1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Adobe Flash Player Memory Corruption Vulnerability

Known Exploited Vulnerabilities CVE-2010-1297 Mappings

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2010-1297 Adobe Flash Player Memory Corruption Vulnerability primary_impact T1105 Ingress Tool Transfer
Comments
This vulnerability is exploited by crafted swf content via drive-by compromise when a user visits a malicious website. This vulnerability is also exploited via user execution of a maliciously crafted pdf file. In the wild, threat actors have used this to download malicious software onto the target system.
References
  1. https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Exploit:SWF/CVE-2010-1297.A
CVE-2010-1297 Adobe Flash Player Memory Corruption Vulnerability exploitation_technique T1204.002 Malicious File
Comments
This vulnerability is exploited by crafted swf content via drive-by compromise when a user visits a malicious website. This vulnerability is also exploited via user execution of a maliciously crafted pdf file. In the wild, threat actors have used this to download malicious software onto the target system.
References
  1. https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Exploit:SWF/CVE-2010-1297.A
CVE-2010-1297 Adobe Flash Player Memory Corruption Vulnerability exploitation_technique T1189 Drive-by Compromise
Comments
This vulnerability is exploited by crafted swf content via drive-by compromise when a user visits a malicious website. This vulnerability is also exploited via user execution of a maliciously crafted pdf file. In the wild, threat actors have used this to download malicious software onto the target system.
References
  1. https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Exploit:SWF/CVE-2010-1297.A