RCE in Adobe Adobe_air

CVE-2010-0187

Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.553 (98.1th percentile) — read the EPSS interpretation.

Affected products

Adobe Adobe_air — versions 1.0, 1.5.1, 1.5.2
Adobe Flash_player — versions 7.0.63, 7.2, 7.1.1
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

APPLE-SA-2010-06-15-1 (vendor-advisory, x_refsource_APPLE)
SUSE-SR:2010:006 (vendor-advisory, x_refsource_SUSE)
psirt@adobe.com (x_refsource_MISC)
38547 (x_refsource_SECUNIA, third-party-advisory)
38915 (x_refsource_SECUNIA, third-party-advisory)
40220 (x_refsource_SECUNIA, third-party-advisory)
43026 (x_refsource_SECUNIA, third-party-advisory)
GLSA-201101-09 (vendor-advisory, x_refsource_GENTOO)
1023585 (vdb-entry, x_refsource_SECTRACK)
psirt@adobe.com (x_refsource_CONFIRM)