Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:A520932B50B0BBB9A08FD54560DAADB3
HistoryNov 16, 2010 - 12:00 a.m.

Adobe Flash Player Flash Content Parsing Code Execution

2010-11-1600:00:00
SAINT Corporation
download.saintcorporation.com
20

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.971

Percentile

99.8%

JSON

Added: 11/16/2010
CVE: CVE-2010-3654
BID: 44504
OSVDB: 68932

Background

Adobe Reader is free software for viewing PDF documents.

Problem

Adobe Reader 9.x is vulnerable to a remote code execution vulnerability as a result of parsing flash content by the bundled Adobe Flash Player.

Resolution

Apply the patches referenced in APSA10-05 when they become available. In the interim, follow the relevant directions for mitigating the vulnerability in Adobe Reader.

References

<http://www.kb.cert.org/vuls/id/298081&gt;
<http://secunia.com/advisories/42030/&gt;

Limitations

Exploit works on Adobe Reader 9.4.0 and the user must open the exploit file in Adobe Reader.

Platforms

Windows

Related

nessus 29
packetstorm 1
openvas 16
threatpost 3
checkpoint_advisories 2
prion 1
nvd 1
seebug 3
exploitpack 1
ubuntucve 1
saint 3
cert 1
canvas 1
exploitdb 2
symantec 1
metasploit 1
cvelist 1
cve 1
redhat 4
suse 2
securityvulns 3
freebsd 1
gentoo 2
securelist 1
nessus
nessus
SuSE 10 Security Update : flash-player (ZYPP Patch Number 7223)
2011-01-27 00:00:00
Adobe Reader 9 <= 9.4 (APSA10-05)
2010-10-28 00:00:00
Adobe Acrobat 9 <= 9.4 (APSA10-05)
2010-10-28 00:00:00
packetstorm
packetstorm
Adobe Flash Player "Button" Remote Code Execution
2010-11-03 00:00:00
openvas
openvas
Adobe Products Content Code Execution Vulnerability (CVE-2010-3654) - Windows
2010-11-10 00:00:00
Adobe Products Content Code Execution Vulnerability (Linux)
2010-11-10 00:00:00
Adobe Products Content Code Execution Vulnerability (CVE-2010-3654) - Linux
2010-11-10 00:00:00
threatpost
threatpost
Adobe Releases Emergency Fix for Critical Reader Flaws
2010-11-16 19:41:53
Adobe Accelerates Patch Schedule for Critical Flash Bug
2010-11-02 19:15:03
New Adobe Flash Bug Being Exploited
2010-10-28 14:03:47
checkpoint_advisories
checkpoint_advisories
Workaround for Adobe Flash Player Flash Content Parsing Code Execution Vulnerability (APSA10-05)
2010-11-01 00:00:00
Adobe Flash Player Flash Content Parsing Code Execution (APSA10-05; CVE-2010-3654)
2010-11-01 00:00:00
prion
prion
Memory corruption
2010-10-29 19:00:00
nvd
nvd
CVE-2010-3654
2010-10-29 19:00:02
seebug
seebug
Adobe Flash Player authplay.dllεΊ“PDFζ–‡δ»Άθ§£ζžθΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž
2010-11-01 00:00:00
Adobe Flash Player < 10.1.53 .64 Action Script Type Confusion Exploit (DEP+ASLR bypass)
2014-07-01 00:00:00
Adobe Flash Player "Button" Remote Code Execution
2014-07-01 00:00:00
exploitpack
exploitpack
Adobe Flash Player 10.1.53.64 - Action Script Type Confusion (ASLR + DEP Bypass)
2011-04-19 00:00:00
ubuntucve
ubuntucve
CVE-2010-3654
2010-10-29 00:00:00
saint
saint
Adobe Flash Player Flash Content Parsing Code Execution
2010-11-16 00:00:00
Adobe Flash Player Flash Content Parsing Code Execution
2010-11-16 00:00:00
Adobe Flash Player Flash Content Parsing Code Execution
2010-11-16 00:00:00
cert
cert
Adobe Flash code execution vulnerability
2010-10-28 00:00:00
canvas
canvas
Immunity Canvas: ADOBE_FLASH_BUTTON
2010-10-29 19:00:00
exploitdb
exploitdb
Adobe Flash Player - &#039;Button&#039; Arbitrary Code Execution (Metasploit)
2010-11-01 00:00:00
Adobe Flash Player &lt; 10.1.53.64 - Action Script Type Confusion (ASLR + DEP Bypass)
2011-04-19 00:00:00
symantec
symantec
Adobe Acrobat, Reader, and Flash CVE-2010-3654 Remote Code Execution Vulnerability
2010-10-28 00:00:00
metasploit
metasploit
Adobe Flash Player "Button" Remote Code Execution
2010-11-01 22:34:13
cvelist
cvelist
CVE-2010-3654
2010-10-29 18:00:00
cve
cve
CVE-2010-3654
2010-10-29 19:00:02
redhat
redhat
(RHSA-2010:0934) Critical: acroread security update
2010-12-01 00:00:00
(RHSA-2010:0834) Critical: flash-plugin security update
2010-11-08 00:00:00
(RHSA-2010:0867) Critical: flash-plugin security update
2010-11-10 00:00:00
suse
suse
remote code execution in acoread
2010-12-08 17:17:01
remote code execution in flash-player
2010-11-05 13:12:10
securityvulns
securityvulns
Adobe Flash Player multiple security vulnerabilities
2010-11-08 00:00:00
Security update available for Adobe Flash Player
2010-11-08 00:00:00
About the security content of Mac OS X v10.6.5 and Security Update 2010-007
2010-11-18 00:00:00
freebsd
freebsd
linux-flashplugin -- multiple vulnerabilities
2010-09-28 00:00:00
gentoo
gentoo
Adobe Reader: Multiple vulnerabilities
2011-01-21 00:00:00
Adobe Flash Player: Multiple vulnerabilities
2011-01-21 00:00:00
securelist
securelist
Investigation Report for the September 2014 Equation malware detection incident in the US
2017-11-16 10:00:34

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.971

Percentile

99.8%

JSON
Related for SAINT:A520932B50B0BBB9A08FD54560DAADB3
nessus29packetstorm1openvas16threatpost3checkpoint_advisories2prion1nvd1seebug3exploitpack1ubuntucve1saint3cert1canvas1exploitdb2symantec1metasploit1cvelist1cve1redhat4suse2securityvulns3freebsd1gentoo2securelist1