PT-2010-4993 · Adobe+1 · Flash Player+3
Will Dormann
·
Published
2010-10-29
·
Updated
2017-09-19
·
CVE-2010-3654
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Adobe Flash Player versions prior to 9.0.289.0
Adobe Flash Player versions 10.x prior to 10.1.102.64
Adobe Flash Player version 10.1.95.1 on Android
Adobe Reader and Acrobat versions 9.x through 9.4
Description
The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via crafted SWF content. This issue has been exploited in the wild in October 2010.
Recommendations
For Adobe Flash Player versions prior to 9.0.289.0, update to version 9.0.289.0 or later.
For Adobe Flash Player versions 10.x prior to 10.1.102.64, update to version 10.1.102.64 or later.
For Adobe Flash Player version 10.1.95.1 on Android, update to a newer version that contains a fix for this issue.
For Adobe Reader and Acrobat versions 9.x through 9.4, update to a version that is not affected by this issue.
Exploit
Fix
RCE
DoS
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acrobat
Flash Player
Reader
Red Hat