1. Summary

This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat.

2. Affected Software Versions

- Adobe Flash Player 10.0.45.2 and earlier version

- Adobe Flash Player 9.0.262 and earlier version

- Adobe Reader 9.3.2 and earlier version

- Adobe Acrobat 9.3.2 and earlier version

3. Non-Affected Software Versions

- Adobe Acrobat 8.x

- Adobe Reader 8.x

4. Temporary solution

[Adobe Flash Player]
- Untill official update release, Adobe recommends to upgrade Flash Player 10.1 RC(Release Candidate).

* Download link: http://labs.adobe.com/downloads/flashplayer10.html#flashplayer10

[Adobe Reader & Acrobat]
- Adobe Reader and Acrobat users need to delete or change the name of vulnerable file(authplay.dll).

- Windows user can find 'authplay.dll' file from below path.

* C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll
* C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll