Adobe Flash Player prior to 9.0.289.0 and 10.x prior to 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x up to and including 9.4, allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe flash_player 10.1.82.76 |
||
adobe flash_player |
||
adobe flash_player 10.0.45.2 |
||
adobe flash_player 10.0.32.18 |
||
adobe flash_player 9.0.125.0 |
||
adobe flash_player 9.0.152.0 |
||
adobe flash_player 9.0.151.0 |
||
adobe flash_player 9.0.115.0 |
||
adobe flash_player 9.0.20.0 |
||
adobe flash_player 9.0.159.0 |
||
adobe flash_player 8.0.33.0 |
||
adobe flash_player 7.0.25 |
||
adobe flash_player 7.0.63 |
||
adobe flash_player 7.0.1 |
||
adobe flash_player 6.0.21.0 |
||
macromedia flash_player 6.0.40.0 |
||
macromedia flash_player 6.0.29.0 |
||
adobe flash_player 10.1.52.15 |
||
adobe flash_player 10.1.52.14.1 |
||
adobe flash_player 10.0.12.10 |
||
adobe flash_player 10.0.22.87 |
||
adobe flash_player 9.125.0 |
||
adobe flash_player 9.0.18d60 |
||
adobe flash_player 9.0.31.0 |
||
adobe flash_player 9.0.31 |
||
adobe flash_player 8.0.22.0 |
||
adobe flash_player 8.0.42.0 |
||
adobe flash_player 7.0.69.0 |
||
adobe flash_player 7.0.70.0 |
||
adobe flash_player 6.0.79 |
||
macromedia flash_player 5.0_r50 |
||
macromedia flash_player 6.0 |
||
adobe flash_player 10.0.12.36 |
||
adobe flash_player 10.0.15.3 |
||
adobe flash_player 9.0.112.0 |
||
adobe flash_player 9.0.28.0 |
||
adobe flash_player 9.0.16 |
||
adobe flash_player 9.0.45.0 |
||
adobe flash_player 9.0.124.0 |
||
adobe flash_player 9.0.48.0 |
||
adobe flash_player 8.0.24.0 |
||
adobe flash_player 8.0.34.0 |
||
adobe flash_player 7.1.1 |
||
adobe flash_player 7.1 |
||
macromedia flash_player 5.0 |
||
macromedia flash_player 6.0.79.0 |
||
adobe flash_player 10.1.53.64 |
||
adobe flash_player 10.0.42.34 |
||
adobe flash_player 10.0.0.584 |
||
adobe flash_player 9.0.260.0 |
||
adobe flash_player 9.0.246.0 |
||
adobe flash_player 9.0.28 |
||
adobe flash_player 9.0.20 |
||
adobe flash_player 9.0.47.0 |
||
adobe flash_player 9.0.114.0 |
||
adobe flash_player 8.0 |
||
adobe flash_player 8.0.35.0 |
||
adobe flash_player 8.0.39.0 |
||
adobe flash_player 7.0 |
||
adobe flash_player 7.2 |
||
macromedia flash_player 6.0.65.0 |
||
macromedia flash_player 6.0.47.0 |
||
adobe flash_player 10.1.85.3 |
||
adobe flash_player 10.1.92.8 |
||
adobe flash_player 10.1.92.10 |
||
adobe acrobat 9.0 |
||
adobe acrobat 9.1 |
||
adobe acrobat 9.3.2 |
||
adobe acrobat 9.3.3 |
||
adobe acrobat reader 9.1.3 |
||
adobe acrobat reader 9.2 |
||
adobe acrobat 9.1.1 |
||
adobe acrobat 9.1.2 |
||
adobe acrobat 9.3.4 |
||
adobe acrobat 9.4 |
||
adobe acrobat reader 9.3 |
||
adobe acrobat reader 9.3.1 |
||
adobe acrobat 9.3 |
||
adobe acrobat 9.3.1 |
||
adobe acrobat reader 9.1.1 |
||
adobe acrobat reader 9.1.2 |
||
adobe acrobat reader 9.4 |
||
adobe acrobat 9.1.3 |
||
adobe acrobat 9.2 |
||
adobe acrobat reader 9.0 |
||
adobe acrobat reader 9.1 |
||
adobe acrobat reader 9.3.2 |
||
adobe acrobat reader 9.3.3 |
||
adobe acrobat reader 9.3.4 |
In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were tr...
Yesterday, Adobe published an advisory about a critical vulnerability in their Flash Player that is already being actively exploited. The CVE number assigned to this bug is CVE-2010-3654. A fix is currently being prepared by Adobe. The exploit we are seeing right now has a payload which, while not being very sophisticated, holds several surprises. When executed, the bot checks for command line options. The ‘-installkys’ option installs the bot onto the victim machine. Interestingly enough, i...