Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.
AnalysisAI
Adobe Flash Player 10.2 and earlier across all platforms contain an unspecified vulnerability allowing remote code execution, exploited in the wild via Flash content embedded in Microsoft Office documents and web pages.
Technical ContextAI
The vulnerability in Flash Player's SWF processing engine allows attackers to achieve arbitrary code execution. The Authplay.dll/AuthPlayLib.bundle component extends the attack surface to PDF documents, since Adobe Reader renders embedded Flash content.
RemediationAI
Flash Player has reached end of life. Remove all Flash Player installations. Ensure browsers block Flash content. Use PDF readers that don't support Flash embedding.
More from same product – last 7 days
Unauthenticated arbitrary file upload in Amasty Order Attributes for Magento 2 before 4.0.0 lets remote attackers drop a
Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) occurs through an out
Universal cross-site scripting (UXSS) in Adobe Acrobat PDF Extension for Chrome (versions 26.5.2.2 and earlier) allows r
Share
External POC / Exploit Code
Leaving vuln.today