CVE - CVE-2010-1297

CVE-ID
CVE-2010-1297	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
EXPLOIT-DB:13787 URL:http://www.exploit-db.com/exploits/13787 MISC:http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/ MISC:http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx CONFIRM:http://www.adobe.com/support/security/advisories/apsa10-01.html CONFIRM:http://www.adobe.com/support/security/bulletins/apsb10-14.html CONFIRM:http://www.adobe.com/support/security/bulletins/apsb10-15.html CONFIRM:http://support.apple.com/kb/HT4435 APPLE:APPLE-SA-2010-11-10-1 URL:http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html GENTOO:GLSA-201101-09 URL:http://security.gentoo.org/glsa/glsa-201101-09.xml HP:HPSBMA02547 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 HP:SSRT100179 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 REDHAT:RHSA-2010:0464 URL:http://www.redhat.com/support/errata/RHSA-2010-0464.html REDHAT:RHSA-2010:0470 URL:http://www.redhat.com/support/errata/RHSA-2010-0470.html SUSE:SUSE-SA:2010:024 URL:http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html SUSE:SUSE-SR:2010:013 URL:http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html TURBO:TLSA-2010-19 URL:http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt CERT:TA10-162A URL:http://www.us-cert.gov/cas/techalerts/TA10-162A.html CERT:TA10-159A URL:http://www.us-cert.gov/cas/techalerts/TA10-159A.html CERT-VN:VU#486225 URL:http://www.kb.cert.org/vuls/id/486225 BID:40586 URL:http://www.securityfocus.com/bid/40586 BID:40759 URL:http://www.securityfocus.com/bid/40759 OSVDB:65141 URL:http://www.osvdb.org/65141 OVAL:oval:org.mitre.oval:def:7116 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116 SECTRACK:1024057 URL:http://securitytracker.com/id?1024057 SECTRACK:1024058 URL:http://securitytracker.com/id?1024058 SECTRACK:1024085 URL:http://securitytracker.com/id?1024085 SECTRACK:1024086 URL:http://securitytracker.com/id?1024086 SECUNIA:40026 URL:http://secunia.com/advisories/40026 SECUNIA:40034 URL:http://secunia.com/advisories/40034 SECUNIA:40144 URL:http://secunia.com/advisories/40144 SECUNIA:40545 URL:http://secunia.com/advisories/40545 SECUNIA:43026 URL:http://secunia.com/advisories/43026 VUPEN:ADV-2010-1348 URL:http://www.vupen.com/english/advisories/2010/1348 VUPEN:ADV-2010-1349 URL:http://www.vupen.com/english/advisories/2010/1349 VUPEN:ADV-2010-1453 URL:http://www.vupen.com/english/advisories/2010/1453 VUPEN:ADV-2010-1421 URL:http://www.vupen.com/english/advisories/2010/1421 VUPEN:ADV-2010-1432 URL:http://www.vupen.com/english/advisories/2010/1432 VUPEN:ADV-2010-1434 URL:http://www.vupen.com/english/advisories/2010/1434 VUPEN:ADV-2010-1482 URL:http://www.vupen.com/english/advisories/2010/1482 VUPEN:ADV-2010-1522 URL:http://www.vupen.com/english/advisories/2010/1522 VUPEN:ADV-2010-1793 URL:http://www.vupen.com/english/advisories/2010/1793 VUPEN:ADV-2011-0192 URL:http://www.vupen.com/english/advisories/2011/0192 VUPEN:ADV-2010-1636 URL:http://www.vupen.com/english/advisories/2010/1636 XF:adobe-authplay-code-execution(59137) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/59137
Assigning CNA
N/A
Date Entry Created
20100406	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20100406)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org