Security Advisory CVE-2010-1297 has been posted due to a critical vulnerability in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems. The advisory includes the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems.
This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat.
Adobe's Product Security Incident Response Team (PSIRT) has confirmed that the 8.x versions of Adobe Reader and Acrobat are not vulnerable in this instance. However, there are other vulnerabilities affecting the 8.x versions. The PSIRT also reports that the Flash Player 10.1 Release Candidate does not appear to be vulnerable.
Release date: June 4, 2010
Vulnerability identifier: APSA10-01
CVE number: CVE-2010-1297
PSIRT:
Security Advisory for Flash Player, Adobe Reader and AcrobatAdobe Security Advisories:
Security Advisory for Flash Player, Adobe Reader and AcrobatMitigations:
Reports are that exploitation of the critical vulnerability in Adobe Flash player is growing rapidly. This vulnerability can also be vectored through malicious PDF files to invoke Flash. See
Adobe Flash/Reader Vulnerability Mitigation Options.
