CVE-2010-1297

CVE Database · CVE-2010-1297

CVE-2010-1297

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

82.30%

Published

Jun 8, 2010

Modified

Apr 21, 2026

CISA Known Exploited Vulnerability

Added: 2022-06-08 · Due: 2022-06-22

The impacted product is end-of-life and should be disconnected if still in use.

Public PoC / Exploit (5)

All weaponized →

Exploit-DBAdobe Flash / Reader - Live Malware Exploit-DBAdobe Flash Player - 'newfunction' Invalid Pointer Use (Metasploit) (1)Exploit-DBAdobe Flash Player - 'newfunction' Invalid Pointer Use (Metasploit) (2)Exploit-DBAdobe Acrobat Reader and Flash Player - 'newclass' Invalid Pointer TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-787CWE-787

Affected Products (11)

adobe · air (up to 2.0.2.12610)vulnerable

adobe · flash_player (up to 9.0.277.0)vulnerable

adobe · flash_player (up to 10.1.53.64)vulnerable

adobe · acrobat (up to 8.2.3)vulnerable

adobe · acrobat (up to 9.3.3)vulnerable

apple · mac_os_x

microsoft · windows