CVE-2010-3654: Buffer Overflow
First published: Fri Oct 29 2010(Updated: )
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader | =9.3.3 | |
| Adobe Acrobat Reader | =9.2 | |
| Adobe Acrobat Reader | =9.1 | |
| Adobe Acrobat Reader | =9.2 | |
| Adobe Acrobat Reader | =9.1 | |
| Adobe Acrobat Reader | =9.1.3 | |
| Adobe Acrobat Reader | =9.0 | |
| Adobe Acrobat Reader | =9.1.2 | |
| Adobe Acrobat Reader | =9.3.4 | |
| Adobe Acrobat Reader | =9.3.3 | |
| Adobe Acrobat Reader | =9.1.1 | |
| Adobe Acrobat Reader | =9.3.2 | |
| Adobe Acrobat Reader | =9.1.1 | |
| Adobe Acrobat Reader | =9.3.4 | |
| Adobe Acrobat Reader | =9.3 | |
| Adobe Acrobat Reader | =9.0 | |
| Adobe Acrobat Reader | =9.4 | |
| Adobe Acrobat Reader | =9.3.2 | |
| Adobe Acrobat Reader | =9.3.1 | |
| Adobe Acrobat Reader | =9.1.2 | |
| Adobe Acrobat Reader | =9.3.1 | |
| Adobe Acrobat Reader | =9.1.3 | |
| Adobe Acrobat Reader | =9.4 | |
| Adobe Acrobat Reader | =9.3 | |
| Adobe Flash Player | <=10.1.85.3 | |
| Adobe Flash Player | =6.0.21.0 | |
| Adobe Flash Player | =6.0.79 | |
| Adobe Flash Player | =7.0 | |
| Adobe Flash Player | =7.0.1 | |
| Adobe Flash Player | =7.0.25 | |
| Adobe Flash Player | =7.0.63 | |
| Adobe Flash Player | =7.0.69.0 | |
| Adobe Flash Player | =7.0.70.0 | |
| Adobe Flash Player | =7.1 | |
| Adobe Flash Player | =7.1.1 | |
| Adobe Flash Player | =7.2 | |
| Adobe Flash Player | =8.0 | |
| Adobe Flash Player | =8.0.22.0 | |
| Adobe Flash Player | =8.0.24.0 | |
| Adobe Flash Player | =8.0.33.0 | |
| Adobe Flash Player | =8.0.34.0 | |
| Adobe Flash Player | =8.0.35.0 | |
| Adobe Flash Player | =8.0.39.0 | |
| Adobe Flash Player | =8.0.42.0 | |
| Adobe Flash Player | =9.0.16 | |
| Adobe Flash Player | =9.0.18d60 | |
| Adobe Flash Player | =9.0.20 | |
| Adobe Flash Player | =9.0.20.0 | |
| Adobe Flash Player | =9.0.28 | |
| Adobe Flash Player | =9.0.28.0 | |
| Adobe Flash Player | =9.0.31 | |
| Adobe Flash Player | =9.0.31.0 | |
| Adobe Flash Player | =9.0.45.0 | |
| Adobe Flash Player | =9.0.47.0 | |
| Adobe Flash Player | =9.0.48.0 | |
| Adobe Flash Player | =9.0.112.0 | |
| Adobe Flash Player | =9.0.114.0 | |
| Adobe Flash Player | =9.0.115.0 | |
| Adobe Flash Player | =9.0.124.0 | |
| Adobe Flash Player | =9.0.125.0 | |
| Adobe Flash Player | =9.0.151.0 | |
| Adobe Flash Player | =9.0.152.0 | |
| Adobe Flash Player | =9.0.159.0 | |
| Adobe Flash Player | =9.0.246.0 | |
| Adobe Flash Player | =9.0.260.0 | |
| Adobe Flash Player | =9.125.0 | |
| Adobe Flash Player | =10.0.0.584 | |
| Adobe Flash Player | =10.0.12.10 | |
| Adobe Flash Player | =10.0.12.36 | |
| Adobe Flash Player | =10.0.15.3 | |
| Adobe Flash Player | =10.0.22.87 | |
| Adobe Flash Player | =10.0.32.18 | |
| Adobe Flash Player | =10.0.42.34 | |
| Adobe Flash Player | =10.0.45.2 | |
| Adobe Flash Player | =10.1.52.14.1 | |
| Adobe Flash Player | =10.1.52.15 | |
| Adobe Flash Player | =10.1.53.64 | |
| Adobe Flash Player | =10.1.82.76 | |
| Macromedia Flash Player | =5.0 | |
| Macromedia Flash Player | =5.0_r50 | |
| Macromedia Flash Player | =6.0 | |
| Macromedia Flash Player | =6.0.29.0 | |
| Macromedia Flash Player | =6.0.40.0 | |
| Macromedia Flash Player | =6.0.47.0 | |
| Macromedia Flash Player | =6.0.65.0 | |
| Macromedia Flash Player | =6.0.79.0 | |
| Apple Mac OS X | ||
| Linux Linux kernel | ||
| Microsoft Windows | ||
| Oracle Solaris | ||
| Adobe Flash Player | <=10.1.95.2 | |
| Adobe Flash Player | =10.1.85.3 | |
| Adobe Flash Player | =10.1.92.8 | |
| Adobe Flash Player | =10.1.92.10 | |
| Google Android |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
- http://secunia.com/advisories/41917
- http://www.securityfocus.com/bid/44504
- http://www.adobe.com/support/security/advisories/apsa10-05.html
- http://www.kb.cert.org/vuls/id/298081
- http://www.adobe.com/support/security/bulletins/apsb10-26.html
- http://support.apple.com/kb/HT4435
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
- http://www.vupen.com/english/advisories/2010/2906
- http://www.securitytracker.com/id?1024659
- http://www.redhat.com/support/errata/RHSA-2010-0834.html
- http://secunia.com/advisories/42030
- http://www.vupen.com/english/advisories/2010/2903
- http://www.redhat.com/support/errata/RHSA-2010-0829.html
- http://www.securitytracker.com/id?1024660
- http://secunia.com/advisories/42183
- http://www.vupen.com/english/advisories/2010/2918
