Vulnerability Detail
Enriched intelligence for a single CVE
High
CVE-2010-3654
PUBLISHEDAdobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll...
Not yet in CISA KEV
- Vendor
- Adobe
- Product
- Flash Player
- Published
- Oct 29, 2010
- EPSS
- —
Automate This Intelligence with the Pro API
Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.
Description
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.
CVSS Scores
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitation Status
Exploited in the wild
Recorded 2010-10-29 18:00:00 UTC · CVE
Proof of concept available
Recorded 2025-04-28 15:02:44 UTC
References
- http://www.vupen.com/english/advisories/2011/0192
- http://secunia.com/advisories/42183
- http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
- http://support.apple.com/kb/HT4435
- http://secunia.com/advisories/42030
- http://www.vupen.com/english/advisories/2011/0191
- http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1
- http://secunia.com/advisories/43025
- http://www.vupen.com/english/advisories/2011/0344
- http://secunia.com/advisories/43026
- http://security.gentoo.org/glsa/glsa-201101-09.xml
- http://www.vupen.com/english/advisories/2010/2918
- http://www.vupen.com/english/advisories/2010/3111
- http://secunia.com/advisories/41917
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
- http://security.gentoo.org/glsa/glsa-201101-08.xml
- http://www.redhat.com/support/errata/RHSA-2010-0834.html
- http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html
- http://www.securitytracker.com/id?1024660
- http://secunia.com/advisories/42926
- http://www.redhat.com/support/errata/RHSA-2010-0934.html
- http://www.vupen.com/english/advisories/2010/2903
- http://www.vupen.com/english/advisories/2011/0173
- http://secunia.com/advisories/42401
- http://www.adobe.com/support/security/bulletins/apsb10-26.html
- http://www.kb.cert.org/vuls/id/298081
- http://www.securitytracker.com/id?1024659
- http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt
- http://www.securityfocus.com/bid/44504
- http://www.adobe.com/support/security/advisories/apsa10-05.html
- http://www.adobe.com/support/security/bulletins/apsb10-28.html
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html
- http://securityreason.com/securityalert/8210
- http://www.vupen.com/english/advisories/2010/2906
- http://www.redhat.com/support/errata/RHSA-2010-0867.html
- http://www.redhat.com/support/errata/RHSA-2010-0829.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13294
Known Exploited Vulnerability Sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CVE First | 2010-10-29 18:00 UTC |
Scanner Integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/adobe_flashplayer_button.rb | Apr 28, 2025 |
Potential Proof of Concepts
These PoCs are unverified and could contain malware. Use at your own risk.
Timeline
-
Detected by Metasploit
-
Proof of Concept Exploit Available
-
Added to KEVIntel
-
CVE Published to Public
-
CVE ID Reserved