CVE-2010-3654
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- September 28, 2010
- Published Date
- October 29, 2010
- Last Updated
- August 07, 2024
- Vendor
- Adobe
- Product
- Flash Player
- Description
- Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.
- Tags
- Exploited in the Wild
- Yes (2010-10-29 18:00:00 UTC) Source
windows
linux
macos
android
metasploit_scanner
CVSS Scores
CVSS v2.0
9.3
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploit Status
References
http://www.vupen.com/english/advisories/2011/0192
http://secunia.com/advisories/42183
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
http://support.apple.com/kb/HT4435
http://secunia.com/advisories/42030
http://www.vupen.com/english/advisories/2011/0191
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1
http://secunia.com/advisories/43025
http://www.vupen.com/english/advisories/2011/0344
http://secunia.com/advisories/43026
http://security.gentoo.org/glsa/glsa-201101-09.xml
http://www.vupen.com/english/advisories/2010/2918
http://www.vupen.com/english/advisories/2010/3111
http://secunia.com/advisories/41917
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://security.gentoo.org/glsa/glsa-201101-08.xml
http://www.redhat.com/support/errata/RHSA-2010-0834.html
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html
http://www.securitytracker.com/id?1024660
http://secunia.com/advisories/42926
http://www.redhat.com/support/errata/RHSA-2010-0934.html
http://www.vupen.com/english/advisories/2010/2903
http://www.vupen.com/english/advisories/2011/0173
http://secunia.com/advisories/42401
http://www.adobe.com/support/security/bulletins/apsb10-26.html
http://www.kb.cert.org/vuls/id/298081
http://www.securitytracker.com/id?1024659
http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt
http://www.securityfocus.com/bid/44504
http://www.adobe.com/support/security/advisories/apsa10-05.html
http://www.adobe.com/support/security/bulletins/apsb10-28.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html
http://securityreason.com/securityalert/8210
http://www.vupen.com/english/advisories/2010/2906
http://www.redhat.com/support/errata/RHSA-2010-0867.html
http://www.redhat.com/support/errata/RHSA-2010-0829.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13294
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CVE | 2010-10-29 18:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/adobe_flashplayer_button.rb | 2025-04-29 11:01:33 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
adobe_flashplayer_button
Type: metasploit • Created: Unknown
Metasploit module for CVE-2010-3654
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Metasploit