SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2010-1297

Date: (C)2010-06-08 (M)2024-02-22

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE

Reference:

SECTRACK-1024057

SECTRACK-1024058

SECTRACK-1024085

SECTRACK-1024086

EXPLOIT-DB-13787

APPLE-SA-2010-11-10-1

SUSE-SA:2010:024

SUSE-SR:2010:013

adobe-authplay-code-execution(59137)

http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/

http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx

http://support.apple.com/kb/HT4435

http://www.adobe.com/support/security/advisories/apsa10-01.html

http://www.adobe.com/support/security/bulletins/apsb10-14.html

http://www.adobe.com/support/security/bulletins/apsb10-15.html

oval:org.mitre.oval:def:7116

cpe:/a:adobe:flash_player:9.0.125.0
cpe:/a:adobe:flash_player:10.0.15.3
cpe:/a:adobe:flash_player:9.0.45.0
cpe:/a:adobe:flash_player:9.0.20.0
...

oval:org.secpod.oval:def:4729
oval:org.secpod.oval:def:4727
oval:org.secpod.oval:def:18628
oval:org.secpod.oval:def:400031
...

© SecPod Technologies