Intrusion Prevention

Adobe.Flash.Player.SetTarget.Instruction.Memory.Corruption

Description

This indicates an attack attempt to exploit a memory-corruption vulnerability in Adobe Flash Player.
The vulnerability is caused by an error when the vulnerable software handles a Flash file with malformed DoAction tag. It allows a remote attacker to crash the application via sending a crafted Flash file.

Affected Products

Adobe Flash Player 10.1.53 .64
Adobe Flash Player 10.1.51 .66
Adobe Flash Player 10.0.45 2
Adobe Flash Player 10.0.45 2
Adobe Flash Player 10.0.45 2
Adobe Flash Player 10.0.32 18
Adobe Flash Player 10.0.22 .87
Adobe Flash Player 10.0.15 .3
Adobe Flash Player 10.0.12 .36
Adobe Flash Player 10.0.12 .35
Adobe Flash Player 9.0.262
Adobe Flash Player 9.0.246 0
Adobe Flash Player 9.0.152 .0
Adobe Flash Player 9.0.151 .0
Adobe Flash Player 9.0.124 .0
Adobe Flash Player 9.0.48.0
Adobe Flash Player 9.0.47.0
Adobe Flash Player 9.0.45.0
Adobe Flash Player 9.0.31.0
Adobe Flash Player 9.0.280
Adobe Flash Player 9.0.28.0
Adobe Flash Player 9.0.277.0
Adobe Flash Player 9.0.260.0
Adobe Flash Player 9.0.246.0
Adobe Flash Player 9.0.159.0
Adobe Flash Player 9.0.115.0
Adobe Flash Player 9
Adobe Flash Player 10.1.95.2
Adobe Flash Player 10.1.95.1
Adobe Flash Player 10.1.92.10
Adobe Flash Player 10.1.92.10
Adobe Flash Player 10.1.85.3
Adobe Flash Player 10.1.82.76
Adobe Flash Player 10.1 Release Candida
Adobe Flash Player 10.0.42.34
Adobe Flash Player 10.0.32.18
Adobe Flash Player 10
Adobe AIR 2.0.4
Adobe AIR 2.0.3
Adobe AIR 1.5.3 .9130
Adobe AIR 1.5.3 .9120
Adobe AIR 1.5.3
Adobe AIR 1.5.2
Adobe AIR 1.5.1
Adobe AIR 2.0.3
Adobe AIR 2.0.2.12610
Adobe AIR 2.0.2
Adobe AIR 1.5
Adobe AIR 1.1
Adobe AIR 1.01
Adobe AIR 1.0

Impact

System Compromise: Remote attacker can gain control of vulnerable systems.

Recommended Actions

Refer to the vendor's web site for the suggested workaround:
http://www.adobe.com/support/security/bulletins/apsb10-26.html

CVE References

CVE-2010-3648