Release DateDec 31, 2011 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against a Memory Corruption vulnerability in Adobe Flash Player, and both Adobe Reader and Acrobat.The vulnerability is caused by an error in "authplay.dll" while handling malicious SWF content. It allows a remote attacker to execute arbitrary code via sending a crafted PDF document or FLASH file. |
Affected ProductsAdobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and SolarisAdobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX |
Recommended ActionsRefer to the vendor's web site for the suggested workaround:http://www.adobe.com/support/security/bulletins/apsb10-14.html http://www.adobe.com/support/security/bulletins/apsb10-15.html |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2010-1297CVE-2010-1285 |
Reference/shttp://www.securityfocus.com/bid/40586 (BugTraq)http://www.symantec.com/connect/blogs/analysis-zero-day-exploit-adobe-flash-and-reader http://www.adobe.com/support/security/advisories/apsa10-01.html http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/ http://www.exploit-db.com/exploits/13787/ http://www.adobe.com/support/security/bulletins/apsb10-15.html |
