CVE-2010-1297

{"id": "CVE-2010-1297", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2010-06-08T18:30:10.007", "references": [{"url": "http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/", "tags": ["Exploit"], "source": "psirt@adobe.com"}, {"url": "http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "psirt@adobe.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "psirt@adobe.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "psirt@adobe.com"}, {"url": "http://secunia.com/advisories/40026", "tags": ["Broken Link", "Vendor Advisory"], "source": "psirt@adobe.com"}, {"url": "http://secunia.com/advisories/40034", "tags": ["Broken Link", "Vendor Advisory"], "source": "psirt@adobe.com"}, {"url": "http://secunia.com/advisories/40144", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://secunia.com/advisories/40545", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://secunia.com/advisories/43026", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml", "tags": ["Third Party Advisory"], "source": "psirt@adobe.com"}, {"url": "http://securitytracker.com/id?1024057", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "psirt@adobe.com"}, {"url": "http://securitytracker.com/id?1024058", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "psirt@adobe.com"}, {"url": "http://securitytracker.com/id?1024085", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "psirt@adobe.com"}, {"url": "http://securitytracker.com/id?1024086", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "psirt@adobe.com"}, {"url": "http://support.apple.com/kb/HT4435", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.adobe.com/support/security/advisories/apsa10-01.html", "tags": ["Vendor Advisory"], "source": "psirt@adobe.com"}, {"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html", "tags": ["Not Applicable"], "source": "psirt@adobe.com"}, {"url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html", "tags": ["Not Applicable"], "source": "psirt@adobe.com"}, {"url": "http://www.exploit-db.com/exploits/13787", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@adobe.com"}, {"url": "http://www.kb.cert.org/vuls/id/486225", "tags": ["Third Party Advisory", "US Government Resource"], "source": "psirt@adobe.com"}, {"url": "http://www.osvdb.org/65141", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.securityfocus.com/bid/40586", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "psirt@adobe.com"}, {"url": "http://www.securityfocus.com/bid/40759", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "psirt@adobe.com"}, {"url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA10-159A.html", "tags": ["Third Party Advisory", "US Government Resource"], "source": "psirt@adobe.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html", "tags": ["Third Party Advisory", "US Government Resource"], "source": "psirt@adobe.com"}, {"url": "http://www.vupen.com/english/advisories/2010/1348", "tags": ["Broken Link", "Vendor Advisory"], "source": "psirt@adobe.com"}, {"url": "http://www.vupen.com/english/advisories/2010/1349", "tags": ["Broken Link", "Vendor Advisory"], "source": "psirt@adobe.com"}, {"url": "http://www.vupen.com/english/advisories/2010/1421", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.vupen.com/english/advisories/2010/1432", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.vupen.com/english/advisories/2010/1434", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.vupen.com/english/advisories/2010/1453", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.vupen.com/english/advisories/2010/1482", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.vupen.com/english/advisories/2010/1522", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.vupen.com/english/advisories/2010/1636", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.vupen.com/english/advisories/2010/1793", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.vupen.com/english/advisories/2011/0192", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59137", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@adobe.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116", "tags": ["Broken Link"], "source": "psirt@adobe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en Adobe Flash Player v9.0.x a v9.0.262 y v10.x a v10.0.45.2, y authplay.dl en Adobe Reader y Acrobat v9.x a 9.3.2, permite a atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de contenido SWF manipulado, se explota activamente desde Junio de 2010."}], "lastModified": "2024-06-28T14:20:44.153", "cisaActionDue": "2022-06-22", "cisaExploitAdd": "2022-06-08", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A520EA13-9274-4E10-84B5-1F1FD9E5CE86", "versionEndExcluding": "2.0.2.12610"}, {"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20C3001C-53F0-4C18-9CC8-89BDF8C6087D", "versionEndExcluding": "9.0.277.0"}, {"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AA8832A-7A0F-4823-9038-B9FD37506911", "versionEndExcluding": "10.1.53.64", "versionStartIncluding": "10.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BEBBDB0-9D07-434D-A30D-D21AE17D6CA1", "versionEndExcluding": "8.2.3", "versionStartIncluding": "8.0"}, {"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5291AD2C-5AC9-4F31-8FC7-D0F117A91099", "versionEndExcluding": "9.3.3", "versionStartIncluding": "9.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B9D5815-B269-4E63-8F37-E064B49EBF71", "versionEndIncluding": "11.2", "versionStartIncluding": "11.0"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise:10.0:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1193A7E6-DCB4-4E79-A509-1D6948153A57"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1608E282-2E96-4447-848D-DBE915DB0EF9"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise:11.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4500161F-13A0-4369-B93A-778B34E7F005"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@adobe.com", "cisaRequiredAction": "The impacted product is end-of-life and should be disconnected if still in use.", "cisaVulnerabilityName": "Adobe Flash Player Memory Corruption Vulnerability"}