Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2010-1297

Published: 08/06/2010 Updated: 19/09/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 950
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Adobe

Vulnerability Summary

Adobe Flash Player prior to 9.0.277.0 and 10.x prior to 10.1.53.64; Adobe AIR prior to 2.0.2.12610; and Adobe Reader and Acrobat 9.x prior to 9.3.3, and 8.x prior to 8.2.3 on Windows and Mac OS X, allow remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

adobe flash player 9.0.125.0

adobe flash player 9.0.151.0

adobe flash player 9.0.246.0

adobe flash player 9.0.260.0

adobe flash player 9.0.28

adobe flash player

adobe flash player 9.0.152.0

adobe flash player 9.0.159.0

adobe flash player 9.0.28.0

adobe flash player 9.0.31

adobe flash player 9.0.115.0

adobe flash player 9.0.124.0

adobe flash player 9.0.20

adobe flash player 9.0.20.0

adobe flash player 9.0.47.0

adobe flash player 9.0.48.0

adobe flash player 9.0.112.0

adobe flash player 9.0.114.0

adobe flash player 9.0.16

adobe flash player 9.0.18d60

adobe flash player 9.0.31.0

adobe flash player 9.0.45.0

adobe flash player 10.0.42.34

adobe flash player 10.0.0.584

adobe flash player 10.0.12.10

adobe flash player 10.0.22.87

adobe flash player 10.0.32.18

adobe flash player 10.0.12.36

adobe flash player 10.0.15.3

adobe acrobat 9.1.1

adobe acrobat 9.1

adobe acrobat

adobe acrobat 9.0

adobe acrobat 9.2

adobe acrobat 9.1.3

adobe acrobat 9.1.2

adobe acrobat 9.3.1

adobe acrobat 9.3

adobe acrobat reader 9.1.3

adobe acrobat reader 9.1.2

adobe acrobat reader 9.1.1

adobe acrobat reader 9.1

adobe acrobat reader 9.3

adobe acrobat reader 9.2

adobe acrobat reader

adobe acrobat reader 9.3.1

adobe acrobat reader 9.0

Exploits

Exploit DB: Adobe Flash Player - 'newfunction' Invalid Pointer Use (Metasploit) (1)
## # $Id: adobe_flashplayer_newfunctionrb 10394 2010-09-20 08:06:27Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'ms ...
Exploit DB: Adobe Acrobat Reader and Flash Player - 'newclass' Invalid Pointer
''' __ __ ____ _ _ ____ | \/ |/ __ \ /\ | | | | _ \ | \ / | | | | / \ | | | | |_) | | |\/| | | | |/ /\ \| | | | _ < Day 1 (Binary Analysis) | | | | |__| / ____ \ |__| | |_) | |_| |_|\____/_/ \_\____/|____/ wwwexploit-dbcom/adobe-acrobat-newclass-invalid-pointer-vulnerability/ github ...
Exploit DB: Adobe Flash Player - 'newfunction' Invalid Pointer Use (Metasploit) (2)
## # $Id: adobe_flashplayer_newfunctionrb 10477 2010-09-25 11:59:02Z mc $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/c ...
Exploit DB: Adobe Flash / Reader - Live Malware
# Exploit-DB Note - Live POC originally found at qooporg/security/poc/cve-2010-1297/ # File is malicious! Taken from the wild! Beware! # To decrypt the file: # openssl aes-256-cbc -d -a -in adobe-0day-2010-1297tarenc -out adobe-0day-2010-1297tar # Password is "edb" without the quotes NOTE: This was taken out of live malware and was no ...
Exploit DB: Month Of Abysssec Undisclosed Bugs - Adobe Reader / Flash Invalid Pointer
Month Of Abysssec Undisclosed Bugs - Adobe Acrobat Reader and Flash Player suffer from a "newclass" invalid pointer vulnerability ...
Exploit DB: Adobe Flash Player newfunction Invalid Pointer Use
This Metasploit module exploits a vulnerability in the DoABC tag handling within versions 9x and 100 of Adobe Flash Player Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document An AcroJS heap s ...
Exploit DB: Adobe Flash Player newfucntion Invalid Pointer Use
This Metasploit module exploits a vulnerability in the DoABC tag handling within versions 9x and 100 of Adobe Flash Player Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document An AcroJS heap s ...

Recent Articles

Investigation Report for the September 2014 Equation malware detection incident in the US
Securelist • Kaspersky Lab • 16 Nov 2017

In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were tr...

Read more...

References

NVD-CWE-noinfohttp://securitytracker.com/id?1024057http://secunia.com/advisories/40034http://www.adobe.com/support/security/advisories/apsa10-01.htmlhttp://securitytracker.com/id?1024058http://www.osvdb.org/65141http://www.securityfocus.com/bid/40586http://www.vupen.com/english/advisories/2010/1348http://secunia.com/advisories/40026http://www.vupen.com/english/advisories/2010/1349http://www.adobe.com/support/security/bulletins/apsb10-14.htmlhttp://securitytracker.com/id?1024085http://www.securityfocus.com/bid/40759http://www.exploit-db.com/exploits/13787http://securitytracker.com/id?1024086http://www.vupen.com/english/advisories/2010/1453http://www.redhat.com/support/errata/RHSA-2010-0470.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0464.htmlhttp://www.us-cert.gov/cas/techalerts/TA10-162A.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.htmlhttp://www.vupen.com/english/advisories/2010/1421http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.htmlhttp://secunia.com/advisories/40144http://www.vupen.com/english/advisories/2010/1432http://www.vupen.com/english/advisories/2010/1434http://www.vupen.com/english/advisories/2010/1482http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txthttp://www.vupen.com/english/advisories/2010/1522http://www.kb.cert.org/vuls/id/486225http://www.us-cert.gov/cas/techalerts/TA10-159A.htmlhttp://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspxhttp://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/http://www.adobe.com/support/security/bulletins/apsb10-15.htmlhttp://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751http://secunia.com/advisories/40545http://www.vupen.com/english/advisories/2010/1793http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlhttp://support.apple.com/kb/HT4435http://security.gentoo.org/glsa/glsa-201101-09.xmlhttp://secunia.com/advisories/43026http://www.vupen.com/english/advisories/2011/0192http://www.vupen.com/english/advisories/2010/1636https://exchange.xforce.ibmcloud.com/vulnerabilities/59137https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116https://nvd.nist.govhttps://www.exploit-db.com/exploits/16614/https://www.kb.cert.org/vuls/id/486225
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook