Buffer overflow in Adobe Acrobat
CVE-2010-3654
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9…
Vulnerability class: Buffer Overflow
EPSS: 0.936 (99.8th percentile) — read the EPSS interpretation.
Affected products
- Adobe Acrobat — versions 9.1.2, 9.1.3, 9.0
- Adobe Acrobat_reader — versions 9.1.2, 9.1.3, 9.0
- Adobe Flash_player — versions 7.0.63, 7.2, 7.1.1
- Apple Mac_os_x
- Google Android
- Linux Linux_kernel
- Macromedia Flash_player — versions 6.0.47.0, 6.0.79.0, 5.0_r50
- Microsoft Windows
- Oracle Solaris
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- ADV-2011-0192 (vdb-entry, x_refsource_VUPEN)
- 42183 (x_refsource_SECUNIA, third-party-advisory)
- psirt@adobe.com (Exploit, x_refsource_MISC)
- psirt@adobe.com (x_refsource_CONFIRM)
- 42030 (x_refsource_SECUNIA, third-party-advisory)
- ADV-2011-0191 (vdb-entry, x_refsource_VUPEN)
- psirt@adobe.com (x_refsource_CONFIRM)
- 43025 (x_refsource_SECUNIA, third-party-advisory)
- ADV-2011-0344 (vdb-entry, x_refsource_VUPEN)
- 43026 (x_refsource_SECUNIA, third-party-advisory)
Frequently asked questions
- What is CVE-2010-3654?
- CVE-2010-3654 is a vulnerability in Adobe Acrobat, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2010-10-29.
- Is CVE-2010-3654 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.