Description
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Adobe / acrobat8.0 β 8.2.3
- Adobe / air2.0.2.12610
- Adobe / Flash Player9.0.277.0
- openSUSE / opensuse11.0 β 11.2
- SUSE / linux_enterprise10.0 β 10.0
- SUSE / linux_enterprise11.0 β 11.0
- SUSE / linux_enterprise11.0 β 11.0
References
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/1636
- MISChttp://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/1349
- VENDOR_ADVISORYhttp://www.adobe.com/support/security/bulletins/apsb10-15.html
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/0192
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/1421
- VENDOR_ADVISORYhttp://support.apple.com/kb/HT4435
- VENDOR_ADVISORYhttp://secunia.com/advisories/40545
- MISChttp://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/
- MISChttp://www.redhat.com/support/errata/RHSA-2010-0464.html
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/1793
- VENDOR_ADVISORYhttp://secunia.com/advisories/43026
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/1432
- MISChttp://security.gentoo.org/glsa/glsa-201101-09.xml
- MISChttp://www.us-cert.gov/cas/techalerts/TA10-162A.html
- VENDOR_ADVISORYhttp://www.adobe.com/support/security/advisories/apsa10-01.html
- MISChttp://www.kb.cert.org/vuls/id/486225
- MAILING_LISThttp://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
- MISChttp://www.securityfocus.com/bid/40759
- MISChttp://securitytracker.com/id?1024085
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
- MISChttp://securitytracker.com/id?1024057
- MISChttp://securitytracker.com/id?1024086
- VENDOR_ADVISORYhttp://secunia.com/advisories/40034
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/1434
- MISChttp://www.securityfocus.com/bid/40586
- MISChttp://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt
- MISChttp://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html
- MISChttp://securitytracker.com/id?1024058
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/1348
- EXPLOIThttp://www.exploit-db.com/exploits/13787
- VENDOR_ADVISORYhttp://www.adobe.com/support/security/bulletins/apsb10-14.html
- MISChttp://www.us-cert.gov/cas/techalerts/TA10-159A.html
- VENDOR_ADVISORYhttp://secunia.com/advisories/40144
- MISChttp://www.redhat.com/support/errata/RHSA-2010-0470.html
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/1482
- VENDOR_ADVISORYhttp://secunia.com/advisories/40026
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/59137
- MISChttp://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/1522
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116
- MISChttp://www.osvdb.org/65141
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/1453