CVE-2010-3654:flash_player, acrobat, acrobat_reader: Adobe Flash Player 10.1.85.3 and earlier on Windows...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-3654

flash_player, acrobat, acrobat_reader: Adobe Flash Player 10.1.85.3 and earlier on Windows...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3654

Original

Adobe Flash Player 10.1.85.3 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.95.2 and earlier on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-10-29

Source Information Category:

Advisory, Alert

Last Updated:

2010-11-01

Affected Product Tags

cpe:/a:adobe:acrobat:9.0

cpe:/a:adobe:acrobat:9.1

cpe:/a:adobe:acrobat:9.1.1

cpe:/a:adobe:acrobat:9.1.2

cpe:/a:adobe:acrobat:9.1.3

cpe:/a:adobe:acrobat:9.2

cpe:/a:adobe:acrobat:9.3

cpe:/a:adobe:acrobat:9.3.1

cpe:/a:adobe:acrobat:9.3.2

cpe:/a:adobe:acrobat:9.3.3

cpe:/a:adobe:acrobat:9.3.4

cpe:/a:adobe:acrobat:9.4

cpe:/a:adobe:acrobat_reader:9.0

cpe:/a:adobe:acrobat_reader:9.1

cpe:/a:adobe:acrobat_reader:9.1.1

cpe:/a:adobe:acrobat_reader:9.1.2

cpe:/a:adobe:acrobat_reader:9.1.3

cpe:/a:adobe:acrobat_reader:9.2

cpe:/a:adobe:acrobat_reader:9.3

cpe:/a:adobe:acrobat_reader:9.3.1

cpe:/a:adobe:acrobat_reader:9.3.2

cpe:/a:adobe:acrobat_reader:9.3.3

cpe:/a:adobe:acrobat_reader:9.3.4

cpe:/a:adobe:acrobat_reader:9.4

cpe:/a:adobe:flash_player:10.0.0.584

cpe:/a:adobe:flash_player:10.0.12.10

cpe:/a:adobe:flash_player:10.0.12.36

cpe:/a:adobe:flash_player:10.0.15.3

cpe:/a:adobe:flash_player:10.0.22.87

cpe:/a:adobe:flash_player:10.0.32.18

cpe:/a:adobe:flash_player:10.0.42.34

cpe:/a:adobe:flash_player:10.0.45.2

cpe:/a:adobe:flash_player:10.1.52.14.1

cpe:/a:adobe:flash_player:10.1.52.15

cpe:/a:adobe:flash_player:10.1.53.64

cpe:/a:adobe:flash_player:10.1.82.76

cpe:/a:adobe:flash_player:10.1.85.3

cpe:/a:adobe:flash_player:10.1.85.3 and previous versions

cpe:/a:adobe:flash_player:10.1.92.10

cpe:/a:adobe:flash_player:10.1.92.8

cpe:/a:adobe:flash_player:10.1.95.2 and previous versions

cpe:/a:adobe:flash_player:6.0.21.0

cpe:/a:adobe:flash_player:6.0.79

cpe:/a:adobe:flash_player:7.0

cpe:/a:adobe:flash_player:7.0.1

cpe:/a:adobe:flash_player:7.0.25

cpe:/a:adobe:flash_player:7.0.63

cpe:/a:adobe:flash_player:7.0.69.0

cpe:/a:adobe:flash_player:7.0.70.0

cpe:/a:adobe:flash_player:7.1

cpe:/a:adobe:flash_player:7.1.1

cpe:/a:adobe:flash_player:7.2

cpe:/a:adobe:flash_player:8.0

cpe:/a:adobe:flash_player:8.0.22.0

cpe:/a:adobe:flash_player:8.0.24.0

cpe:/a:adobe:flash_player:8.0.33.0

cpe:/a:adobe:flash_player:8.0.34.0

cpe:/a:adobe:flash_player:8.0.35.0

cpe:/a:adobe:flash_player:8.0.39.0

cpe:/a:adobe:flash_player:8.0.42.0

cpe:/a:adobe:flash_player:9.0.112.0

cpe:/a:adobe:flash_player:9.0.114.0

cpe:/a:adobe:flash_player:9.0.115.0

cpe:/a:adobe:flash_player:9.0.124.0

cpe:/a:adobe:flash_player:9.0.125.0

cpe:/a:adobe:flash_player:9.0.151.0

cpe:/a:adobe:flash_player:9.0.152.0

cpe:/a:adobe:flash_player:9.0.159.0

cpe:/a:adobe:flash_player:9.0.16

cpe:/a:adobe:flash_player:9.0.18d60

cpe:/a:adobe:flash_player:9.0.20

cpe:/a:adobe:flash_player:9.0.20.0

cpe:/a:adobe:flash_player:9.0.246.0

cpe:/a:adobe:flash_player:9.0.260.0

cpe:/a:adobe:flash_player:9.0.28

cpe:/a:adobe:flash_player:9.0.28.0

cpe:/a:adobe:flash_player:9.0.31

cpe:/a:adobe:flash_player:9.0.31.0

cpe:/a:adobe:flash_player:9.0.45.0

cpe:/a:adobe:flash_player:9.0.47.0

cpe:/a:adobe:flash_player:9.0.48.0

cpe:/a:adobe:flash_player:9.125.0

cpe:/a:macromedia:flash_player:5.0

cpe:/a:macromedia:flash_player:5.0_r50

cpe:/a:macromedia:flash_player:6.0

cpe:/a:macromedia:flash_player:6.0.29.0

cpe:/a:macromedia:flash_player:6.0.40.0

cpe:/a:macromedia:flash_player:6.0.47.0

cpe:/a:macromedia:flash_player:6.0.65.0

cpe:/a:macromedia:flash_player:6.0.79.0

cpe:/o:apple:mac_os_x

cpe:/o:google:android

cpe:/o:linux:linux_kernel

cpe:/o:microsoft:windows

cpe:/o:oracle:solaris

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

VU#298081

BID 44504

CONFIRM http://www.adobe.com/support/security/advisories/apsa10-05.html

MISC http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html

SECUNIA 41917

Vulnerability Type Buffer Errors (CWE-119)