CVE-2010-2884
published 2010-09-15CVE-2010-2884: Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x…
PriorityP275critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
15.62%
96.4th percentile
Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010.
Affected
161 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat | <= 9.3.4 | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability was actively exploited in the wild in September 2010; any Flash or PDF content delivered during that period should be treated as suspicious ↗
- →Flash Player versions at or below 10.1.82.76 (Windows/Mac/Linux/Solaris) and 10.1.92.10 (Android) are vulnerable; flag these version strings in asset inventory or HTTP User-Agent/plugin telemetry ↗
- →Adobe Reader/Acrobat 9.x before 9.4 and 8.x before 8.2.5 ship the vulnerable authplay.dll; presence of this DLL in those version ranges indicates an exploitable host ↗
- →Fixed Flash versions to use as a detection threshold: Flash 10 patched at 10.1.85.3, Flash 9 patched at 9.0.283 — alert on any version below these thresholds ↗
- ·The attack vectors are unspecified in all public disclosures; no specific file format, network pattern, or payload structure has been published, limiting signature-based detection ↗
- ·Red Hat marked both acroread and flash-plugin packages as 'Not affected' for RHEL 6, so detection rules targeting RHEL 6 package versions may produce false positives ↗
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v9gp-hvmh-g79c: Adobe Flash Player 10
ghsa_unreviewed·2022-05-14
CVE-2010-2884 [HIGH] GHSA-v9gp-hvmh-g79c: Adobe Flash Player 10
Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010.
VulnCheck
Adobe Flash Player Denial of Service
vulncheck·2010·CVSS 9.3
CVE-2010-2884 [CRITICAL] Adobe Flash Player Denial of Service
Adobe Flash Player Denial of Service
Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010.
Affected: Adobe Flash Player
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.cve.org/CVERecord?id=CVE-2010-2884; https://web.archive.org/web/20150108035644/https://www.fireeye.com/blog/threat-re
Red Hat
Flash: crash or potential arbitrary code execution (APSB10-22)
vendor_redhat·2010-09-13·CVSS 9.3
CVE-2010-2884 [CRITICAL] Flash: crash or potential arbitrary code execution (APSB10-22)
Flash: crash or potential arbitrary code execution (APSB10-22)
Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010.
Package: acroread (Red Hat Enterprise Linux 6) - Not affected
Package: flash-plugin (Red Hat Enterprise Linux 6) - Not affected
No detection rules found.
No public exploits indexed.
Bugzilla
acroread: multiple code execution flaws (APSB10-21)
bugzilla·2010-10-04·CVSS 7.3
CVE-2010-2883 [HIGH] acroread: multiple code execution flaws (APSB10-21)
acroread: multiple code execution flaws (APSB10-21)
Adobe security bulletin APSB10-21 describes multiple security flaws that can lead to arbitrary code execution when malicious PDF file is opened in Adobe Reader.
http://www.adobe.com/support/security/bulletins/apsb10-21.html
Two of the issues were previously public, as they were exploited in the wild:
This update resolves a font-parsing input validation vulnerability that could lead to code execution (CVE-2010-2883). (see bug #632267)
This update resolves a memory corruption vulnerability in the authplay.dll component that could lead to code execution (CVE-2010-2884). (see bug #633917, affects embedded Flash player)
Additional issues with possible code execution impact:
This update resolves a font-parsing input validation vulnerabil
Bugzilla
CVE-2010-2884 Adobe Flash: crash or potential arbitrary code execution (APSB10-22)
bugzilla·2010-09-14·CVSS 9.3
CVE-2010-2884 [CRITICAL] CVE-2010-2884 Adobe Flash: crash or potential arbitrary code execution (APSB10-22)
CVE-2010-2884 Adobe Flash: crash or potential arbitrary code execution (APSB10-22)
A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android. This vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system.
References:
http://www.adobe.com/support/security/advisories/apsa10-03.html
Discussion:
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2884 to
the following vulnerability:
Name: CVE-2010-2884
URL: http://cve.mitre.org/cgi-bin/cvena
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.htmlhttp://secunia.com/advisories/41434http://secunia.com/advisories/41435http://secunia.com/advisories/41443http://secunia.com/advisories/41526http://secunia.com/advisories/43025http://secunia.com/advisories/43026http://security.gentoo.org/glsa/glsa-201101-08.xmlhttp://security.gentoo.org/glsa/glsa-201101-09.xmlhttp://support.apple.com/kb/HT4435http://www.adobe.com/support/security/advisories/apsa10-03.htmlhttp://www.adobe.com/support/security/bulletins/apsb10-21.htmlhttp://www.adobe.com/support/security/bulletins/apsb10-22.htmlhttp://www.kb.cert.org/vuls/id/275289http://www.redhat.com/support/errata/RHSA-2010-0706.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0743.htmlhttp://www.us-cert.gov/cas/techalerts/TA10-263A.htmlhttp://www.us-cert.gov/cas/techalerts/TA10-279A.htmlhttp://www.vupen.com/english/advisories/2010/2348http://www.vupen.com/english/advisories/2010/2349http://www.vupen.com/english/advisories/2011/0191http://www.vupen.com/english/advisories/2011/0192https://exchange.xforce.ibmcloud.com/vulnerabilities/61771https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6852http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.htmlhttp://secunia.com/advisories/41434http://secunia.com/advisories/41435http://secunia.com/advisories/41443http://secunia.com/advisories/41526http://secunia.com/advisories/43025http://secunia.com/advisories/43026http://security.gentoo.org/glsa/glsa-201101-08.xmlhttp://security.gentoo.org/glsa/glsa-201101-09.xmlhttp://support.apple.com/kb/HT4435http://www.adobe.com/support/security/advisories/apsa10-03.htmlhttp://www.adobe.com/support/security/bulletins/apsb10-21.htmlhttp://www.adobe.com/support/security/bulletins/apsb10-22.htmlhttp://www.kb.cert.org/vuls/id/275289http://www.redhat.com/support/errata/RHSA-2010-0706.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0743.htmlhttp://www.us-cert.gov/cas/techalerts/TA10-263A.htmlhttp://www.us-cert.gov/cas/techalerts/TA10-279A.htmlhttp://www.vupen.com/english/advisories/2010/2348http://www.vupen.com/english/advisories/2010/2349http://www.vupen.com/english/advisories/2011/0191http://www.vupen.com/english/advisories/2011/0192https://exchange.xforce.ibmcloud.com/vulnerabilities/61771https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6852
2010-09-15
Published
Exploited in the wild