CVE-2010-1297

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions 9.0.0 through 9.0.276.0 and 10.x through 10.1.53.63 Adobe AIR versions prior to 2.0.2.12610 Adobe Reader and Acrobat versions 8.x through 8.2.2 and 9.x through 9.3.2

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction. This has been exploited in the wild. The vulnerability is due to a buffer overflow in memory, which can be exploited by a remote attacker to execute arbitrary code.

Recommendations For Adobe Flash Player versions 9.0.0 through 9.0.276.0 and 10.x through 10.1.53.63, update to version 9.0.277.0 or 10.1.53.64 or later. For Adobe AIR versions prior to 2.0.2.12610, update to version 2.0.2.12610 or later. For Adobe Reader and Acrobat versions 8.x through 8.2.2 and 9.x through 9.3.2, update to version 8.2.3 or 9.3.3 or later. As a temporary workaround, consider disabling the use of crafted SWF content until a patch is available. Restrict access to the authplay.dll module to minimize the risk of exploitation. Avoid using the ActionScript Virtual Machine 2 (AVM2) newfunction instruction in the affected SWF content until the issue is resolved.