Executive Summary

Informations
NameCVE-2010-1297First vendor Publication2010-06-08
VendorCveLast vendor Modification2012-11-05

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:7116
 
Oval ID: oval:org.mitre.oval:def:7116
Title: Adobe Flash Player, Acrobat Reader, and Acrobat 'authplay.dll' Remote Code Execution Vulnerability
Description: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1297
Version: 27
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Flash Player
Adobe Reader
Adobe Acrobat
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application9
Application9
Application30

SAINT Exploits

DescriptionLink
Adobe Reader authplay.dll newfunction Memory CorruptionMore info here

ExploitDB Exploits

idDescription
2010-09-25Adobe Flash Player "newfunction" Invalid Pointer Use
2010-09-20Adobe Flash Player "newfunction" Invalid Pointer Use
2010-09-01MOAUB #1 - Adobe Acrobat Reader and Flash Player
2010-06-09Adobe Flash and Reader - 0day Exploit PoC (from the wild)

OpenVAS Exploits

DateDescription
2011-09-07Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)
File : nvt/gb_macosx_su10-007.nasl
2011-03-09Name : Gentoo Security Advisory GLSA 201009-05 (acroread)
File : nvt/glsa_201009_05.nasl
2011-03-09Name : Gentoo Security Advisory GLSA 201101-09 (adobe-flash)
File : nvt/glsa_201101_09.nasl
2010-07-12Name : SuSE Update for acroread SUSE-SA:2010:029
File : nvt/gb_suse_2010_029.nasl
2010-07-06Name : FreeBSD Ports: linux-flashplugin
File : nvt/freebsd_linux-flashplugin8.nasl
2010-06-23Name : SuSE Update for flash-player SUSE-SA:2010:024
File : nvt/gb_suse_2010_024.nasl
2010-06-22Name : Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Linux)
File : nvt/secpod_adobe_prdts_mult_vuln_jun10_lin.nasl
2010-06-22Name : Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Win)
File : nvt/secpod_adobe_prdts_mult_vuln_jun10_win.nasl
2010-06-15Name : Adobe Products Remote Code Execution Vulnerability - jun10 (Linux)
File : nvt/gb_adobe_prdts_code_exec_vuln_lin_jun10.nasl
2010-06-15Name : Adobe Products Remote Code Execution Vulnerability - jun10 (Win)
File : nvt/gb_adobe_prdts_code_exec_vuln_win_jun10.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
65141Adobe Multiple Products SWF Handling Arbitrary Code Execution

Snort® IPS/IDS

DateDescription
2014-01-10Adobe Flash Player newfunction memory corruption attempt
RuleID : 28676 - Revision : 1 - Type : FILE-FLASH
2014-01-10Adobe Flash Player newfunction memory corruption attempt
RuleID : 28675 - Revision : 1 - Type : FILE-FLASH
2014-01-10Adobe Flash Player newfunction memory corruption attempt
RuleID : 28674 - Revision : 1 - Type : FILE-FLASH
2014-01-10Adobe Flash Player newfunction memory corruption attempt
RuleID : 28673 - Revision : 1 - Type : FILE-FLASH
2014-01-10Teletubbies exploit kit payload download
RuleID : 27886 - Revision : 1 - Type : EXPLOIT-KIT
2014-01-10Teletubbies exploit kit exploit attempt for Adobe Flash Player
RuleID : 27881 - Revision : 1 - Type : EXPLOIT-KIT
2014-01-10Adobe Flash Player newfunction memory corruption exploit attempt
RuleID : 23592 - Revision : 5 - Type : FILE-FLASH
2014-01-10Adobe Flash Player newfunction memory corruption attempt
RuleID : 23591 - Revision : 5 - Type : FILE-FLASH
2014-01-10Adobe Flash use-after-free attack attempt
RuleID : 23579 - Revision : 4 - Type : FILE-FLASH
2014-01-10Adobe flash player newfunction memory corruption attempt
RuleID : 23512 - Revision : 3 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader authplay.dll vulnerability exploit attempt
RuleID : 23511 - Revision : 5 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader File containing Flash use-after-free attack attempt
RuleID : 23510 - Revision : 5 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader malformed Richmedia annotation exploit attempt
RuleID : 23509 - Revision : 3 - Type : FILE-PDF
2014-01-10Adobe Flash Player newfunction memory corruption attempt
RuleID : 23265 - Revision : 6 - Type : FILE-FLASH
2014-01-10Adobe Flash Player newfunction memory corruption attempt
RuleID : 23264 - Revision : 5 - Type : FILE-FLASH
2014-01-10Adobe flash player newfunction memory corruption attempt
RuleID : 23263 - Revision : 4 - Type : FILE-PDF
2014-01-10Phoenix exploit kit post-compromise behavior
RuleID : 21860 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10Phoenix exploit kit landing page
RuleID : 21640 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10Adobe Flash Player newfunction memory corruption exploit attempt
RuleID : 19408 - Revision : 7 - Type : FILE-FLASH
2014-01-10Adobe Flash Player newfunction memory corruption attempt
RuleID : 19145 - Revision : 8 - Type : FILE-FLASH
2014-01-10Adobe Acrobat Reader authplay.dll vulnerability exploit attempt
RuleID : 16664 - Revision : 7 - Type : FILE-PDF
2014-01-10Adobe Flash use-after-free attack attempt
RuleID : 16634 - Revision : 11 - Type : FILE-FLASH
2014-01-10Adobe Acrobat Reader File containing Flash use-after-free attack attempt
RuleID : 16633 - Revision : 14 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader malformed Richmedia annotation exploit attempt
RuleID : 16545 - Revision : 16 - Type : FILE-PDF

