - Hidden File System
• T1046 - Network Service Discovery
• T1538 - Cloud Service Dashboard
• T1055.008 - Ptrace System Calls
• T1653 - Power Settings
• T1596.005 - Scan Databases
• T1137.002 - Office Test
• T1173 - Dynamic Data Exchange

このCVEが関連しているPulses

このCVEが関連しているPulsesはありません。

CVEの関係性グラフ

---

← CVE一覧に戻る