Signature Detail

HTTP: Adobe Flash Player DefineFunction2 Remote Code Execution

This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.

Extended Description

Adobe Flash Player is prone to a remote memory corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it.

Affected Products

• Adobe air 1.0
• Adobe air 1.01
• Adobe air 1.1
• Adobe air 1.5
• Adobe air 1.5.1
• Adobe air 1.5.2
• Adobe air 1.5.3
• Adobe air 1.5.3.9120
• Adobe air 1.5.3.9130
• Adobe air 2.0.2
• Adobe air 2.0.2.12610
• Adobe air 2.0.3
• Adobe air 2.0.3
• Adobe air 2.0.4
• Adobe flash_player 10
• Adobe flash_player 10.0.0.584
• Adobe flash_player 10.0.12.10
• Adobe flash_player 10.0.12 .35
• Adobe flash_player 10.0.12 .36
• Adobe flash_player 10.0.15 .3
• Adobe flash_player 10.0.22.87
• Adobe flash_player 10.0.32 18
• Adobe flash_player 10.0.32.18
• Adobe flash_player 10.0.42.34
• Adobe flash_player 10.0.45 2
• Adobe flash_player 10.0.45 2
• Adobe flash_player 10.0.45.2
• Adobe flash_player 10.1.51.66
• Adobe flash_player 10.1.53.64
• Adobe flash_player 10.1.82.76
• Adobe flash_player 10.1.85.3
• Adobe flash_player 10.1.92.10
• Adobe flash_player 10.1.92.10
• Adobe flash_player 10.1.95.1
• Adobe flash_player 10.1.95.2
• Adobe flash_player 10.1 Release Candidate
• Adobe flash_player 9
• Adobe flash_player 9.0.112.0
• Adobe flash_player 9.0.114.0
• Adobe flash_player 9.0.115.0
• Adobe flash_player 9.0.124.0
• Adobe flash_player 9.0.125.0
• Adobe flash_player 9.0.151 .0
• Adobe flash_player 9.0.152 .0
• Adobe flash_player 9.0.159.0
• Adobe flash_player 9.0.16
• Adobe flash_player 9.0.18D60
• Adobe flash_player 9.0.20
• Adobe flash_player 9.0.20.0
• Adobe flash_player 9.0.246 0
• Adobe flash_player 9.0.246.0
• Adobe flash_player 9.0.260.0
• Adobe flash_player 9.0.262
• Adobe flash_player 9.0.277.0
• Adobe flash_player 9.0.280
• Adobe flash_player 9.0.28.0
• Adobe flash_player 9.0.28.0
• Adobe flash_player 9.0.31.0
• Adobe flash_player 9.0.31.0
• Adobe flash_player 9.0.45.0
• Adobe flash_player 9.0.47.0
• Adobe flash_player 9.0.48.0
• Adobe flash_player 9.125.0
• Apple mac_os_x 10.5
• Apple mac_os_x 10.5.0
• Apple mac_os_x 10.5.1
• Apple mac_os_x 10.5.2
• Apple mac_os_x 10.5.3
• Apple mac_os_x 10.5.4
• Apple mac_os_x 10.5.5
• Apple mac_os_x 10.5.6
• Apple mac_os_x 10.5.7
• Apple mac_os_x 10.5.8
• Apple mac_os_x 10.6
• Apple mac_os_x 10.6.1
• Apple mac_os_x 10.6.2
• Apple mac_os_x 10.6.3
• Apple mac_os_x 10.6.4
• Apple mac_os_x_server 10.5
• Apple mac_os_x_server 10.5.0
• Apple mac_os_x_server 10.5.1
• Apple mac_os_x_server 10.5.2
• Apple mac_os_x_server 10.5.3
• Apple mac_os_x_server 10.5.4
• Apple mac_os_x_server 10.5.5
• Apple mac_os_x_server 10.5.6
• Apple mac_os_x_server 10.5.7
• Apple mac_os_x_server 10.5.8
• Apple mac_os_x_server 10.6
• Apple mac_os_x_server 10.6.1
• Apple mac_os_x_server 10.6.2
• Apple mac_os_x_server 10.6.3
• Apple mac_os_x_server 10.6.4
• Gentoo linux
• Hp systems_insight_manager 6.0
• Hp systems_insight_manager 6.0.0.96
• Hp systems_insight_manager 6.1
• Hp systems_insight_manager 6.2
• Red_hat desktop_extras 4
• Red_hat enterprise_linux_as_extras 4
• Red_hat enterprise_linux_desktop_supplementary 5 Client
• Red_hat enterprise_linux_es_extras 4
• Red_hat enterprise_linux_extras 4
• Red_hat enterprise_linux_supplementary 5 Server
• Red_hat enterprise_linux_ws_extras 4
• Sun solaris 10 Sparc
• Sun solaris 10 X86
• Sun solaris 11
• Sun solaris 11 Express
• Suse opensuse 11.1
• Suse opensuse 11.2
• Suse opensuse 11.3
• Suse suse_linux_enterprise_desktop 11
• Suse suse_linux_enterprise_desktop 11 SP1

References

• BugTraq: 44682
• CVE: CVE-2010-3646