CVE-2010-1297

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.

References

http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/

http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

http://secunia.com/advisories/40026

http://secunia.com/advisories/40034

http://secunia.com/advisories/40144

http://secunia.com/advisories/40545

http://secunia.com/advisories/43026

http://security.gentoo.org/glsa/glsa-201101-09.xml

http://securitytracker.com/id?1024057

http://securitytracker.com/id?1024058

http://securitytracker.com/id?1024085

http://securitytracker.com/id?1024086

http://support.apple.com/kb/HT4435

http://www.adobe.com/support/security/advisories/apsa10-01.html

http://www.adobe.com/support/security/bulletins/apsb10-14.html

http://www.adobe.com/support/security/bulletins/apsb10-15.html

http://www.exploit-db.com/exploits/13787

http://www.kb.cert.org/vuls/id/486225

http://www.osvdb.org/65141

http://www.redhat.com/support/errata/RHSA-2010-0464.html

http://www.redhat.com/support/errata/RHSA-2010-0470.html

http://www.securityfocus.com/bid/40586

http://www.securityfocus.com/bid/40759

http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt

http://www.us-cert.gov/cas/techalerts/TA10-159A.html

http://www.us-cert.gov/cas/techalerts/TA10-162A.html

http://www.vupen.com/english/advisories/2010/1348

http://www.vupen.com/english/advisories/2010/1349

http://www.vupen.com/english/advisories/2010/1421

http://www.vupen.com/english/advisories/2010/1432

http://www.vupen.com/english/advisories/2010/1434

http://www.vupen.com/english/advisories/2010/1453

http://www.vupen.com/english/advisories/2010/1482

http://www.vupen.com/english/advisories/2010/1522

http://www.vupen.com/english/advisories/2010/1636

http://www.vupen.com/english/advisories/2010/1793

http://www.vupen.com/english/advisories/2011/0192

https://exchange.xforce.ibmcloud.com/vulnerabilities/59137

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116

Details

Source: MITRE

Published: 2010-06-08

Updated: 2017-09-19

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* versions up to 9.0.262.0 (inclusive)

Configuration 2

OR

cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* versions up to 10.0.45.2 (inclusive)

Configuration 3

OR

cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.3.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:* versions up to 9.3.2 (inclusive)

Configuration 4

OR

cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:* versions up to 9.3.2 (inclusive)

Tenable Plugins

View all (27 total)

IDNameProductFamilySeverity
63936RHEL 3 / 4 : flash-plugin (RHSA-2010:0470)NessusRed Hat Local Security Checks
high
63935RHEL 5 : flash-plugin (RHSA-2010:0464)NessusRed Hat Local Security Checks
high
51736SuSE 10 Security Update : flash-player (ZYPP Patch Number 7071)NessusSuSE Local Security Checks
high
51713SuSE 10 Security Update : acroread (ZYPP Patch Number 7086)NessusSuSE Local Security Checks
high
51701SuSE 10 Security Update : acroread (ZYPP Patch Number 7087)NessusSuSE Local Security Checks
high
51658GLSA-201101-09 : Adobe Flash Player: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
50901SuSE 11 / 11.1 Security Update : flash-player (SAT Patch Numbers 2539 / 2541)NessusSuSE Local Security Checks
high
50886SuSE 11 / 11.1 Security Update : acroread (SAT Patch Numbers 2637 / 2641)NessusSuSE Local Security Checks
high
50882SuSE 11 / 11.1 Security Update : acroread (SAT Patch Numbers 2639 / 2640)NessusSuSE Local Security Checks
high
800791Mac OS X 10.6 < 10.6.5 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5705Mac OS X 10.6 < 10.6.5 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
50549Mac OS X Multiple Vulnerabilities (Security Update 2010-007)NessusMacOS X Local Security Checks
high
50548Mac OS X 10.6.x < 10.6.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
49126GLSA-201009-05 : Adobe Reader: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
47869RHEL 4 / 5 : acroread (RHSA-2010:0503)NessusRed Hat Local Security Checks
high
47694openSUSE Security Update : acroread (openSUSE-SU-2010:0359-1)NessusSuSE Local Security Checks
high
47692openSUSE Security Update : acroread (openSUSE-SU-2010:0359-1)NessusSuSE Local Security Checks
high
47690openSUSE Security Update : acroread (openSUSE-SU-2010:0359-1)NessusSuSE Local Security Checks
high
47165Adobe Reader < 9.3.3 / 8.2.3 Multiple Vulnerabilities (APSB10-15)NessusWindows
high
47164Adobe Acrobat < 9.3.3 / 8.2.3 Multiple Vulnerabilities (APSB10-15)NessusWindows
high
47025FreeBSD : linux-flashplugin -- multiple vulnerabilities (144e524a-77eb-11df-ae06-001b2134ef46)NessusFreeBSD Local Security Checks
high
46881openSUSE Security Update : flash-player (openSUSE-SU-2010:0321-1)NessusSuSE Local Security Checks
high
46880openSUSE Security Update : flash-player (openSUSE-SU-2010:0321-1)NessusSuSE Local Security Checks
high
46879openSUSE Security Update : flash-player (openSUSE-SU-2010:0321-1)NessusSuSE Local Security Checks
high
5569Flash Player < 10.1.53.64 / 9.0.277.0 Multiple Vulnerabilities (APSB10-14)Nessus Network MonitorWeb Clients
medium
46859Flash Player < 9.0.277.0 / 10.1.53.63 Multiple Vulnerabilities (ASPB10-14)NessusWindows
high
46858Adobe AIR < 2.0.2.12610 Multiple Vulnerabilities (ASPB10-14)NessusWindows
high