CVE-2010-1297

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2010-1297
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/ Exploit
http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx Broken Link
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 Broken Link
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html Mailing List Third Party Advisory
http://secunia.com/advisories/40026 Broken Link Vendor Advisory
http://secunia.com/advisories/40034 Broken Link Vendor Advisory
http://secunia.com/advisories/40144 Broken Link
http://secunia.com/advisories/40545 Broken Link
http://secunia.com/advisories/43026 Broken Link
http://security.gentoo.org/glsa/glsa-201101-09.xml Third Party Advisory
http://securitytracker.com/id?1024057 Broken Link Third Party Advisory VDB Entry
http://securitytracker.com/id?1024058 Broken Link Third Party Advisory VDB Entry
http://securitytracker.com/id?1024085 Broken Link Third Party Advisory VDB Entry
http://securitytracker.com/id?1024086 Broken Link Third Party Advisory VDB Entry
http://support.apple.com/kb/HT4435 Broken Link
http://www.adobe.com/support/security/advisories/apsa10-01.html Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb10-14.html Not Applicable
http://www.adobe.com/support/security/bulletins/apsb10-15.html Not Applicable
http://www.exploit-db.com/exploits/13787 Third Party Advisory VDB Entry
http://www.kb.cert.org/vuls/id/486225 Third Party Advisory US Government Resource
http://www.osvdb.org/65141 Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0464.html Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0470.html Broken Link
http://www.securityfocus.com/bid/40586 Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/40759 Broken Link Third Party Advisory VDB Entry
http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt Broken Link
http://www.us-cert.gov/cas/techalerts/TA10-159A.html Third Party Advisory US Government Resource
http://www.us-cert.gov/cas/techalerts/TA10-162A.html Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2010/1348 Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2010/1349 Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2010/1421 Broken Link
http://www.vupen.com/english/advisories/2010/1432 Broken Link
http://www.vupen.com/english/advisories/2010/1434 Broken Link
http://www.vupen.com/english/advisories/2010/1453 Broken Link
http://www.vupen.com/english/advisories/2010/1482 Broken Link
http://www.vupen.com/english/advisories/2010/1522 Broken Link
http://www.vupen.com/english/advisories/2010/1636 Broken Link
http://www.vupen.com/english/advisories/2010/1793 Broken Link
http://www.vupen.com/english/advisories/2011/0192 Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/59137 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116 Broken Link
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:10.0:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:11.0:sp1:*:*:*:*:*:*
History

