CVE-2010-1297

HIGH KEV

Adobe Flash Player

Title source: metasploit

Description

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.

Exploits (6)

exploitdb TROJAN VERIFIED

by anonymous · textremotemultiple

https://www.exploit-db.com/exploits/13787

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/16614

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Unknown, jduck · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/adobe_flashplayer_newfunction.rb

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/16687

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Abysssec · pythonremotewindows

https://www.exploit-db.com/exploits/14853

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Unknown, jduck · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_flashplayer_newfunction.rb

View Code ZIP pw:eip

References (44)

[Exploit] http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/

[Broken Link] http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx

[Broken Link] http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751

[Mailing List, Third Party Advisory] http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

[Broken Link, Vendor Advisory] http://secunia.com/advisories/40026

[Broken Link, Vendor Advisory] http://secunia.com/advisories/40034

[Broken Link] http://secunia.com/advisories/40144

[Broken Link] http://secunia.com/advisories/40545

[Broken Link] http://secunia.com/advisories/43026

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-201101-09.xml

[Broken Link, Third Party Advisory, VDB Entry] http://securitytracker.com/id?1024057

[Broken Link, Third Party Advisory, VDB Entry] http://securitytracker.com/id?1024058

[Broken Link, Third Party Advisory, VDB Entry] http://securitytracker.com/id?1024085

[Broken Link, Third Party Advisory, VDB Entry] http://securitytracker.com/id?1024086

[Broken Link] http://support.apple.com/kb/HT4435

[Vendor Advisory] http://www.adobe.com/support/security/advisories/apsa10-01.html

[Not Applicable] http://www.adobe.com/support/security/bulletins/apsb10-14.html

[Not Applicable] http://www.adobe.com/support/security/bulletins/apsb10-15.html

... and 24 more

Scores

CVSS v3 7.8

EPSS 0.9299

EPSS Percentile 99.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2022-06-08

VulnCheck KEV 2010-06-08

InTheWild.io 2017-09-19

ENISA EUVD EUVD-2010-1326

Classification

CWE

CWE-787

Status draft

Affected Products (7)

adobe/air < 2.0.2.12610

adobe/flash_player < 9.0.277.0

adobe/acrobat < 8.2.3

opensuse/opensuse < 11.2

suse/linux_enterprise

suse/linux_enterprise

suse/linux_enterprise

Timeline

Published Jun 08, 2010

KEV Added Jun 08, 2022

Tracked Since Feb 18, 2026