Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2010-1297 | Adobe Flash Player Memory Corruption Vulnerability | primary_impact | T1105 | Ingress Tool Transfer |
Comments
This vulnerability is exploited by crafted swf content via drive-by compromise when a user visits a malicious website.
This vulnerability is also exploited via user execution of a maliciously crafted pdf file.
In the wild, threat actors have used this to download malicious software onto the target system.
References
|
| CVE-2010-1297 | Adobe Flash Player Memory Corruption Vulnerability | exploitation_technique | T1204.002 | Malicious File |
Comments
This vulnerability is exploited by crafted swf content via drive-by compromise when a user visits a malicious website.
This vulnerability is also exploited via user execution of a maliciously crafted pdf file.
In the wild, threat actors have used this to download malicious software onto the target system.
References
|
| CVE-2010-1297 | Adobe Flash Player Memory Corruption Vulnerability | exploitation_technique | T1189 | Drive-by Compromise |
Comments
This vulnerability is exploited by crafted swf content via drive-by compromise when a user visits a malicious website.
This vulnerability is also exploited via user execution of a maliciously crafted pdf file.
In the wild, threat actors have used this to download malicious software onto the target system.
References
|