Release DateJun 08, 2010 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against a memory-corruption vulnerability in Adobe products.The vulnerability is caused by an error in "authplay.dll" while handling malicious SWF content. It allows a remote attacker to execute arbitrary code via sending a crafted PDF document or FLASH file. |
Affected ProductsAdobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and SolarisAdobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX |
Recommended ActionsRefer to the vendor's web site for the suggested workaround:http://www.adobe.com/support/security/bulletins/apsb10-14.html http://www.adobe.com/support/security/bulletins/apsb10-15.html |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2010-1285CVE-2010-1297 |
Reference/shttp://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/http://www.adobe.com/support/security/bulletins/apsb10-15.html http://www.symantec.com/connect/blogs/analysis-zero-day-exploit-adobe-flash-and-reader http://www.exploit-db.com/exploits/13787/ http://www.adobe.com/support/security/advisories/apsa10-01.html http://www.securityfocus.com/bid/40586 (BugTraq) |
