A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions could cause a crash and potentially allow an attacker to take control of the affected system.
A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat.
Adobe has released a product update to Adobe Flash Player to resolve the relevant security issue. For more information, please refer to Security Bulletin APSB10-14.
Adobe has released product updates to Adobe Reader and Acrobat to resolve the relevant security issue. For more information, please refer to Security Bulletin APSB10-15.
Please note that the Acrobat and Reader update represents an accelerated release of the next quarterly security update originally scheduled for July 13, 2010. With this accelerated scheduled we do not plan to release any new updates for Adobe Reader and Acrobat on July 13, 2010.
Affected software versions
Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris
Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX
Note: Adobe Reader and Acrobat 8.x are confirmed not vulnerable.
http://www.adobe.com/support/security/advisories/apsa10-01.html
http://www.adobe.com/support/security/bulletins/apsb10-15.html