Sign-up

ID

VAR-201011-0244


CVE

CVE-2010-3652


TITLE

Adobe Flash Player Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2010-002336

DESCRIPTION

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3650. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions. NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-10.1.102.64" References ========== [ 1 ] APSB10-06 http://www.adobe.com/support/security/bulletins/apsb10-06.html [ 2 ] APSB10-14 http://www.adobe.com/support/security/bulletins/apsb10-14.html [ 3 ] APSB10-16 http://www.adobe.com/support/security/bulletins/apsb10-16.html [ 4 ] APSB10-22 http://www.adobe.com/support/security/bulletins/apsb10-22.html [ 5 ] APSB10-26 http://www.adobe.com/support/security/bulletins/apsb10-26.html [ 6 ] CVE-2008-4546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546 [ 7 ] CVE-2009-3793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793 [ 8 ] CVE-2010-0186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186 [ 9 ] CVE-2010-0187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187 [ 10 ] CVE-2010-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209 [ 11 ] CVE-2010-1297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297 [ 12 ] CVE-2010-2160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160 [ 13 ] CVE-2010-2161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161 [ 14 ] CVE-2010-2162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162 [ 15 ] CVE-2010-2163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163 [ 16 ] CVE-2010-2164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164 [ 17 ] CVE-2010-2165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165 [ 18 ] CVE-2010-2166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166 [ 19 ] CVE-2010-2167 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167 [ 20 ] CVE-2010-2169 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169 [ 21 ] CVE-2010-2170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170 [ 22 ] CVE-2010-2171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171 [ 23 ] CVE-2010-2172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172 [ 24 ] CVE-2010-2173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173 [ 25 ] CVE-2010-2174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174 [ 26 ] CVE-2010-2175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175 [ 27 ] CVE-2010-2176 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176 [ 28 ] CVE-2010-2177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177 [ 29 ] CVE-2010-2178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178 [ 30 ] CVE-2010-2179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179 [ 31 ] CVE-2010-2180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180 [ 32 ] CVE-2010-2181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181 [ 33 ] CVE-2010-2182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182 [ 34 ] CVE-2010-2183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183 [ 35 ] CVE-2010-2184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184 [ 36 ] CVE-2010-2185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185 [ 37 ] CVE-2010-2186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186 [ 38 ] CVE-2010-2187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187 [ 39 ] CVE-2010-2188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188 [ 40 ] CVE-2010-2189 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189 [ 41 ] CVE-2010-2213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213 [ 42 ] CVE-2010-2214 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214 [ 43 ] CVE-2010-2215 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215 [ 44 ] CVE-2010-2216 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216 [ 45 ] CVE-2010-2884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884 [ 46 ] CVE-2010-3636 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636 [ 47 ] CVE-2010-3639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639 [ 48 ] CVE-2010-3640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640 [ 49 ] CVE-2010-3641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641 [ 50 ] CVE-2010-3642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642 [ 51 ] CVE-2010-3643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643 [ 52 ] CVE-2010-3644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644 [ 53 ] CVE-2010-3645 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645 [ 54 ] CVE-2010-3646 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646 [ 55 ] CVE-2010-3647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647 [ 56 ] CVE-2010-3648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648 [ 57 ] CVE-2010-3649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649 [ 58 ] CVE-2010-3650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650 [ 59 ] CVE-2010-3652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652 [ 60 ] CVE-2010-3654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654 [ 61 ] CVE-2010-3976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201101-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . For more information: SA38547 SA40026 SA40907 SA41434 SA41917 SOLUTION: Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Adobe Flash Player Unspecified Code Execution Vulnerability SECUNIA ADVISORY ID: SA41917 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41917 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/41917/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41917/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41917 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is confirmed in version 10.1.85.3 running on a fully patched Windows XP Professional SP3. Other versions may also be affected. NOTE: The vulnerability is currently being actively exploited. SOLUTION: Adobe plans to release a fixed version on November 9, 2010. PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day. ORIGINAL ADVISORY: Adobe APSA10-05: http://www.adobe.com/support/security/advisories/apsa10-05.html Mila Parkour: http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system. For more information: SA41917 SOLUTION: Updated packages are available via Red Hat Network

Trust: 2.43

sources: NVD: CVE-2010-3652 // JVNDB: JVNDB-2010-002336 // BID: 44687 // VULHUB: VHN-46257 // PACKETSTORM: 97654 // PACKETSTORM: 97735 // PACKETSTORM: 97788 // PACKETSTORM: 95253 // PACKETSTORM: 95657

