Summary
This host is installed with Adobe products and is prone to remote code execution vulnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF file.
Impact Level: System/Application
Solution
For Adobe Flash Player,
Update to Adobe Flash Player 10.1.53.64 or 9.0.277.0 or later, For updates refer to http://www.adobe.com/support/flashplayer/downloads.html
For Adobe Reader
Vendor has released a patch for the issue, refer below link, http://www.adobe.com/support/security/advisories/apsa10-01.html For updates refer to http://www.adobe.com/
Insight
The flaw is due to a memory corruption error in the 'authplay.dll' library and 'SWF' file when processing ActionScript Virtual Machine 2 (AVM2) 'newfunction' instructions within Flash content in a PDF document.
Affected
Adobe Reader/Acrobat version 9.x to 9.3.2
Adobe Flash Player version 9.0.x to 9.0.262 and 10.x to 10.0.45.2
References
Severity
Classification
-
CVE CVE-2010-1297 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Extension Manager CS5 Insecure Library Loading Vulnerability (Win)
- Adobe Air Multiple Vulnerabilities - November12 (Mac OS X)
- Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Windows)
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Windows)
- Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Windows)