Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Adobe Zero-Day Exploit in the wild (CVE-2010-1297)

    • Updated:
    • 16 Oct 2015
    • Product/Version:
    • InterScan Messaging Security Suite 7.1 Linux
    • InterScan Messaging Security Suite 7.1 Windows
    • InterScan Viruswall for SMB (Windows) 6.0
    • InterScan Web Security Suite 3.1 Linux
    • InterScan Web Security Suite 3.1 Windows
    • ScanMail for Lotus Domino 5.0 Windows
    • Trend Micro Security for Mac 1.5
    • Trend Micro Security for Mac 2.0
    • Worry-Free Business Security Standard/Advanced 7.0
    • Platform:
    • Linux - Red Hat RHEL 3 32-bit
    • Linux - Red Hat RHEL 3 64-bit
    • Linux - Red Hat RHEL 4 32-bit
    • Linux - Red Hat RHEL 4 64-bit
    • Linux - Red Hat RHEL 5 32-bit
    • Linux - Red Hat RHEL 5 64-bit
    • Linux - Red Hat RHEL 6 32-bit
    • Linux - Red Hat RHEL 6 64-bit
    • Linux - SuSE version 10
    • Linux - SuSE version 9
    • Macintosh Leopard
    • Macintosh Snow Leopard
    • Macintosh Tiger
    • Unix - Solaris (Sun) version 10 (SunOS 5.10)
    • Unix - Solaris (Sun) version 7 (SunOS 5.7)
    • Unix - Solaris (Sun) version 8 (SunOS 5.8)
    • Unix - Solaris (Sun) version 9 (SunOS 5.9)
    • Windows 2000 Advanced Server
    • Windows 2000 Datacenter Server
    • Windows 2000 Professional
    • Windows 2000 Server
    • Windows 2000 Small Business Server
    • Windows 2003 Datacenter Server
    • Windows 2003 Datacenter Server Edition 64-bit
    • Windows 2003 Enterprise Server
    • Windows 2003 Home Server
    • Windows 2003 Small Business Server
    • Windows 2003 Standard Server Edition
    • Windows 2003 Standard Server Edition 64-bit
    • Windows 2003 Storage Server
    • Windows 2003 Web Server Edition
    • Windows 2008 Datacenter Server
    • Windows 2008 Datacenter Server Edition 64-bit
    • Windows 2008 Enterprise Server
    • Windows 2008 Enterprise Server Edition 64-bit
    • Windows 2008 Essential Business Server
    • Windows 2008 Small Business Server
    • Windows 2008 Standard Server Edition
    • Windows 2008 Standard Server Edition 64-bit
    • Windows 2008 Storage Server
    • Windows 2008 Web Server Edition
    • Windows 2008 Web Server Edition 64-bit
    • Windows 7 32-bit
    • Windows 7 64-bit
    • Windows Vista 32-bit
    • Windows Vista 64-bit
    • Windows XP Professional
    • Windows XP Professional 64-bit
Summary

critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier version for Windows, Macintosh, Linux and Solaris operating systems. The authplay.dll component that is shipped with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems said to be vulnerable.

This vulnerability (CVE-2010-1297) can cause a crash and can potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both the Adobe Flash Player, and Adobe Reader and Acrobat.

Here are the affected software versions:

  • Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris.
  • Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX.
 
The following are confirmed not vulnerable:
Details
Public

Trend Micro recommends the following actions to avoid or contain this issue:

  • Update to the latest pattern file. Trend Micro can already detect the malicious PDF as TROJ_PIDIEF.WX since CPR 7.222.02.
  • Apply the latest patch from Adobe or upgrade to the latest version/build of the affected Adobe applications.

Below are additional information about this vulnerability:

Premium
Internal
Rating:
Category:
Remove a Malware / Virus
Solution Id:
1055909
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.