Adobe Reader authplay.dll newfunction Memory Corruption
Added: 06/17/2010CVE: CVE-2010-1297
BID: 40586
OSVDB: 65141
Background
Adobe Reader is free software for viewing PDF documents.Problem
A memory corruption vulnerability in authplay.dll provided with Adobe Reader 9.3.2 and earlier 9.x versions allows command execution when a user opens a specially crafted PDF file that contains Shockwave Flash (SWF) content that calls the newfunction() function with invalid parameters.Resolution
Apply the patches referenced in APSA10-01 when they become available. In the interim, follow the relevant directions for mitigating the vulnerability in Adobe Reader.References
http://secunia.com/advisories/40034Limitations
Exploit works on Adobe Reader 9.3.0.The user must open the exploit file in Adobe Reader.
Platforms
WindowsBack to exploit index