Sign-up

ID

VAR-201011-0231


CVE

CVE-2010-3638


TITLE

Mac OS X Run on Adobe Flash Player Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2010-002322

DESCRIPTION

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Mac OS X, when Safari is used, allows attackers to obtain sensitive information via unknown vectors. Adobe Flash Player is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. NOTE: This issue only affects Apple Safari running on Mac OS X. NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system. For more information: SA41917 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Adobe Flash Player Unspecified Code Execution Vulnerability SECUNIA ADVISORY ID: SA41917 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41917 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/41917/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41917/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41917 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error and can be exploited to execute arbitrary code. The vulnerability is confirmed in version 10.1.85.3 running on a fully patched Windows XP Professional SP3. Other versions may also be affected. NOTE: The vulnerability is currently being actively exploited. SOLUTION: Adobe plans to release a fixed version on November 9, 2010. PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day. ORIGINAL ADVISORY: Adobe APSA10-05: http://www.adobe.com/support/security/advisories/apsa10-05.html Mila Parkour: http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.16

sources: NVD: CVE-2010-3638 // JVNDB: JVNDB-2010-002322 // BID: 44693 // VULHUB: VHN-46243 // PACKETSTORM: 95570 // PACKETSTORM: 95253

AFFECTED PRODUCTS

vendor:adobemodel:flash playerscope:eqversion:10.1.95.1

Trust: 1.9

vendor:adobemodel:flash playerscope:eqversion:10.1.95.2

Trust: 1.9

vendor:adobemodel:flash playerscope:eqversion:10.0.32.18

Trust: 1.9

vendor:adobemodel:flash playerscope:eqversion:10.1.53.64

Trust: 1.9

vendor:adobemodel:flash playerscope:eqversion:10.1.85.3

Trust: 1.9

vendor:adobemodel:flash playerscope:eqversion:10.1.82.76

Trust: 1.9

vendor:adobemodel:flash playerscope:eqversion:10.1.92.8

Trust: 1.6

vendor:adobemodel:flash playerscope:eqversion:10.1.52.14.1

Trust: 1.6

vendor:adobemodel:flash playerscope:eqversion:10.1.52.15

Trust: 1.6

vendor:adobemodel:flash playerscope:eqversion:10.0.45.2

Trust: 1.6

vendor:adobemodel:flash playerscope:eqversion:9.0.246.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.115.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.28.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.260.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.0.12.36

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.124.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.152.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.0.22.87

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.159.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.151.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.0.15.3

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.31.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.47.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.45.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.0.42.34

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.48.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.1.92.10

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.112.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.114.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.18d60

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:10.0.0.584

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.125.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.20

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.28

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.16

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.31

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.262.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.20.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.155.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:10.0.12.10

Trust: 1.0

vendor:adobemodel:flash playerscope:lteversion:9.0.277.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6 to v10.6.4

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 to v10.6.4

Trust: 0.8

vendor:adobemodel:airscope:lteversion:2.0.4

Trust: 0.8

vendor:adobemodel:flashscope:eqversion:cs3 professional

Trust: 0.8

vendor:adobemodel:flashscope:eqversion:cs4 professional

Trust: 0.8

vendor:adobemodel:flashscope:eqversion:professional cs5

Trust: 0.8

vendor:adobemodel:flash playerscope:lteversion:10.1.85.3

Trust: 0.8

vendor:adobemodel:flash playerscope:lteversion:10.1.95.1 for android

Trust: 0.8

vendor:adobemodel:flexscope:eqversion:3

Trust: 0.8

vendor:adobemodel:flexscope:eqversion:4

Trust: 0.8

vendor:adobemodel:airscope:neversion:2.5.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.12.35

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.280

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.51.66

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.0.2

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.2460

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:6.1

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.0.2.12610

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:6.0.0.96

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.0.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.262

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.277.0

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.01

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.3218

Trust: 0.3

vendor:susemodel:linux enterprise desktopscope:eqversion:11

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.1

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.3.9130

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.6

Trust: 0.3

vendor:hpmodel:systems insight managerscope:neversion:6.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.3.9120

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.5

Trust: 0.3

vendor:adobemodel:flash playerscope:neversion:9.0.289.0

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:adobemodel:flash playerscope:neversion:10.1.105.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.7

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.452

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.0.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.0

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp1scope:eqversion:11

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9

Trust: 0.3

vendor:adobemodel:flash playerscope:neversion:10.1.102.64

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.2

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:6.2

Trust: 0.3

vendor:adobemodel:flash player release candidascope:eqversion:10.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:susemodel:opensusescope:eqversion:11.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

sources: BID: 44693 // JVNDB: JVNDB-2010-002322 // CNNVD: CNNVD-201011-088 // NVD: CVE-2010-3638

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-3638
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-3638
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201011-088
value: MEDIUM

Trust: 0.6

VULHUB: VHN-46243
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-3638
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-46243
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-46243 // JVNDB: JVNDB-2010-002322 // CNNVD: CNNVD-201011-088 // NVD: CVE-2010-3638

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2010-002322 // NVD: CVE-2010-3638

