CVE-2010-0188
HIGH severity · CVSS 7.8 · actively exploited (CISA KEV)
7.8CVSS HIGH exploited ransomware
Actively exploited in the wild (CISA Known Exploited Vulnerabilities).
Known use in ransomware campaigns. Added to KEV 2022-03-03. US federal agencies must patch by 2022-03-24.
Summary
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
Impact & exploitability
Attack vectorLocal
Attack complexityLow
Privileges requiredLow
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)88%
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products we track (1)
Recommendation
This vulnerability is being actively exploited in the wild — patch affected products urgently. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://secunia.com/advisories/38639Advisory
- http://www.adobe.com/support/security/bulletins/apsb10-07.htmlAdvisory
- http://www.redhat.com/support/errata/RHSA-2010-0114.htmlAdvisory
- http://www.vupen.com/english/advisories/2010/0399Advisory
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.htmlAdvisory
- http://secunia.com/advisories/38915
- http://securitytracker.com/id?1023601Advisory
- http://www.securityfocus.com/bid/38195Advisory