CVE-2010-1297

Severity

93%

Complexity

86%

Confidentiality

165%

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 14 years ago

2010-06-08 18:30:00

Last updated 7 years ago

2017-09-19 01:30:00

Affected Software

アドビシステムズ フラッシュプレーヤー 9.0.16

9.0.16

Adobe Flash Player 9.0.18d60

9.0.18d60

Adobe Flash Player 9.0.20

9.0.20

アドビシステムズ フラッシュプレーヤー プラグイン9.0.20.0

9.0.20.0

アドビシステムズ フラッシュプレーヤー 9.0.28

9.0.28

アドビシステムズ フラッシュプレーヤー 9.0.28.0

9.0.28.0

Adobe Flash Player 9.0.31

9.0.31

Adobe Flash Player 9.0.31.0

9.0.31.0

アドビシステムズ フラッシュプレーヤー 9.0.45.0

9.0.45.0

Adobe Flash Player 9.0.47.0

9.0.47.0

アドビシステムズ フラッシュプレーヤー 9.0.48.0

9.0.48.0

Adobe Flash Player 9.0.112.0

9.0.112.0

アドビシステムズ フラッシュプレーヤー 9.0.114.0

9.0.114.0

Adobe Flash Player 9.0.115.0

9.0.115.0

Adobe Flash Player 9.0.124.0

9.0.124.0

Adobe Flash Player 9.0.125.0

9.0.125.0

Adobe Flash Player 9.0.151.0

9.0.151.0

Adobe Flash Player 9.0.152.0

9.0.152.0

Adobe Flash Player 9.0.159.0

9.0.159.0

Adobe Flash Player 9.0.246.0

9.0.246.0

Adobe Flash Player 9.0.260.0

9.0.260.0

アドビシステムズ フラッシュプレーヤー

Adobe Flash Player 10.0.0.584

10.0.0.584

Adobe Flash Player 10.0.12.10

10.0.12.10

Adobe Flash Player 10.0.12.36

10.0.12.36

Adobe Flash Player 10.0.15.3

10.0.15.3

Adobe Flash Player 10.0.22.87

10.0.22.87

Adobe Flash Player 10.0.32.18

10.0.32.18

Adobe Flash Player 10.0.42.34

10.0.42.34

Adobe Acrobat 9.0

9.0

Adobe Acrobat 9.1

9.1

Adobe Acrobat 9.1.1

9.1.1

アドビシステムズ アクロバット 9.1.2

9.1.2

アドビシステムズ アクロバット 9.1.3

9.1.3

Adobe Acrobat 9.2

9.2

Adobe Acrobat 9.3

9.3

Adobe Acrobat 9.3.1

9.3.1

アドビシステムズ アクロバット

Adobe Acrobat Reader 9.0

9.0

Adobe Acrobat Reader 9.1

9.1

Adobe Acrobat Reader 9.1.1

9.1.1

Adobe Acrobat Reader 9.1.2

9.1.2

Adobe Acrobat Reader 9.1.3

9.1.3

Adobe Acrobat Reader 9.2

9.2

Adobe Acrobat Reader 9.3

9.3

Adobe Acrobat Reader 9.3.1

9.3.1

Adobe Acrobat Reader

References

http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/

http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx

SSRT100179

APPLE-SA-2010-11-10-1

SUSE-SA:2010:024

SUSE-SR:2010:013

40026

Vendor Advisory

40034

Vendor Advisory

40144

40545

43026

GLSA-201101-09

1024057

1024058

1024085

1024086

http://support.apple.com/kb/HT4435

http://www.adobe.com/support/security/advisories/apsa10-01.html

Vendor Advisory

http://www.adobe.com/support/security/bulletins/apsb10-14.html

http://www.adobe.com/support/security/bulletins/apsb10-15.html

13787

VU#486225

US Government Resource

65141

RHSA-2010:0464

RHSA-2010:0470

40586

40759

TLSA-2010-19

TA10-159A

US Government Resource

TA10-162A

US Government Resource

ADV-2010-1348

Vendor Advisory

ADV-2010-1349

Vendor Advisory

ADV-2010-1421

ADV-2010-1432

ADV-2010-1434

ADV-2010-1453

ADV-2010-1482

ADV-2010-1522

ADV-2010-1636

ADV-2010-1793

ADV-2011-0192

adobe-authplay-code-execution(59137)

oval:org.mitre.oval:def:7116

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.