Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:83556B38FA73D864CD9953B332AD164D
HistoryJun 17, 2010 - 12:00 a.m.

Adobe Reader authplay.dll newfunction Memory Corruption

2010-06-1700:00:00
SAINT Corporation
download.saintcorporation.com
15

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.355 Low

EPSS

Percentile

97.1%

JSON

Added: 06/17/2010
CVE: CVE-2010-1297
BID: 40586
OSVDB: 65141

Background

Adobe Reader is free software for viewing PDF documents.

Problem

A memory corruption vulnerability in **authplay.dll** provided with Adobe Reader 9.3.2 and earlier 9.x versions allows command execution when a user opens a specially crafted PDF file that contains Shockwave Flash (SWF) content that calls the **newfunction()** function with invalid parameters.

Resolution

Apply the patches referenced in APSA10-01 when they become available. In the interim, follow the relevant directions for mitigating the vulnerability in Adobe Reader.

References

<http://secunia.com/advisories/40034&gt;

Limitations

Exploit works on Adobe Reader 9.3.0.

The user must open the exploit file in Adobe Reader.

Platforms

Windows

Related

checkpoint_advisories 4
securityvulns 6
attackerkb 1
seebug 4
cve 1
exploitpack 2
saint 3
openvas 20
canvas 1
threatpost 2
packetstorm 3
metasploit 2
cert 1
prion 1
ubuntucve 1
cisa_kev 1
exploitdb 4
thn 1
nessus 25
suse 2
redhat 3
securelist 1
freebsd 1
gentoo 2
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player authplay.dll Component Code Execution (APSA10-01; CVE-2010-1297)
2010-06-07 00:00:00
Adobe Multiple Products authplay.dll PDF File Code Execution - Ver2 (CVE-2010-1297)
2014-03-31 00:00:00
Adobe Multiple Products authplay.dll PDF File Code Execution (APSA10-01; CVE-2010-1297)
2010-06-10 00:00:00
securityvulns
securityvulns
US-CERT Technical Cyber Security Alert TA10-162A -- Adobe Flash and AIR Vulnerabilities
2010-06-12 00:00:00
Security Advisory for Flash Player, Adobe Reader and Acrobat
2010-06-11 00:00:00
Adobe Flash Player / Acrobat / Reader memory corruptions
2010-06-26 00:00:00
attackerkb
attackerkb
CVE-2010-1297
2010-06-08 00:00:00
seebug
seebug
Adobe Flash and Reader - 0day Exploit PoC (from the wild)
2014-07-01 00:00:00
Adobe Acrobat Reader and Flash Player - β€œnewclass” invalid pointer
2014-07-02 00:00:00
Adobe Flash Player "newfunction" Invalid Pointer Use
2014-07-01 00:00:00
cve
cve
CVE-2010-1297
2010-06-08 18:30:00
exploitpack
exploitpack
Adobe Acrobat Reader and Flash Player - newclass Invalid Pointer
2010-09-01 00:00:00
Adobe Flash Reader - Live Malware
2010-06-09 00:00:00
saint
saint
Adobe Reader authplay.dll newfunction Memory Corruption
2010-06-17 00:00:00
Adobe Reader authplay.dll newfunction Memory Corruption
2010-06-17 00:00:00
Adobe Reader authplay.dll newfunction Memory Corruption
2010-06-17 00:00:00
openvas
openvas
Adobe Products Remote Code Execution Vulnerability (Jun 2010) - Windows
2010-06-15 00:00:00
Adobe Products Remote Code Execution Vulnerability - jun10 (Windows)
2010-06-15 00:00:00
Adobe Products Remote Code Execution Vulnerability (Jun 2010) - Linux
2010-06-15 00:00:00
canvas
canvas
Immunity Canvas: FLASH_NEWFUNCTION
2010-06-08 18:30:00
threatpost
threatpost
Adobe to Release Flash Patch June 10
2010-06-08 10:56:42
Adobe Warns of Flash, PDF Zero Day Attack
2010-06-05 03:10:19
packetstorm
packetstorm
Adobe Flash Player newfucntion Invalid Pointer Use
2010-06-15 00:00:00
Month Of Abysssec Undisclosed Bugs - Adobe Reader / Flash Invalid Pointer
2010-09-01 00:00:00
Adobe Flash Player newfunction Invalid Pointer Use
2010-06-15 00:00:00
metasploit
metasploit
Adobe Flash Player "newfunction" Invalid Pointer Use
2010-06-10 20:28:05
Adobe Flash Player "newfunction" Invalid Pointer Use
2010-06-10 19:52:43
cert
cert
Adobe Flash ActionScript AVM2 newfunction vulnerability
2010-06-07 00:00:00
prion
prion
Memory corruption
2010-06-08 18:30:00
ubuntucve
ubuntucve
CVE-2010-1297
2010-06-08 00:00:00
cisa_kev
cisa_kev
Adobe Flash Player Memory Corruption Vulnerability
2022-06-08 00:00:00
exploitdb
exploitdb
Adobe Flash Player - &#039;newfunction&#039; Invalid Pointer Use (Metasploit) (1)
2010-09-20 00:00:00
Adobe Flash / Reader - Live Malware
2010-06-09 00:00:00
Adobe Flash Player - &#039;newfunction&#039; Invalid Pointer Use (Metasploit) (2)
2010-09-25 00:00:00
thn
thn
Bleeding Life 2 Exploit Pack Released
2011-10-24 04:30:00
nessus
nessus
SuSE 10 Security Update : acroread (ZYPP Patch Number 7086)
2011-01-27 00:00:00
Adobe Acrobat < 9.3.3 / 8.2.3 Multiple Vulnerabilities (APSB10-15)
2010-06-30 00:00:00
Adobe Reader < 9.3.3 / 8.2.3 Multiple Vulnerabilities (APSB10-15)
2010-06-30 00:00:00
suse
suse
remote code execution in acroread
2010-07-08 11:59:38
remote code execution in flash-player
2010-06-11 17:44:20
redhat
redhat
(RHSA-2010:0503) Critical: acroread security update
2010-06-30 00:00:00
(RHSA-2010:0464) Critical: flash-plugin security update
2010-06-11 00:00:00
(RHSA-2010:0470) Critical: flash-plugin security update
2010-06-14 00:00:00
securelist
securelist
Investigation Report for the September 2014 Equation malware detection incident in the US
2017-11-16 10:00:34
freebsd
freebsd
linux-flashplugin -- multiple vulnerabilities
2008-10-02 00:00:00
gentoo
gentoo
Adobe Reader: Multiple vulnerabilities
2010-09-07 00:00:00
Adobe Flash Player: Multiple vulnerabilities
2011-01-21 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.355 Low

EPSS

Percentile

97.1%

JSON
Related for SAINT:83556B38FA73D864CD9953B332AD164D
checkpoint_advisories4securityvulns6attackerkb1seebug4cve1exploitpack2saint3openvas20canvas1threatpost2packetstorm3metasploit2cert1prion1ubuntucve1cisa_kev1exploitdb4thn1nessus25suse2redhat3securelist1freebsd1gentoo2