CVE-2010-3636:flash_player: Adobe Flash Player before 9.0.289.0 and 10.x before...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-3636

flash_player: Adobe Flash Player before 9.0.289.0 and 10.x before...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3636

Original

Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-11-07

Source Information Category:

Advisory, Alert

Last Updated:

2010-11-09

Affected Product Tags

cpe:/a:adobe:flash_player:10.1.92.10 and previous versions

cpe:/a:adobe:flash_player:10.1.95.1

cpe:/a:adobe:flash_player:9.0.28.0 and previous versions

cpe:/o:android:android

cpe:/o:apple:mac_os_x

cpe:/o:linux:linux

cpe:/o:microsoft:windows

cpe:/o:sun:solaris

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

CONFIRM http://www.adobe.com/support/security/bulletins/apsb10-26.html

Vulnerability Type Permissions, Privileges, and Access Control (CWE-264)