Summary
This host is installed with Adobe products and is prone to remote code execution vulnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF file.
Impact Level: System/Application
Solution
For Adobe Flash Player,
Update to Adobe Flash Player 10.1.53.64 or 9.0.277.0 or later http://www.adobe.com/support/flashplayer/downloads.html
For Adobe Reader
Vendor has released a patch for the issue, refer below link, http://www.adobe.com/support/security/advisories/apsa10-01.html For updates refer to http://www.adobe.com/
Insight
The flaw is due to a memory corruption error in the 'libauthplay.so.0.0.0' library and 'SWF' file when processing ActionScript Virtual Machine 2 (AVM2) 'newfunction' instructions within Flash content in a PDF document.
Affected
Adobe Reader version 9.x to 9.3.2
Adobe Flash Player version 9.0.x to 9.0.262 and 10.x through 10.0.45.2
References
Severity
Classification
-
CVE CVE-2010-1297 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Security Bypass Vulnerability Jan14 (Windows)
- Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Windows)
- Adobe Air Multiple Vulnerabilities - November12 (Windows)
- Adobe AIR Multiple Vulnerabilities -02 April 13 (Windows)
- Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability