Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
HighCISA KEVExploited in the wildPublic exploit

Adobe Reader and Acrobat LibTIFF vulnerability

IdentifiersCVE-2010-0188CWE-119

CVE-2010-0188 is an unspecified vulnerability in Adobe Reader and Acrobat affecting 8.x before 8.2.1 and 9.x before 9.3.1. The provided content and historical exploit-kit references consistently associate this issue with PDF-based exploitation and label it as a "PDF LibTIFF" vulnerability, indicating the flaw was triggered through malicious PDF content involving Adobe's handling of LibTIFF-related data. Adobe's public description in the provided data states that successful exploitation could cause an application crash and could possibly allow arbitrary code execution. The vulnerability was widely weaponized in exploit kits including Blackhole, Nuclear, Sakura, Styx, Fiesta, White Lotus, HiMan, Impact, CritXPack, Sweet Orange, Redkit, Grandsoft, and others, demonstrating reliable remote exploitation against vulnerable Reader/Acrobat installations.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can crash Adobe Reader or Acrobat, causing a denial of service. The available vendor description also states that arbitrary code execution may be possible. In practical terms, the supporting content shows the vulnerability was repeatedly used by exploit kits to deliver malware payloads, including banking malware and ransomware, so impact for a successfully exploited target can include execution of attacker-supplied code in the context of the user opening or rendering the malicious PDF, followed by malware installation and initial access.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, reduce exposure by disabling or restricting Adobe Reader/Acrobat use on untrusted PDFs, blocking PDF delivery from untrusted web sources and email where feasible, and using browser, email, and web-content filtering to prevent delivery of exploit-kit PDFs. Additional mitigations include application allowlisting, endpoint protections that block exploit behavior or child-process/payload execution from PDF readers, and isolating PDF rendering in sandboxed or virtualized environments. Because this vulnerability was heavily exploited through drive-by exploit kits, limiting access to untrusted websites and disabling vulnerable legacy plugin/browser integrations also reduces risk.

Remediation

Patch, then assume compromise.

Upgrade Adobe Reader and Acrobat to fixed versions. The provided content identifies affected versions as Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1, so remediation is to update 8.x deployments to 8.2.1 or later and 9.x deployments to 9.3.1 or later. Standard remediation should also include removing unsupported legacy Reader/Acrobat versions from the environment and validating that PDF-handling endpoints are fully patched.
PUBLIC EXPLOITS

Exploits

No valid public exploits. Mallory filtered out 1 candidate as fakes, detection scripts, or README-only repos.

VALID 0 / 1 TOTALView more in app

All candidate exploits were filtered out by Mallory's validation.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
AdobeAcrobatapplication
AdobeAcrobat Readerapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

8 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

8 SOURCESView more in app
socradar blogNews
Feb 20, 2026
Dark Web Profile: Lotus Blossom

A legacy Adobe Reader/Acrobat vulnerability referenced as exploited in early Lotus Blossom activity; specific technical details are not provided in the content.

Read more
vulncheck blogNews
Mar 2, 2023
The VulnCheck 2022 Exploited Vulnerability Report - A Year Long the CISA KEV Catalog - Blog - VulnCheck Review of the CISA KEV Catalog

A vulnerability heavily used by ransomware variants (details not specified in content).

Read more
contagiodump blogNews
May 12, 2015
contagio: An Overview of Exploit Packs (Update 25) May 2015

An Adobe Reader LibTIFF-related vulnerability that became a staple exploit in numerous exploit kits over multiple years.

Read more
malware dontneedcoffeeNews
Sep 30, 2013
HiMan Exploit Kit. Say Hi to one more.

A likely Adobe Reader/libtiff-related vulnerability used by the HiMan exploit kit through a malicious PDF to retrieve a malware payload.

Read more
+4 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence1

Every observed campaign linking this CVE to a named adversary.

Associated malware6

Malware families riding this exploit, with evidence and IOCs.

Detection signatures1

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2010-0188
NVD
nvd.nist.gov/vuln/detail/CVE-2010-0188
MITRE CWE · CWE-119
cwe.mitre.org
Third Party Advisory
lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
Third Party Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/56297
US Government Resource
cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0188