Signature Detail

HTTP: Adobe Flash Player ActionScript SetTarget Remote Code Execution

This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.

Extended Description

Adobe Flash Player is prone to a remote memory corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it.

Affected Products

• Adobe AIR 1.0
• Adobe AIR 1.01
• Adobe AIR 1.1
• Adobe AIR 1.5
• Adobe AIR 1.5.1
• Adobe AIR 1.5.2
• Adobe AIR 1.5.3
• Adobe AIR 1.5.3.9120
• Adobe AIR 1.5.3.9130
• Adobe AIR 2.0.2
• Adobe AIR 2.0.2.12610
• Adobe AIR 2.0.3
• Adobe AIR 2.0.3
• Adobe AIR 2.0.4
• Adobe Flash Player 10
• Adobe Flash Player 10.0.0.584
• Adobe Flash Player 10.0.12.10
• Adobe Flash Player 10.0.12 .35
• Adobe Flash Player 10.0.12 .36
• Adobe Flash Player 10.0.15 .3
• Adobe Flash Player 10.0.22.87
• Adobe Flash Player 10.0.32 18
• Adobe Flash Player 10.0.32.18
• Adobe Flash Player 10.0.42.34
• Adobe Flash Player 10.0.45 2
• Adobe Flash Player 10.0.45 2
• Adobe Flash Player 10.0.45.2
• Adobe Flash Player 10.1.51.66
• Adobe Flash Player 10.1.53.64
• Adobe Flash Player 10.1.82.76
• Adobe Flash Player 10.1.85.3
• Adobe Flash Player 10.1.92.10
• Adobe Flash Player 10.1.92.10
• Adobe Flash Player 10.1.95.1
• Adobe Flash Player 10.1.95.2
• Adobe Flash Player 10.1 Release Candidate
• Adobe Flash Player 9
• Adobe Flash Player 9.0.112.0
• Adobe Flash Player 9.0.114.0
• Adobe Flash Player 9.0.115.0
• Adobe Flash Player 9.0.124.0
• Adobe Flash Player 9.0.125.0
• Adobe Flash Player 9.0.151 .0
• Adobe Flash Player 9.0.152 .0
• Adobe Flash Player 9.0.159.0
• Adobe Flash Player 9.0.16
• Adobe Flash Player 9.0.18D60
• Adobe Flash Player 9.0.20
• Adobe Flash Player 9.0.20.0
• Adobe Flash Player 9.0.246 0
• Adobe Flash Player 9.0.246.0
• Adobe Flash Player 9.0.260.0
• Adobe Flash Player 9.0.262
• Adobe Flash Player 9.0.277.0
• Adobe Flash Player 9.0.280
• Adobe Flash Player 9.0.28.0
• Adobe Flash Player 9.0.28.0
• Adobe Flash Player 9.0.31.0
• Adobe Flash Player 9.0.31.0
• Adobe Flash Player 9.0.45.0
• Adobe Flash Player 9.0.47.0
• Adobe Flash Player 9.0.48.0
• Adobe Flash Player 9.125.0
• Apple Mac OS X 10.5
• Apple Mac OS X 10.5.0
• Apple Mac OS X 10.5.1
• Apple Mac OS X 10.5.2
• Apple Mac OS X 10.5.3
• Apple Mac OS X 10.5.4
• Apple Mac OS X 10.5.5
• Apple Mac OS X 10.5.6
• Apple Mac OS X 10.5.7
• Apple Mac OS X 10.5.8
• Apple Mac OS X 10.6
• Apple Mac OS X 10.6.1
• Apple Mac OS X 10.6.2
• Apple Mac OS X 10.6.3
• Apple Mac OS X 10.6.4
• Apple Mac OS X Server 10.5
• Apple Mac OS X Server 10.5.0
• Apple Mac OS X Server 10.5.1
• Apple Mac OS X Server 10.5.2
• Apple Mac OS X Server 10.5.3
• Apple Mac OS X Server 10.5.4
• Apple Mac OS X Server 10.5.5
• Apple Mac OS X Server 10.5.6
• Apple Mac OS X Server 10.5.7
• Apple Mac OS X Server 10.5.8
• Apple Mac OS X Server 10.6
• Apple Mac OS X Server 10.6.1
• Apple Mac OS X Server 10.6.2
• Apple Mac OS X Server 10.6.3
• Apple Mac OS X Server 10.6.4
• Gentoo Linux
• HP Systems Insight Manager 6.0
• HP Systems Insight Manager 6.0.0.96
• HP Systems Insight Manager 6.1
• HP Systems Insight Manager 6.2
• Red Hat Desktop Extras 4
• Red Hat Enterprise Linux AS Extras 4
• Red Hat Enterprise Linux Desktop Supplementary 5 Client
• Red Hat Enterprise Linux ES Extras 4
• Red Hat Enterprise Linux Extras 4
• Red Hat Enterprise Linux Supplementary 5 Server
• Red Hat Enterprise Linux WS Extras 4
• Sun Solaris 10 Sparc
• Sun Solaris 10 X86
• Sun Solaris 11
• Sun Solaris 11 Express
• SuSE openSUSE 11.1
• SuSE openSUSE 11.2
• SuSE openSUSE 11.3
• SuSE SUSE Linux Enterprise Desktop 11
• SuSE SUSE Linux Enterprise Desktop 11 SP1

References

• BugTraq: 44684
• CVE: CVE-2010-3648