CVE-2010-1297

Published: Jun 8, 2010Modified: Apr 21, 2026CISA KEV

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.

Affected (9)

Products: Adobe: Air, Flash Player, Acrobat · Opensuse: Opensuse · Suse: Linux Enterprise

3 products

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Adobe Air	Before 2.0.2.12610
Adobe Flash Player	Before 9.0.277.0
Adobe Flash Player	From 10.0 to 10.1.53.64

Configuration B

2 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Adobe Acrobat	From 8.0 to 8.2.3
Adobe Acrobat	From 9.0 to 9.3.3

Running on/with	Platform Versions
Apple Mac Os X	All versions
Microsoft Windows	All versions

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	From 11.0 to 11.2
Suse Linux Enterprise	Version 10.0 sp3
Suse Linux Enterprise	Version 11.0
Suse Linux Enterprise	Version 11.0 sp1

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (87)

http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/

Source: psirt@adobe.com

Exploit

http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx

Source: psirt@adobe.com

Broken Link

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751

Source: psirt@adobe.com

Broken Link

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

Source: psirt@adobe.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html

Source: psirt@adobe.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

Source: psirt@adobe.com

Mailing ListThird Party Advisory

http://secunia.com/advisories/40026

Source: psirt@adobe.com

Broken LinkVendor Advisory

http://secunia.com/advisories/40034

Source: psirt@adobe.com

Broken LinkVendor Advisory

http://secunia.com/advisories/40144

Source: psirt@adobe.com

Broken Link

http://secunia.com/advisories/40545

Source: psirt@adobe.com

Broken Link

http://secunia.com/advisories/43026

Source: psirt@adobe.com

Broken Link

http://security.gentoo.org/glsa/glsa-201101-09.xml

Source: psirt@adobe.com

Third Party Advisory

http://securitytracker.com/id?1024057

Source: psirt@adobe.com

Broken LinkThird Party AdvisoryVDB Entry

http://securitytracker.com/id?1024058

Source: psirt@adobe.com

Broken LinkThird Party AdvisoryVDB Entry

http://securitytracker.com/id?1024085

Source: psirt@adobe.com

Broken LinkThird Party AdvisoryVDB Entry

http://securitytracker.com/id?1024086

Source: psirt@adobe.com

Broken LinkThird Party AdvisoryVDB Entry

http://support.apple.com/kb/HT4435

Source: psirt@adobe.com

Broken Link

http://www.adobe.com/support/security/advisories/apsa10-01.html

Source: psirt@adobe.com

Vendor Advisory

http://www.adobe.com/support/security/bulletins/apsb10-14.html

Source: psirt@adobe.com

Not Applicable

http://www.adobe.com/support/security/bulletins/apsb10-15.html

Source: psirt@adobe.com

Not Applicable

http://www.exploit-db.com/exploits/13787

Source: psirt@adobe.com

Third Party AdvisoryVDB Entry

http://www.kb.cert.org/vuls/id/486225

Source: psirt@adobe.com

Third Party AdvisoryUS Government Resource

http://www.osvdb.org/65141

Source: psirt@adobe.com

Broken Link

http://www.redhat.com/support/errata/RHSA-2010-0464.html

Source: psirt@adobe.com

Broken Link

http://www.redhat.com/support/errata/RHSA-2010-0470.html

Source: psirt@adobe.com

Broken Link

http://www.securityfocus.com/bid/40586

Source: psirt@adobe.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/40759

Source: psirt@adobe.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt

Source: psirt@adobe.com

Broken Link

http://www.us-cert.gov/cas/techalerts/TA10-159A.html

Source: psirt@adobe.com

Third Party AdvisoryUS Government Resource

http://www.us-cert.gov/cas/techalerts/TA10-162A.html

Source: psirt@adobe.com

Third Party AdvisoryUS Government Resource

http://www.vupen.com/english/advisories/2010/1348

Source: psirt@adobe.com

Broken LinkVendor Advisory

http://www.vupen.com/english/advisories/2010/1349

Source: psirt@adobe.com

Broken LinkVendor Advisory

http://www.vupen.com/english/advisories/2010/1421

Source: psirt@adobe.com

Broken Link

http://www.vupen.com/english/advisories/2010/1432

Source: psirt@adobe.com

Broken Link

http://www.vupen.com/english/advisories/2010/1434

Source: psirt@adobe.com

Broken Link

http://www.vupen.com/english/advisories/2010/1453

Source: psirt@adobe.com

Broken Link

http://www.vupen.com/english/advisories/2010/1482

Source: psirt@adobe.com

Broken Link

http://www.vupen.com/english/advisories/2010/1522

Source: psirt@adobe.com

Broken Link

http://www.vupen.com/english/advisories/2010/1636

Source: psirt@adobe.com

Broken Link

http://www.vupen.com/english/advisories/2010/1793

Source: psirt@adobe.com

Broken Link

http://www.vupen.com/english/advisories/2011/0192

Source: psirt@adobe.com

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/59137

Source: psirt@adobe.com

Third Party AdvisoryVDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116

Source: psirt@adobe.com

Broken Link

http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/