Memory corruption in Adobe Flash Player and Adobe AIR - CVE-2010-3654
Published: January 31, 2017 / Updated: November 20, 2020
Vulnerability identifier: #VU5540
CSH Severity: Critical
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2010-3654
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: Adobe
Affected software:
Adobe Flash Player
Adobe AIR
Adobe Flash Player
Adobe AIR
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary when processing .swf files in Adobe Flash Player. A remote attacker can create a specially crafted. swf file, trick the victim into opening it, cause memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: this vulnerability is being actively exploited via specially crafted .pdf files.
How to mitigate CVE-2010-3654
Update Flash Player to version 10.1.102.64.
Update Flash Player for Android to version 10.1.105.6.
Update AIR to version 2.5.1.
Update Flash CS3 Professional and Flex 3 to version 9.0.289.0.
Update Flash Player for Android to version 10.1.105.6.
Update AIR to version 2.5.1.
Update Flash CS3 Professional and Flex 3 to version 9.0.289.0.