CVE-2010-1297

Known Exploited (CISA KEV)HIGH

7.8

CVSS Severity Score

EPSS Score28.7400%

EPSS Percentile97.70th

Published2010年6月8日

Last Modified2026年4月21日

Vulnerability Description

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.

Affected Platforms (CPE)

📦

Adobe

Air

< 2.0.2.12610

📦

Adobe

Flash Player

< 9.0.277.0

📦

Adobe

Flash Player

>= 10.0 and < 10.1.53.64

📦

Adobe

Acrobat

>= 8.0 and < 8.2.3

📦

Adobe

Acrobat

>= 9.0 and < 9.3.3

💻

Opensuse

>= 11.0 and <= 11.2

💻

Suse

Linux Enterprise

= 10.0

💻

Suse

Linux Enterprise

= 11.0

💻

Suse

Linux Enterprise

= 11.0

References & Advisories

🔗 http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/

🔗 http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx

🔗 http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751

🔗 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

🔗 http://secunia.com/advisories/40026

🔗 http://secunia.com/advisories/40034

Vulnerability Description

Affected Platforms (CPE)

Air

Flash Player

Flash Player

Acrobat

Acrobat

Opensuse

Linux Enterprise

Linux Enterprise

Linux Enterprise

References & Advisories

相關漏洞威脅