- http://www.redhat.com/support/errata/RHSA-2010-0867.html
- http://www.adobe.com/support/security/bulletins/apsb10-28.html
- http://www.redhat.com/support/errata/RHSA-2010-0934.html
- http://www.vupen.com/english/advisories/2010/3111
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html
- http://secunia.com/advisories/42401
- http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1
- http://secunia.com/advisories/42926
- http://security.gentoo.org/glsa/glsa-201101-09.xml
- http://security.gentoo.org/glsa/glsa-201101-08.xml
- http://www.vupen.com/english/advisories/2011/0173
- http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html
- http://secunia.com/advisories/43026
- http://www.vupen.com/english/advisories/2011/0192
- http://www.vupen.com/english/advisories/2011/0191
- http://secunia.com/advisories/43025
- http://www.vupen.com/english/advisories/2011/0344
- http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt
- http://securityreason.com/securityalert/8210
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13294
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/references
- agent/softwarecombine
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/9.3.3
- version/adobe acrobat reader/9.2
- version/adobe acrobat reader/9.1
- version/adobe acrobat reader/9.1.3
- version/adobe acrobat reader/9.0
- version/adobe acrobat reader/9.1.2
- version/adobe acrobat reader/9.3.4
- version/adobe acrobat reader/9.1.1
- version/adobe acrobat reader/9.3.2
- version/adobe acrobat reader/9.3
- version/adobe acrobat reader/9.4
- version/adobe acrobat reader/9.3.1
- canonical/adobe flash player
- version/adobe flash player/10.1.85.3
- version/adobe flash player/6.0.21.0
- version/adobe flash player/6.0.79
- version/adobe flash player/7.0
- version/adobe flash player/7.0.1
- version/adobe flash player/7.0.25
- version/adobe flash player/7.0.63
- version/adobe flash player/7.0.69.0
- version/adobe flash player/7.0.70.0
- version/adobe flash player/7.1
- version/adobe flash player/7.1.1
- version/adobe flash player/7.2
- version/adobe flash player/8.0
- version/adobe flash player/8.0.22.0
- version/adobe flash player/8.0.24.0
- version/adobe flash player/8.0.33.0
- version/adobe flash player/8.0.34.0
- version/adobe flash player/8.0.35.0
- version/adobe flash player/8.0.39.0
- version/adobe flash player/8.0.42.0
- version/adobe flash player/9.0.16
- version/adobe flash player/9.0.18d60
- version/adobe flash player/9.0.20
- version/adobe flash player/9.0.20.0
- version/adobe flash player/9.0.28
- version/adobe flash player/9.0.28.0
- version/adobe flash player/9.0.31
- version/adobe flash player/9.0.31.0
- version/adobe flash player/9.0.45.0
- version/adobe flash player/9.0.47.0
- version/adobe flash player/9.0.48.0
- version/adobe flash player/9.0.112.0
- version/adobe flash player/9.0.114.0
- version/adobe flash player/9.0.115.0
- version/adobe flash player/9.0.124.0
- version/adobe flash player/9.0.125.0
- version/adobe flash player/9.0.151.0
- version/adobe flash player/9.0.152.0
- version/adobe flash player/9.0.159.0
- version/adobe flash player/9.0.246.0
- version/adobe flash player/9.0.260.0
- version/adobe flash player/9.125.0
- version/adobe flash player/10.0.0.584
- version/adobe flash player/10.0.12.10
- version/adobe flash player/10.0.12.36
- version/adobe flash player/10.0.15.3
- version/adobe flash player/10.0.22.87
- version/adobe flash player/10.0.32.18
- version/adobe flash player/10.0.42.34
- version/adobe flash player/10.0.45.2
- version/adobe flash player/10.1.52.14.1
- version/adobe flash player/10.1.52.15
- version/adobe flash player/10.1.53.64
- version/adobe flash player/10.1.82.76
- vendor/macromedia
- canonical/macromedia flash player
- version/macromedia flash player/5.0
- version/macromedia flash player/5.0_r50
- version/macromedia flash player/6.0
- version/macromedia flash player/6.0.29.0
- version/macromedia flash player/6.0.40.0
- version/macromedia flash player/6.0.47.0
- version/macromedia flash player/6.0.65.0
- version/macromedia flash player/6.0.79.0
- vendor/apple
- canonical/apple mac os x
- vendor/linux
- canonical/linux linux kernel
- vendor/microsoft
- canonical/microsoft windows
- vendor/oracle
- canonical/oracle solaris
- version/adobe flash player/10.1.95.2
- version/adobe flash player/10.1.92.8
- version/adobe flash player/10.1.92.10
- vendor/google
- canonical/google android