CVE-2010-0188
CVE-2010-0188 is a high-severity vulnerability in Adobe Acrobat with a CVSS 3.x base score of 7.8. It is listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, confirming it has been exploited in the wild (added 2022-03-03).
Key facts
- Severity: High (CVSS 3.x base score 7.8)
- CVSS v2: 9.3
- EPSS exploit prediction: 88% (100th percentile)
- Actively exploited: Yes — listed in CISA KEV (added 2022-03-03)
- EU (EUVD) id: EUVD-2010-0219
- EU exploitation: Flagged exploited in the ENISA EU Vulnerability Database (since 2022-03-03)
- Affected product: Adobe Acrobat
- Published:
- Last modified:
Description
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
Advisory: CVE-2010-0188 – Adobe Reader/Acrobat Unspecified Vulnerability
AI-generated analysis based on the vulnerability data on this page.
| Attribute | Value |
|---|---|
| CVE ID | CVE-2010-0188 |
| CVSS v2 | 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) |
| CVSS v3 | 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) |
| EPSS | 0.88246 (99.75th percentile) |
| KEV | Yes (added 2022-03-03) |
| CWE | Not specified |
| Vendor | Adobe |
Summary
Adobe Reader and Acrobat versions 8.x before 8.2.1 and 9.x before 9.3.1 contain an unspecified vulnerability. A remote attacker can exploit this flaw to cause a denial of service (application crash) or potentially achieve arbitrary code execution. The exact attack vector has not been publicly disclosed.
Background
Adobe Reader and Acrobat are widely deployed document-viewing and PDF-manipulation applications used in enterprise and consumer environments globally. In early 2010, Adobe released a security bulletin (APSB10-07) addressing multiple vulnerabilities in these products. CVE-2010-0188 is one of the issues remediated in that update. The widespread use of PDF viewers makes any vulnerability in this software class a high-value target for threat actors.
Root Cause
The specific root cause of this vulnerability is unspecified in available sources. The corresponding CWE identifier is not provided in the NVD record. Based on the advisory context, the flaw likely stems from improper handling of malformed PDF content or insufficient validation of document structures during parsing, but this cannot be confirmed from the disclosed data.
Impact
The CVSS v2 base score of 9.3 (Critical) reflects a network-accessible attack vector requiring no authentication and yielding complete compromise of confidentiality, integrity, and availability. The CVSS v3 score of 7.8 (High) refines this to a local attack context with low privileges required, still resulting in high impact across all three security pillars.
In practical terms, successful exploitation could allow an attacker to:
- Crash the application (denial of service)
- Execute arbitrary code within the context of the user running Adobe Reader or Acrobat
The EPSS score of 0.88246 (99.75th percentile) indicates an exceptionally high probability of exploitation in the wild, and the CISA Known Exploited Vulnerabilities (KEV) catalog confirms active exploitation as of 2022-03-03.
Exploitation Walkthrough
Ethics & Legal Notice: The following information is provided for defensive and awareness purposes only. Attempting to exploit systems without explicit authorization is illegal and unethical. Security practitioners should use this knowledge to improve detection and hardening, not to attack systems they do not own.
Because the exact vulnerability mechanism is undisclosed, a precise technical walkthrough is not available. However, historical patterns for Adobe Reader vulnerabilities of this era typically involve:
- Delivery: An attacker distributes a maliciously crafted PDF file via email, web download, or file share.
- Triggering: The victim opens the PDF in a vulnerable version of Adobe Reader or Acrobat.
- Execution: The malformed document triggers a memory corruption condition (e.g., buffer overflow, use-after-free, or integer overflow) during parsing, leading to arbitrary code execution.
Defensive teams should treat any unsolicited PDF with suspicion and ensure that document parsers run in sandboxed or isolated environments where possible.
Affected and Patched Versions
Affected:
- Adobe Acrobat 8.x before 8.2.1
- Adobe Acrobat 9.x before 9.3.1
- Adobe Reader 8.x before 8.2.1
- Adobe Reader 9.x before 9.3.1
Patched:
- Adobe Acrobat and Reader 8.2.1 and later
- Adobe Acrobat and Reader 9.3.1 and later
Remediation
- Upgrade immediately. Apply Adobe security update APSB10-07 to bring affected installations to version 8.2.1, 9.3.1, or later.
