CVE-2010-1297

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.

Published: Jun 8, 2010
Updated: Jun 29, 2024
CVE: CVE-2010-1297
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
adobe / flash_player	-	9.0.277.0
adobe / air	-	2.0.2.12610
adobe / flash_player	10.0	10.1.53.64
adobe / acrobat	8.0	8.2.3
adobe / acrobat	9.0	9.3.3
suse / linux_enterprise	11.0-sp1	11.0-sp1.x
suse / linux_enterprise	11.0	11.0.x
opensuse / opensuse	11.0	11.2.x
suse / linux_enterprise	10.0-sp3	10.0-sp3.x

Vulnerability Database

289,599

CVE-2010-1297