65141 : Adobe Multiple Products AVM2 'newfunction' Instruction Handling Arbitrary Code Execution
Printer | http://osvdb.org/65141 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
28	4050	almost 3 years ago	4 months ago	37 times	100%

Timeline

Disclosure Date
2010-06-04

Days of Exposure
2 days

Description

Adobe Flash Player contains a flaw in the ActionScript Virtual Machine 2 (AVM2). The issue is triggered when incorrectly calculating a pointer while handling the 'newfunction' instruction. With a specially crafted SWF file, a context-dependent attacker can execute arbitrary code.

Classification

Location: Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public, Exploit Commercial, Virus / Malware
Disclosure: Vendor Verified, Third-party Verified, Discovered in the Wild

Solution

Upgrade Flash Player to version 10.1 RC or higher, as it has been reported to fix this vulnerability.

Products

Adobe Systems Incorporated

Flash Player

10.0.45.2

References

Security Tracker: 1024057 1024058
Exploit Database: 13787
CVE ID: 2010-1297 (see also: NVD)
Secunia Advisory ID: 40026 40034 40144 40167 40225 40226 40383 40487 40545 41325 41504 43026
Bugtraq ID: 40586
Metasploit ID: 65141
VUPEN Advisory: ADV-2010-1348 ADV-2010-1349
Other Advisory URL: http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/
http://blogs.sun.com/security/entry/cve_2010_1297_arbitrary_code
http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx
http://contagiodump.blogspot.com/2010/07/cve-2010-1297-pdf-epas-water-sampling.html
http://www.exploit-db.com/adobe-acrobat-newclass-invalid-pointer-vulnerability/
http://www.gentoo.org/security/en/glsa/glsa-201101-09.xml
http://www.symantec.com/connect/blogs/analysis-zero-day-exploit-adobe-flash-and-reader
http://www.symantec.com/connect/blogs/zero-day-attack-wild-adobe-flash-reader-and-acrobat
http://www.virustotal.com/file-scan/report.html?id=1cffccaf528a882f781fb179a32356bfb176d683059c89faf81d7a51687330e0-1282089075
Vendor Specific Advisory URL: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html
http://www.adobe.com/support/security/advisories/apsa10-01.html
http://www.gentoo.org/security/en/glsa/glsa-201009-05.xml
Vendor Specific News/Changelog Entry: http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00004.html
Generic Exploit URL: http://www.coresecurity.com/content/adobe-acrobat-reader-authplay-exploit-10-5
http://www.saintcorporation.com/cgi-bin/exploit_info/adobe_reader_authplaydll_newfunction
News Article: http://www.theregister.co.uk/2010/06/10/critical_adobe_flash_vuln_fix/
RedHat RHSA: https://rhn.redhat.com/errata/RHSA-2010-0464.html
https://rhn.redhat.com/errata/RHSA-2010-0470.html
https://rhn.redhat.com/errata/RHSA-2010-0503.html

Tools & Filters

	46851 46852
	flash_newfunction

Credit

Will Dormann - Cert/CC

CVSSv2 Score

CVSSv2 Base Score = 9.3
Source: nvd.nist.gov | Generated: 2010-06-09 | Disagree?

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.