CVE-2010-2884

High PUBLISHED

Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and...

Adobe · Flash Player, Reader, Acrobat

Not yet in CISA KEV

Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
High
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
9.3 High

At a Glance

Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010.

linux windows android macos
CVE Published
Sep 15, 2010
Exploitation Reported
Sep 15, 2010
CVSS
9.3 High
EPSS
Remote Unauthenticated

Affected Versions

Vendor Product Version Status
n/a
n/a

n/a

Affected

CVE References

  • SUSE-SA:2010:048 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001...
  • GLSA-201101-09 security.gentoo.org · Vendor Advisory http://security.gentoo.org/glsa/glsa-201101-09.xml
  • APPLE-SA-2010-11-10-1 lists.apple.com · Vendor Advisory http://lists.apple.com/archives/security-announce/2010//Nov/msg00000....
  • GLSA-201101-08 security.gentoo.org · Vendor Advisory http://security.gentoo.org/glsa/glsa-201101-08.xml
  • RHSA-2010:0743 redhat.com · Vendor Advisory http://www.redhat.com/support/errata/RHSA-2010-0743.html
Show 21 more references
  • RHSA-2010:0706 redhat.com · Vendor Advisory http://www.redhat.com/support/errata/RHSA-2010-0706.html
  • SUSE-SR:2010:019 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006...
  • TA10-263A us-cert.gov · Third-Party Advisory http://www.us-cert.gov/cas/techalerts/TA10-263A.html
  • 43025 secunia.com · Third-Party Advisory http://secunia.com/advisories/43025
  • 43026 secunia.com · Third-Party Advisory http://secunia.com/advisories/43026
  • 41526 secunia.com · Third-Party Advisory http://secunia.com/advisories/41526
  • TA10-279A us-cert.gov · Third-Party Advisory http://www.us-cert.gov/cas/techalerts/TA10-279A.html
  • 41443 secunia.com · Third-Party Advisory http://secunia.com/advisories/41443
  • 41434 secunia.com · Third-Party Advisory http://secunia.com/advisories/41434
  • VU#275289 kb.cert.org · Third-Party Advisory http://www.kb.cert.org/vuls/id/275289
  • 41435 secunia.com · Third-Party Advisory http://secunia.com/advisories/41435
  • ADV-2011-0192 vupen.com · VDB Entry http://www.vupen.com/english/advisories/2011/0192
  • ADV-2011-0191 vupen.com · VDB Entry http://www.vupen.com/english/advisories/2011/0191
  • oval:org.mitre.oval:def:6852 oval.cisecurity.org · VDB Entry https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.m...
  • adobe-flash-content-code-execution(61771) exchange.xforce.ibmcloud.com · VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/61771
  • ADV-2010-2348 vupen.com · VDB Entry http://www.vupen.com/english/advisories/2010/2348
  • ADV-2010-2349 vupen.com · VDB Entry http://www.vupen.com/english/advisories/2010/2349
  • support.apple.com/kb/HT4435 support.apple.com · CVE Record http://support.apple.com/kb/HT4435
  • adobe.com/support/security/advisories/apsa10-03.html adobe.com · CVE Record http://www.adobe.com/support/security/advisories/apsa10-03.html
  • adobe.com/support/security/bulletins/apsb10-22.html adobe.com · CVE Record http://www.adobe.com/support/security/bulletins/apsb10-22.html
  • adobe.com/support/security/bulletins/apsb10-21.html adobe.com · CVE Record http://www.adobe.com/support/security/bulletins/apsb10-21.html

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.