Metasploit Database

idDescription
2010-06-04 Adobe Flash Player "newfunction" Invalid Pointer Use
2010-06-04 Adobe Flash Player "newfunction" Invalid Pointer Use

Nessus® Vulnerability Scanner

DateDescription
2013-01-24Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0464.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0470.nasl - Type : ACT_GATHER_INFO
2011-01-27Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread-7087.nasl - Type : ACT_GATHER_INFO
2011-01-27Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread_ja-7086.nasl - Type : ACT_GATHER_INFO
2011-01-27Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_flash-player-7071.nasl - Type : ACT_GATHER_INFO
2011-01-24Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201101-09.nasl - Type : ACT_GATHER_INFO
2010-12-02Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_acroread-100702.nasl - Type : ACT_GATHER_INFO
2010-12-02Name : The remote SuSE 11 host is missing a security update.
File : suse_11_acroread_ja-100702.nasl - Type : ACT_GATHER_INFO
2010-12-02Name : The remote SuSE 11 host is missing a security update.
File : suse_11_flash-player-100611.nasl - Type : ACT_GATHER_INFO
2010-11-10Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO
2010-11-10Name : The remote host is missing a Mac OS X update that fixes security issues.
File : macosx_SecUpd2010-007.nasl - Type : ACT_GATHER_INFO
2010-09-08Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201009-05.nasl - Type : ACT_GATHER_INFO
2010-07-28Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0503.nasl - Type : ACT_GATHER_INFO
2010-07-09Name : The remote openSUSE host is missing a security update.
File : suse_11_0_acroread-100708.nasl - Type : ACT_GATHER_INFO
2010-07-09Name : The remote openSUSE host is missing a security update.
File : suse_11_2_acroread-100706.nasl - Type : ACT_GATHER_INFO
2010-07-09Name : The remote openSUSE host is missing a security update.
File : suse_11_1_acroread-100708.nasl - Type : ACT_GATHER_INFO
2010-06-30Name : The version of Adobe Acrobat on the remote Windows host is affected by multip...
File : adobe_acrobat_apsb10-15.nasl - Type : ACT_GATHER_INFO
2010-06-30Name : The version of Adobe Reader on the remote Windows host is affected by multipl...
File : adobe_reader_apsb10-15.nasl - Type : ACT_GATHER_INFO
2010-06-16Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_144e524a77eb11dfae06001b2134ef46.nasl - Type : ACT_GATHER_INFO
2010-06-14Name : The remote openSUSE host is missing a security update.
File : suse_11_1_flash-player-100611.nasl - Type : ACT_GATHER_INFO
2010-06-14Name : The remote openSUSE host is missing a security update.
File : suse_11_0_flash-player-100611.nasl - Type : ACT_GATHER_INFO
2010-06-14Name : The remote openSUSE host is missing a security update.
File : suse_11_2_flash-player-100611.nasl - Type : ACT_GATHER_INFO
2010-06-10Name : The remote Windows host contains a version of Adobe AIR that is affected by m...
File : adobe_air_apsb10-14.nasl - Type : ACT_GATHER_INFO
2010-06-10Name : The remote Windows host contains a browser plug-in that is affected by a code...
File : flash_player_apsb10-14.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
APPLEhttp://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
BIDhttp://www.securityfocus.com/bid/40586
http://www.securityfocus.com/bid/40759
CERThttp://www.us-cert.gov/cas/techalerts/TA10-159A.html
http://www.us-cert.gov/cas/techalerts/TA10-162A.html
CERT-VNhttp://www.kb.cert.org/vuls/id/486225
CONFIRMhttp://support.apple.com/kb/HT4435
http://www.adobe.com/support/security/advisories/apsa10-01.html
http://www.adobe.com/support/security/bulletins/apsb10-14.html
http://www.adobe.com/support/security/bulletins/apsb10-15.html
EXPLOIT-DBhttp://www.exploit-db.com/exploits/13787
GENTOOhttp://security.gentoo.org/glsa/glsa-201101-09.xml
HPhttp://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
MISChttp://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-f...
http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fu...
OSVDBhttp://www.osvdb.org/65141
REDHAThttp://www.redhat.com/support/errata/RHSA-2010-0464.html
http://www.redhat.com/support/errata/RHSA-2010-0470.html
SECTRACKhttp://securitytracker.com/id?1024057
http://securitytracker.com/id?1024058
http://securitytracker.com/id?1024085
http://securitytracker.com/id?1024086
SECUNIAhttp://secunia.com/advisories/40026
http://secunia.com/advisories/40034
http://secunia.com/advisories/40144
http://secunia.com/advisories/40545
http://secunia.com/advisories/43026
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
TURBOhttp://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt
VUPENhttp://www.vupen.com/english/advisories/2010/1348
http://www.vupen.com/english/advisories/2010/1349
http://www.vupen.com/english/advisories/2010/1421
http://www.vupen.com/english/advisories/2010/1432
http://www.vupen.com/english/advisories/2010/1434
http://www.vupen.com/english/advisories/2010/1453
http://www.vupen.com/english/advisories/2010/1482
http://www.vupen.com/english/advisories/2010/1522
http://www.vupen.com/english/advisories/2010/1636
http://www.vupen.com/english/advisories/2010/1793
http://www.vupen.com/english/advisories/2011/0192
XFhttp://xforce.iss.net/xforce/xfdb/59137

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2014-02-17 10:54:42
  • Multiple Updates
2014-01-19 21:26:46
  • Multiple Updates
2013-05-10 23:21:56
  • Multiple Updates
2012-11-07 05:19:28
  • Multiple Updates