CVE-2010-1297

Home/CVE/Adobe Flash Player Memory Corruption Vulnerability

CVE

Adobe Flash Player Memory Corruption Vulnerability

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64.

Adobe AIR before 2.0.2.12610.

and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.

HIGH · CVSS 7.8 ⚠ CISA KEV EPSS 0.92838

Act now

Listed on CISA KEV (known exploited in the wild)
SSVC exploitation status: active
EPSS ≥ 0.50 - high probability of exploitation in the next 30 days
EPSS percentile: top 0% of all CVEs by exploitation likelihood
Public exploit or PoC is available
CVSS base score ≥ 7.0

Sigma rules8 YARA rules0

⬢

Required Remediation

The impacted product is end-of-life and should be disconnected if still in use.

⬡

Weakness Classification

CWE-787Out-of-bounds Write

▤

Affected Products & Versions

adobe air< 2.0.2.12610
adobe flash player< 9.0.277.0
adobe flash player>= 10.0 and < 10.1.53.64
adobe acrobat>= 8.0 and < 8.2.3
adobe acrobat>= 9.0 and < 9.3.3
opensuse>= 11.0 and <= 11.2
suse linux enterpriseall versions

⚠

Public Exploits & PoCs

localAdobe Flash Player - 'newfunction' Invalid Pointer Use (Metasploit) (2)verified
localAdobe Flash Player - 'newfunction' Invalid Pointer Use (Metasploit) (1)verified
remoteAdobe Acrobat Reader and Flash Player - 'newclass' Invalid Pointerverified
remoteAdobe Flash / Reader - Live Malwareverified
pocblog.zynamics.com · analyzing-the-currently-exploited-0-day-for-adobe-reader-...blog.zynamics.com
pocwww.exploit-db.com · 13787www.exploit-db.com

◈

Detection Rules (IDS/IPS)

et-openET WEB_CLIENT Adobe Authplay.dll NewClass Memory Corruption Attemptattempted-user

et-openET WEB_CLIENT PDF With Embedded Flash Possible Remote Code Execution Attemptbad-unknown

et-openET WEB_CLIENT Possible Adobe Acrobat Reader Newclass Invalid Pointer Remote Code Execution Attemptattempted-user

et-openET WEB_CLIENT PDF With Embedded Adobe Shockwave Flash Possibly Related to Remote Code Execution Attemptbad-unknown

Open rulesets (ET Open, Snort Community, abuse.ch) link to source. Commercial rulesets are reference-only.

◈

Sigma Hunt Rules

Exact rules name this CVE ID. Product rules name an affected product in their title. Related rules cover techniques used by actors who exploited this CVE. Showing the most relevant matches; the complete related set is on the full drill-down.

productcriticalHackTool - Windows Credential Editor (WCE) Execution

productcriticalWindows Credential Editor Registry

producthighOpenCanary - MSSQL Login Attempt Via Windows Authentication

producthighWindows LAPS Credential Dump From Entra ID

producthighTamper Windows Defender - PSClassic

producthighTamper Windows Defender Remove-MpPreference - ScriptBlockLogging

Show all 8 top matches

producthighTamper Windows Defender - ScriptBlockLogging

producthighFlash Player Update from Suspicious Location

▣

Scoring & Timeline

7.8

HIGH · CVSS v3.1 · psirt@adobe.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD08 Jun 2010 · 06:30 PM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC triage · cisa-vulnrichment

Exploitation

active

Automatable

Technical impact

total

SSVC asks the questions that actually drive patch urgency: is it being exploited, can attacks be automated, and how total is the impact.

⚑

Vendor Advisories

cisaKEV-CVE-2010-1297
rhsaRHSA-2010:0503Critical
rhsaRHSA-2010:0470Low
rhsaRHSA-2010:0464Critical

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspxBroken Link

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751Broken Link

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlMailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.htmlMailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.htmlMailing ListThird Party Advisory

http://secunia.com/advisories/40026Broken LinkVendor Advisory

Show all 42 references

http://secunia.com/advisories/40034Broken LinkVendor Advisory

http://secunia.com/advisories/40144Broken Link

http://secunia.com/advisories/40545Broken Link

http://secunia.com/advisories/43026Broken Link

http://security.gentoo.org/glsa/glsa-201101-09.xmlThird Party Advisory

http://securitytracker.com/id?1024057Broken LinkThird Party AdvisoryVDB Entry

http://securitytracker.com/id?1024058Broken LinkThird Party AdvisoryVDB Entry

http://securitytracker.com/id?1024085Broken LinkThird Party AdvisoryVDB Entry

http://securitytracker.com/id?1024086Broken LinkThird Party AdvisoryVDB Entry

http://support.apple.com/kb/HT4435Broken Link

http://www.adobe.com/support/security/advisories/apsa10-01.htmlVendor Advisory

http://www.adobe.com/support/security/bulletins/apsb10-14.htmlNot Applicable

http://www.adobe.com/support/security/bulletins/apsb10-15.htmlNot Applicable

http://www.kb.cert.org/vuls/id/486225Third Party AdvisoryUS Government Resource

http://www.osvdb.org/65141Broken Link

http://www.redhat.com/support/errata/RHSA-2010-0464.htmlBroken Link

http://www.redhat.com/support/errata/RHSA-2010-0470.htmlBroken Link

http://www.securityfocus.com/bid/40586Broken LinkThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/40759Broken LinkThird Party AdvisoryVDB Entry

http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txtBroken Link

http://www.us-cert.gov/cas/techalerts/TA10-159A.htmlThird Party AdvisoryUS Government Resource

http://www.us-cert.gov/cas/techalerts/TA10-162A.htmlThird Party AdvisoryUS Government Resource

http://www.vupen.com/english/advisories/2010/1348Broken LinkVendor Advisory

http://www.vupen.com/english/advisories/2010/1349Broken LinkVendor Advisory

http://www.vupen.com/english/advisories/2010/1421Broken Link

http://www.vupen.com/english/advisories/2010/1432Broken Link

http://www.vupen.com/english/advisories/2010/1434Broken Link

http://www.vupen.com/english/advisories/2010/1453Broken Link

http://www.vupen.com/english/advisories/2010/1482Broken Link

http://www.vupen.com/english/advisories/2010/1522Broken Link

http://www.vupen.com/english/advisories/2010/1636Broken Link

http://www.vupen.com/english/advisories/2010/1793Broken Link

http://www.vupen.com/english/advisories/2011/0192Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/59137Third Party AdvisoryVDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116Broken Link

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-1297US Government Resource

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin