| Check Point Reference: |
SBP-2010-29 |
| Date Published: |
1 Nov 2010 |
| Severity: |
Critical
|
| Last Updated: |
Friday 01 January, 2010 |
| Source: |
Adobe Security Advisory: APSA10-05 |
| Industry Reference: | CVE-2010-3654 |
| Protection Provided by: |
|
| Who is Vulnerable? | Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
Adobe Flash Player 10.1.95.2 and earlier for Android
Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX
Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh |
| Vulnerability Description |
A remote code execution vulnerability has been reported in Adobe Flash Player. The Adobe Flash Player is a multimedia and application player that renders Shockwave Flash (SWF) files. A remote attacker may exploit this vulnerability to take complete control of the affected system. |
| Vulnerability Status | There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. |
| Vulnerability Details | The vulnerability is due to an error in the Adobe Flash Player that fails to properly parse Flash content. A remote attacker might exploit this issue by convincing a victim to open a specially crafted SWF file that contains malformed content. Successful exploitation of this vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. |
Feedback