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201011-088

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201011-088

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-002322

PATCH
title:APSB10-26url:http://www.adobe.com/support/security/bulletins/apsb10-26.html
Trust: 0.8
title:cpsid_87813url:http://kb2.adobe.com/jp/cps/878/cpsid_87813.html
Trust: 0.8
title:HT4435url:http://support.apple.com/kb/HT4435
Trust: 0.8
title:HT4435url:http://support.apple.com/kb/HT4435?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-002322

EXTERNAL IDS
db:NVDid:CVE-2010-3638
Trust: 2.8
db:BIDid:44693
Trust: 2.2
db:VUPENid:ADV-2010-2903
Trust: 1.9
db:SECUNIAid:41917
Trust: 0.9
db:JVNDBid:JVNDB-2010-002322
Trust: 0.8
db:CNNVDid:CNNVD-201011-088
Trust: 0.7
db:SECUNIAid:42127
Trust: 0.7
db:VULHUBid:VHN-46243
Trust: 0.1
db:PACKETSTORMid:95570
Trust: 0.1
db:PACKETSTORMid:95253
Trust: 0.1
sources:
            
            
            VULHUB: VHN-46243 // 
            
            
            
            BID: 44693 // 
            
            
            
            JVNDB: JVNDB-2010-002322 // 
            
            
            
            PACKETSTORM: 95570 // 
            
            
            
            PACKETSTORM: 95253 // 
            
            
            
            CNNVD: CNNVD-201011-088 // 
            
            
            
            NVD: CVE-2010-3638

REFERENCES
url:http://www.adobe.com/support/security/bulletins/apsb10-26.html
Trust: 2.0
url:http://www.securityfocus.com/bid/44693
Trust: 1.9
url:http://www.vupen.com/english/advisories/2010/2903
Trust: 1.9
url:http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html
Trust: 1.2
url:http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html
Trust: 1.1
url:http://support.apple.com/kb/ht4435
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11979
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16140
Trust: 1.1
url:http://marc.info/?l=bugtraq&m=130331642631603&w=2
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3638
Trust: 0.8
url:http://www.ipa.go.jp/security/ciadr/vul/20101105-adobe.html
Trust: 0.8
url:http://www.jpcert.or.jp/at/2010/at100029.txt
Trust: 0.8
url:http://jvn.jp/cert/jvnvu331391
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3638
Trust: 0.8
url:http://secunia.com/advisories/41917
Trust: 0.8
url:http://www.npa.go.jp/cyberpolice/#topics
Trust: 0.8
url:http://secunia.com/advisories/42127
Trust: 0.6
url:http://www.adobe.com/products/flash/
Trust: 0.3
url:http://secunia.com/products/corporate/evm/
Trust: 0.2
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.2
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.2
url:http://secunia.com/products/corporate/vim/
Trust: 0.2
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.2
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.2
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.2
url:http://marc.info/?l=bugtraq&m=130331642631603&w=2
Trust: 0.1
url:http://secunia.com/advisories/42127/#comments
Trust: 0.1
url:http://secunia.com/advisories/42127/
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=42127
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
Trust: 0.1
url:http://secunia.com/advisories/41917/#comments
Trust: 0.1
url:http://secunia.com/advisories/41917/
Trust: 0.1
url:http://www.adobe.com/support/security/advisories/apsa10-05.html
Trust: 0.1
url:http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
Trust: 0.1
sources:
            
            
            VULHUB: VHN-46243 // 
            
            
            
            BID: 44693 // 
            
            
            
            JVNDB: JVNDB-2010-002322 // 
            
            
            
            PACKETSTORM: 95570 // 
            
            
            
            PACKETSTORM: 95253 // 
            
            
            
            CNNVD: CNNVD-201011-088 // 
            
            
            
            NVD: CVE-2010-3638

CREDITS
Erik Osterholm of Texas A&M University
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201011-088

SOURCES
db:VULHUBid:VHN-46243
db:BIDid:44693
db:JVNDBid:JVNDB-2010-002322
db:PACKETSTORMid:95570
db:PACKETSTORMid:95253
db:CNNVDid:CNNVD-201011-088
db:NVDid:CVE-2010-3638

LAST UPDATE DATE
2024-11-23T20:04:03.138000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-46243date:2017-09-19T00:00:00
db:BIDid:44693date:2013-06-20T09:39:00
db:JVNDBid:JVNDB-2010-002322date:2010-11-19T00:00:00
db:CNNVDid:CNNVD-201011-088date:2010-11-10T00:00:00
db:NVDid:CVE-2010-3638date:2024-11-21T01:19:16.793

SOURCES RELEASE DATE
db:VULHUBid:VHN-46243date:2010-11-07T00:00:00
db:BIDid:44693date:2010-11-04T00:00:00
db:JVNDBid:JVNDB-2010-002322date:2010-11-19T00:00:00
db:PACKETSTORMid:95570date:2010-11-08T10:43:58
db:PACKETSTORMid:95253date:2010-10-29T05:44:30
db:CNNVDid:CNNVD-201011-088date:2010-11-10T00:00:00
db:NVDid:CVE-2010-3638date:2010-11-07T22:00:01.957