CVE-2010-1297
CVE-2010-1297
In short
Adobe Flash Player and Reader versions before specific dates had a flaw where specially crafted Flash files could crash the program or let attackers run malicious code on your computer.
Technical detail
CWE-787 (out-of-bounds write) in Adobe Flash Player <9.0.277.0 and 10.x <10.1.53.64, Adobe AIR <2.0.2.12610, and Adobe Reader/Acrobat 8.x/9.x affects authplay.dll and AVM2 newfunction instruction. Remote attack via crafted SWF files results in memory corruption, arbitrary code execution, or denial of service; exploited in the wild June 2010.
Summary generated and translated by AI from the official description.
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 5
cve_referencewww.exploit-db.com/exploits/13787unverifiedexploitdbwww.exploit-db.com/exploits/13787unverifiedexploitdbwww.exploit-db.com/exploits/16614unverifiedexploitdbwww.exploit-db.com/exploits/16687unverifiedexploitdbwww.exploit-db.com/exploits/14853unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspxhttp://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.htmlhttp://secunia.com/advisories/40026http://secunia.com/advisories/40034http://secunia.com/advisories/40144http://secunia.com/advisories/40545http://secunia.com/advisories/43026http://security.gentoo.org/glsa/glsa-201101-09.xml