Adobe Reader authplay.dll newfunction Memory Corruption

Added: 06/17/2010
CVE: CVE-2010-1297
BID: 40586
OSVDB: 65141

Background

Adobe Reader is free software for viewing PDF documents.

Problem

A memory corruption vulnerability in authplay.dll provided with Adobe Reader 9.3.2 and earlier 9.x versions allows command execution when a user opens a specially crafted PDF file that contains Shockwave Flash (SWF) content that calls the newfunction() function with invalid parameters.

Resolution

Apply the patches referenced in APSA10-01 when they become available. In the interim, follow the relevant directions for mitigating the vulnerability in Adobe Reader.

References

http://secunia.com/advisories/40034

Limitations

Exploit works on Adobe Reader 9.3.0.

The user must open the exploit file in Adobe Reader.

Platforms

Windows

Back to exploit index