CVE-2010-1297

Adobe Flash Player Memory Corruption Vulnerability

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

*SSVC

Descriptions

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.

Vulnerabilidad sin especificar en Adobe Flash Player v9.0.x a v9.0.262 y v10.x a v10.0.45.2, y authplay.dl en Adobe Reader y Acrobat v9.x a 9.3.2, permite a atacantes remotos ejecutar código a su elección a través de contenido SWF manipulado, se explota activamente desde Junio de 2010.

Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-04-06 CVE Reserved
2010-06-08 CVE Published
2010-06-09 First Exploit
2022-06-08 Exploited in Wild
2022-06-22 KEV Due Date
2024-08-07 CVE Updated
2024-10-25 EPSS Updated

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (50)

URL	Tag	Source
http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx	Broken Link
http://secunia.com/advisories/40144	Broken Link
http://secunia.com/advisories/40545	Broken Link
http://secunia.com/advisories/43026	Broken Link
http://securitytracker.com/id?1024057	Broken Link
http://securitytracker.com/id?1024058	Broken Link
http://securitytracker.com/id?1024085	Broken Link
http://securitytracker.com/id?1024086	Broken Link
http://support.apple.com/kb/HT4435	Broken Link
http://www.adobe.com/support/security/bulletins/apsb10-14.html	Not Applicable
http://www.adobe.com/support/security/bulletins/apsb10-15.html	Not Applicable
http://www.kb.cert.org/vuls/id/486225	Third Party Advisory
http://www.osvdb.org/65141	Broken Link
http://www.securityfocus.com/bid/40586	Broken Link
http://www.securityfocus.com/bid/40759	Broken Link
http://www.us-cert.gov/cas/techalerts/TA10-159A.html	Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA10-162A.html	Third Party Advisory
http://www.vupen.com/english/advisories/2010/1421	Broken Link
http://www.vupen.com/english/advisories/2010/1432	Broken Link
http://www.vupen.com/english/advisories/2010/1434	Broken Link
http://www.vupen.com/english/advisories/2010/1453	Broken Link
http://www.vupen.com/english/advisories/2010/1482	Broken Link
http://www.vupen.com/english/advisories/2010/1522	Broken Link
http://www.vupen.com/english/advisories/2010/1636	Broken Link
http://www.vupen.com/english/advisories/2010/1793	Broken Link
http://www.vupen.com/english/advisories/2011/0192	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/59137	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116	Broken Link
http://feliam.wordpress.com/2010/02/11/flash-on-a-pdf-with-minipdf-py

URL	Date	SRC
https://www.exploit-db.com/exploits/13787	2010-06-09
https://www.exploit-db.com/exploits/14853	2010-09-01
https://www.exploit-db.com/exploits/16614	2010-09-20
https://www.exploit-db.com/exploits/16687	2010-09-25
http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash	2024-08-07
http://www.exploit-db.com/exploits/13787	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751	2024-06-28
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html	2024-06-28
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html	2024-06-28
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html	2024-06-28
http://secunia.com/advisories/40026	2024-06-28
http://secunia.com/advisories/40034	2024-06-28
http://security.gentoo.org/glsa/glsa-201101-09.xml	2024-06-28
http://www.adobe.com/support/security/advisories/apsa10-01.html	2010-06-04
http://www.redhat.com/support/errata/RHSA-2010-0464.html	2024-06-28
http://www.redhat.com/support/errata/RHSA-2010-0470.html	2024-06-28
http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt	2024-06-28
http://www.vupen.com/english/advisories/2010/1348	2024-06-28
http://www.vupen.com/english/advisories/2010/1349	2024-06-28
https://access.redhat.com/security/cve/CVE-2010-1297	2010-06-30
https://bugzilla.redhat.com/show_bug.cgi?id=600692	2010-06-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Adobe Search vendor "Adobe"	Acrobat Search vendor "Adobe" for product "Acrobat"	>= 8.0 < 8.2.3 Search vendor "Adobe" for product "Acrobat" and version " >= 8.0 < 8.2.3"	-	Affected	in	Apple Search vendor "Apple"	Mac Os X Search vendor "Apple" for product "Mac Os X"	-	-	Safe
Adobe Search vendor "Adobe"	Acrobat Search vendor "Adobe" for product "Acrobat"	>= 8.0 < 8.2.3 Search vendor "Adobe" for product "Acrobat" and version " >= 8.0 < 8.2.3"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Adobe Search vendor "Adobe"	Acrobat Search vendor "Adobe" for product "Acrobat"	>= 9.0 < 9.3.3 Search vendor "Adobe" for product "Acrobat" and version " >= 9.0 < 9.3.3"	-	Affected	in	Apple Search vendor "Apple"	Mac Os X Search vendor "Apple" for product "Mac Os X"	-	-	Safe
Adobe Search vendor "Adobe"	Acrobat Search vendor "Adobe" for product "Acrobat"	>= 9.0 < 9.3.3 Search vendor "Adobe" for product "Acrobat" and version " >= 9.0 < 9.3.3"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Adobe Search vendor "Adobe"		Air Search vendor "Adobe" for product "Air"				< 2.0.2.12610 Search vendor "Adobe" for product "Air" and version " < 2.0.2.12610"		-		Affected
Adobe Search vendor "Adobe"		Flash Player Search vendor "Adobe" for product "Flash Player"				< 9.0.277.0 Search vendor "Adobe" for product "Flash Player" and version " < 9.0.277.0"		-		Affected
Adobe Search vendor "Adobe"		Flash Player Search vendor "Adobe" for product "Flash Player"				>= 10.0 < 10.1.53.64 Search vendor "Adobe" for product "Flash Player" and version " >= 10.0 < 10.1.53.64"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				>= 11.0 <= 11.2 Search vendor "Opensuse" for product "Opensuse" and version " >= 11.0 <= 11.2"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Search vendor "Suse" for product "Linux Enterprise"				10.0 Search vendor "Suse" for product "Linux Enterprise" and version "10.0"		sp3		Affected
Suse Search vendor "Suse"		Linux Enterprise Search vendor "Suse" for product "Linux Enterprise"				11.0 Search vendor "Suse" for product "Linux Enterprise" and version "11.0"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Search vendor "Suse" for product "Linux Enterprise"				11.0 Search vendor "Suse" for product "Linux Enterprise" and version "11.0"		sp1		Affected