Adobe Flash Player Flash Content Parsing Code Execution

Added: 11/16/2010
CVE: CVE-2010-3654
BID: 44504
OSVDB: 68932

Background

Adobe Reader is free software for viewing PDF documents.

Problem

Adobe Reader 9.x is vulnerable to a remote code execution vulnerability as a result of parsing flash content by the bundled Adobe Flash Player.

Resolution

Apply the patches referenced in APSA10-05 when they become available. In the interim, follow the relevant directions for mitigating the vulnerability in Adobe Reader.

References

http://www.kb.cert.org/vuls/id/298081
http://secunia.com/advisories/42030/

Limitations

Exploit works on Adobe Reader 9.4.0 and the user must open the exploit file in Adobe Reader.

Platforms

Windows

Back to exploit index