CVE-2010-3654

EXPLOITED IN THE WILD

Adobe Flash Player

Title source: metasploit

Description

Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Abysssec · textremotewindows

https://www.exploit-db.com/exploits/17187

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/16667

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Unknown, Haifei Li, jduck · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/adobe_flashplayer_button.rb

View Code ZIP pw:eip

References (37)

[Various Sources] http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1

[Exploit] http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html

[Mailing List] http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html

[Vendor Advisory] http://secunia.com/advisories/41917

[Vendor Advisory] http://support.apple.com/kb/HT4435

[Vendor Advisory] http://www.adobe.com/support/security/advisories/apsa10-05.html

[Various Sources] http://www.adobe.com/support/security/bulletins/apsb10-26.html

[Various Sources] http://www.adobe.com/support/security/bulletins/apsb10-28.html

[US Government Resource] http://www.kb.cert.org/vuls/id/298081

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2010-0829.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2010-0834.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2010-0867.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2010-0934.html

[Various Sources] http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13294

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/44504

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-201101-08.xml

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-201101-09.xml

... and 17 more

Scores

EPSS 0.9356

EPSS Percentile 99.8%

Details

VulnCheck KEV 2010-10-29

InTheWild.io 2017-09-19

CWE

CWE-119

Status published

Products (50)

adobe/acrobat 9.0

adobe/acrobat 9.1

adobe/acrobat 9.1.1

adobe/acrobat 9.1.2

adobe/acrobat 9.1.3

adobe/acrobat 9.2

adobe/acrobat 9.3

adobe/acrobat 9.3.1

adobe/acrobat 9.3.2

adobe/acrobat 9.3.3

... and 40 more

Published Oct 29, 2010

Tracked Since Feb 18, 2026