28 Jun 2024, 14:20

Type Values Removed Values Added
CWE NVD-CWE-noinfo CWE-787
CPE cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.3.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*		 cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:11.0:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:10.0:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
References () http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/ - () http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/ - Exploit
References () http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx - () http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx - Broken Link
References () http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 - () http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 - Broken Link
References () http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html - () http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html - () http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html - () http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html - Mailing List, Third Party Advisory
References () http://secunia.com/advisories/40026 - Vendor Advisory () http://secunia.com/advisories/40026 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/40034 - Vendor Advisory () http://secunia.com/advisories/40034 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/40144 - () http://secunia.com/advisories/40144 - Broken Link
References () http://secunia.com/advisories/40545 - () http://secunia.com/advisories/40545 - Broken Link
References () http://secunia.com/advisories/43026 - () http://secunia.com/advisories/43026 - Broken Link
References () http://security.gentoo.org/glsa/glsa-201101-09.xml - () http://security.gentoo.org/glsa/glsa-201101-09.xml - Third Party Advisory
References () http://securitytracker.com/id?1024057 - () http://securitytracker.com/id?1024057 - Broken Link, Third Party Advisory, VDB Entry
References () http://securitytracker.com/id?1024058 - () http://securitytracker.com/id?1024058 - Broken Link, Third Party Advisory, VDB Entry
References () http://securitytracker.com/id?1024085 - () http://securitytracker.com/id?1024085 - Broken Link, Third Party Advisory, VDB Entry
References () http://securitytracker.com/id?1024086 - () http://securitytracker.com/id?1024086 - Broken Link, Third Party Advisory, VDB Entry
References () http://support.apple.com/kb/HT4435 - () http://support.apple.com/kb/HT4435 - Broken Link
References () http://www.adobe.com/support/security/bulletins/apsb10-14.html - () http://www.adobe.com/support/security/bulletins/apsb10-14.html - Not Applicable
References () http://www.adobe.com/support/security/bulletins/apsb10-15.html - () http://www.adobe.com/support/security/bulletins/apsb10-15.html - Not Applicable
References () http://www.exploit-db.com/exploits/13787 - () http://www.exploit-db.com/exploits/13787 - Third Party Advisory, VDB Entry
References () http://www.kb.cert.org/vuls/id/486225 - US Government Resource () http://www.kb.cert.org/vuls/id/486225 - Third Party Advisory, US Government Resource
References () http://www.osvdb.org/65141 - () http://www.osvdb.org/65141 - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2010-0464.html - () http://www.redhat.com/support/errata/RHSA-2010-0464.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2010-0470.html - () http://www.redhat.com/support/errata/RHSA-2010-0470.html - Broken Link
References () http://www.securityfocus.com/bid/40586 - () http://www.securityfocus.com/bid/40586 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/40759 - () http://www.securityfocus.com/bid/40759 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt - () http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt - Broken Link
References () http://www.us-cert.gov/cas/techalerts/TA10-159A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA10-159A.html - Third Party Advisory, US Government Resource
References () http://www.us-cert.gov/cas/techalerts/TA10-162A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA10-162A.html - Third Party Advisory, US Government Resource
References () http://www.vupen.com/english/advisories/2010/1348 - Vendor Advisory () http://www.vupen.com/english/advisories/2010/1348 - Broken Link, Vendor Advisory
References () http://www.vupen.com/english/advisories/2010/1349 - Vendor Advisory () http://www.vupen.com/english/advisories/2010/1349 - Broken Link, Vendor Advisory
References () http://www.vupen.com/english/advisories/2010/1421 - () http://www.vupen.com/english/advisories/2010/1421 - Broken Link
References () http://www.vupen.com/english/advisories/2010/1432 - () http://www.vupen.com/english/advisories/2010/1432 - Broken Link
References () http://www.vupen.com/english/advisories/2010/1434 - () http://www.vupen.com/english/advisories/2010/1434 - Broken Link
References () http://www.vupen.com/english/advisories/2010/1453 - () http://www.vupen.com/english/advisories/2010/1453 - Broken Link
References () http://www.vupen.com/english/advisories/2010/1482 - () http://www.vupen.com/english/advisories/2010/1482 - Broken Link
References () http://www.vupen.com/english/advisories/2010/1522 - () http://www.vupen.com/english/advisories/2010/1522 - Broken Link
References () http://www.vupen.com/english/advisories/2010/1636 - () http://www.vupen.com/english/advisories/2010/1636 - Broken Link
References () http://www.vupen.com/english/advisories/2010/1793 - () http://www.vupen.com/english/advisories/2010/1793 - Broken Link
References () http://www.vupen.com/english/advisories/2011/0192 - () http://www.vupen.com/english/advisories/2011/0192 - Broken Link
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/59137 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/59137 - Third Party Advisory, VDB Entry
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116 - Broken Link
CVSS v2 : 9.3
v3 : unknown 		v2 : 9.3
v3 : 7.8
First Time Microsoft
Apple
Suse
Opensuse opensuse
Apple mac Os X
Microsoft windows
Suse linux Enterprise
Adobe air
Opensuse
Information

Published : 2010-06-08 18:30

Updated : 2024-06-28 14:20

NVD link : CVE-2010-1297

Mitre link : CVE-2010-1297

CVE.ORG link : CVE-2010-1297

JSON object : View

Products Affected

microsoft

  • windows

suse

  • linux_enterprise

opensuse

  • opensuse

adobe

  • acrobat
  • air
  • flash_player

apple

  • mac_os_x
CWE
CWE-787

Out-of-bounds Write