- Compensating controls. If patching is not immediately feasible:
- Disable JavaScript execution in Adobe Reader/Acrobat preferences (many historical exploits relied on JavaScript).
- Implement application whitelisting to prevent execution of unapproved binaries.
- Use Protected Mode (sandbox) features available in newer Adobe Reader versions.
- Consider using alternative PDF viewers for non-essential document handling.
Detection
- Monitor endpoint logs for unexpected Adobe Reader/Acrobat crashes followed by suspicious child process creation.
- Look for
AcroRd32.exeorAcrobat.exespawning command shells, PowerShell, or unusual network connections.
- Look for
- Inspect email gateways and web proxies for PDF attachments or downloads that match known malicious hashes associated with this CVE.
- Correlate endpoint detection alerts with the CISA KEV entry for CVE-2010-0188 to prioritize incident response.
Assessment
This vulnerability carries both a near-maximum CVSS v2 score and an extremely high EPSS probability, compounded by confirmed inclusion in the CISA KEV catalog. The combination of widespread software deployment and proven in-the-wild exploitation makes this a critical patching priority even for legacy environments. The absence of a disclosed CWE or detailed root cause underscores a broader lesson: when vendors release security updates without full technical details, defenders should patch proactively rather than wait for proof-of-concept disclosure.
Key lessons:
- Patch velocity matters. The gap between patch release (2010) and KEV catalog inclusion (2022) suggests long-tail exploitation of legacy endpoints; organizations must maintain visibility into outdated software.
- EPSS complements CVSS. A CVSS score tells you severity; an EPSS score tells you likelihood. Together, they provide a more actionable risk signal for vulnerability prioritization.
References
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
- http://secunia.com/advisories/38639
- http://secunia.com/advisories/38915
- http://securitytracker.com/id?1023601
- http://www.adobe.com/support/security/bulletins/apsb10-07.html
- http://www.redhat.com/support/errata/RHSA-2010-0114.html
- http://www.securityfocus.com/bid/38195
- http://www.vupen.com/english/advisories/2010/0399
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56297
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8697
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0188
Frequently asked questions
- What is CVE-2010-0188?
- Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
- How severe is CVE-2010-0188?
- CVE-2010-0188 has a CVSS 3.x base score of 7.8, rated high severity. It is exploitable over local access with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2010-0188 being actively exploited?
- Yes. CVE-2010-0188 is on CISA's Known Exploited Vulnerabilities (KEV) catalog, added on 2022-03-03, which means active exploitation has been confirmed. It should be prioritised for remediation.
- What products are affected by CVE-2010-0188?
- CVE-2010-0188 primarily affects Adobe Acrobat. In total, 2 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2010-0188?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Because this CVE is known to be actively exploited, treat remediation as urgent — CISA KEV typically sets a short remediation deadline.
- Does CVE-2010-0188 have an EU (EUVD) identifier?
- Yes. CVE-2010-0188 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2010-0219. It is also flagged as exploited in the EUVD (since 2022-03-03).
- When was CVE-2010-0188 published?
- CVE-2010-0188 was published on 2010-02-22 and last updated on 2026-06-16.
References
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
- http://secunia.com/advisories/38639
- http://secunia.com/advisories/38915
- http://securitytracker.com/id?1023601
- http://www.adobe.com/support/security/bulletins/apsb10-07.html
- http://www.redhat.com/support/errata/RHSA-2010-0114.html
- http://www.securityfocus.com/bid/38195
- http://www.vupen.com/english/advisories/2010/0399
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56297
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8697
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0188
Affected products (2)
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
More vulnerabilities in Adobe Acrobat
- CVE-2018-4872 — Critical (CVSS 10.0): An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier…
- CVE-2016-1044 — Critical (CVSS 10.0): Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and…
- CVE-2016-1041 — Critical (CVSS 10.0): Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and…
- CVE-2016-1038 — Critical (CVSS 10.0): Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and…
- CVE-2015-7622 — Critical (CVSS 10.0): Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before…
- CVE-2015-6691 — Critical (CVSS 10.0): Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and…