HTTP: Adobe Flash Player newfunction Memory Corruption

This signature detects attempts to exploit a known memory corruption vulnerability in Adobe Flash Player and the "authplay.dll" file that ships with Adobe Reader and Acrobat products. A remote attacker can exploit this by enticing a user to download and view a malicious Flash file. A successful attack can allow a remote attacker to inject and execute arbitrary code on the affected system.

Extended Description

Adobe Flash Player, Reader, and Acrobat are prone to a remote code execution vulnerability. Adobe reports that this vulnerability is being exploited in the wild. This vulnerability is present in the following versions: Flash Player 10.0.45.2, 9.0.262, and earlier Flash Player 10.0.x and 9.0.x versions for Windows, Macintosh, Linux, and Solaris Reader and Acrobat 9.3.2 and earlier Reader and Acrobat 9.x versions for Windows, Macintosh, and UNIX

Affected Products

Red_hat enterprise_linux_as_extras

Short Name
HTTP:STC:ADOBE:SWF-NEWFUNC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Adobe CVE-2010-1297 Corruption Flash Memory Player bid:40586 newfunction
Release Date
10/07/2010
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3339
False Positive
Unknown
Vendors

Red_hat

Adobe

Apple

Gentoo

Sun

Hp

Pardus

Suse

CVSS Score

9.3

Found a potential security threat?