AFFECTED PRODUCTS

vendor:adobemodel:flash playerscope:gteversion:9.0

Trust: 1.0

vendor:adobemodel:flash playerscope:lteversion:10.1.95.1

Trust: 1.0

vendor:adobemodel:flash playerscope:gteversion:10.0

Trust: 1.0

vendor:adobemodel:flash playerscope:ltversion:9.0.289.0

Trust: 1.0

vendor:adobemodel:flash playerscope:ltversion:10.1.102.64

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:10.1.95.1

Trust: 0.9

vendor:adobemodel:flash playerscope:eqversion:10.1.95.2

Trust: 0.9

vendor:adobemodel:flash playerscope:eqversion:10.1.53.64

Trust: 0.9

vendor:adobemodel:flash playerscope:eqversion:10.1.85.3

Trust: 0.9

vendor:adobemodel:flash playerscope:eqversion:10.1.82.76

Trust: 0.9

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6 to v10.6.4

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 to v10.6.4

Trust: 0.8

vendor:adobemodel:airscope:lteversion:2.0.4

Trust: 0.8

vendor:adobemodel:flashscope:eqversion:cs3 professional

Trust: 0.8

vendor:adobemodel:flashscope:eqversion:cs4 professional

Trust: 0.8

vendor:adobemodel:flashscope:eqversion:professional cs5

Trust: 0.8

vendor:adobemodel:flash playerscope:lteversion:10.1.85.3

Trust: 0.8

vendor:adobemodel:flash playerscope:lteversion:10.1.95.1 for android

Trust: 0.8

vendor:adobemodel:flexscope:eqversion:3

Trust: 0.8

vendor:adobemodel:flexscope:eqversion:4

Trust: 0.8

vendor:oraclemodel:solarisscope:eqversion:10

Trust: 0.8

vendor:oraclemodel:solarisscope:eqversion:11 express

Trust: 0.8

vendor:red hatmodel:enterprise linux extrasscope:eqversion:4 extras

Trust: 0.8

vendor:red hatmodel:enterprise linux extrasscope:eqversion:4.8.z extras

Trust: 0.8

vendor:red hatmodel:enterprise linux server supplementaryscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux workstation supplementaryscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:rhel desktop supplementaryscope:eqversion:5 (client)

Trust: 0.8

vendor:red hatmodel:rhel desktop supplementaryscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:rhel supplementaryscope:eqversion:5 (server)

Trust: 0.8

vendor:adobemodel:flash playerscope:eqversion:10.1.92.8

Trust: 0.6

vendor:adobemodel:flash playerscope:eqversion:10.1.52.14.1

Trust: 0.6

vendor:adobemodel:flash playerscope:eqversion:10.1.52.15

Trust: 0.6

vendor:adobemodel:flash playerscope:eqversion:10.0.45.2

Trust: 0.6

vendor:adobemodel:flash playerscope:eqversion:9.0.246.0

Trust: 0.3

vendor:adobemodel:airscope:neversion:2.5.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.12.35

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.6.5

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.115.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.280

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.2

Trust: 0.3

vendor:redhatmodel:enterprise linux supplementary serverscope:eqversion:5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:redhatmodel:desktop extrasscope:eqversion:4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.51.66

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.3

Trust: 0.3

vendor:redhatmodel:enterprise linux as extrasscope:eqversion:4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.0.2

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.2460

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:6.1

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.0.2.12610

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:6.0.0.96

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.0.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:sunmodel:solaris expressscope:eqversion:11

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.262

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp1scope:eqversion:11

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.28.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.260.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.32.18

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.277.0

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.12.36

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.01

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.3218

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.1

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.3.9130

Trust: 0.3

vendor:redhatmodel:enterprise linux extrasscope:eqversion:4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.3

vendor:hpmodel:systems insight managerscope:neversion:6.3

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.3.9120

Trust: 0.3

vendor:sunmodel:solaris 10 sparcscope: - version: -

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.5

Trust: 0.3

vendor:adobemodel:flash playerscope:neversion:9.0.289.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop supplementary clientscope:eqversion:5

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.124.0

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.152.0

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:adobemodel:flash playerscope:neversion:10.1.105.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.22.87

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.7

Trust: 0.3

vendor:susemodel:linux enterprise desktopscope:eqversion:11

Trust: 0.3

vendor:redhatmodel:enterprise linux ws extrasscope:eqversion:4

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:11

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.452

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.0.3

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.159.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.151.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.0

Trust: 0.3

vendor:redhatmodel:enterprise linux es extrasscope:eqversion:4

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.15.3

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9

Trust: 0.3

vendor:adobemodel:flash playerscope:neversion:10.1.102.64

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.31.0

Trust: 0.3

vendor:sunmodel:solaris 10 x86scope: - version: -

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.47.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.45.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.42.34

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.2

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:6.2

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.48.0

Trust: 0.3

vendor:adobemodel:flash player release candidascope:eqversion:10.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.92.10

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

sources: BID: 44687 // JVNDB: JVNDB-2010-002336 // CNNVD: CNNVD-201011-075 // NVD: CVE-2010-3652

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-3652
value: HIGH

Trust: 1.0

NVD: CVE-2010-3652
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201011-075
value: CRITICAL

Trust: 0.6

VULHUB: VHN-46257
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-3652
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-46257
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-46257 // JVNDB: JVNDB-2010-002336 // CNNVD: CNNVD-201011-075 // NVD: CVE-2010-3652

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2010-3652

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 97735 // CNNVD: CNNVD-201011-075

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201011-075

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-002336

PATCH
title:APSB10-26url:http://www.adobe.com/support/security/bulletins/apsb10-26.html
Trust: 0.8
title:cpsid_87813url:http://kb2.adobe.com/jp/cps/878/cpsid_87813.html
Trust: 0.8
title:HT4435url:http://support.apple.com/kb/HT4435
Trust: 0.8
title:HT4435url:http://support.apple.com/kb/HT4435?viewlocale=ja_JP
Trust: 0.8
title:RHSA-2010:0829url:https://rhn.redhat.com/errata/RHSA-2010-0829.html
Trust: 0.8
title:RHSA-2010:0834url:https://rhn.redhat.com/errata/RHSA-2010-0834.html
Trust: 0.8
title:RHSA-2010:0867url:https://rhn.redhat.com/errata/RHSA-2010-0867.html
Trust: 0.8
title:multiple_vulnerabilities_in_adobe_flash1url:http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1
Trust: 0.8
title:flash-player-10.1.10 2.64-0.1.1.i586url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=35063
Trust: 0.6
title:MacOSXUpdCombo10.6.5url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=35062
Trust: 0.6
title:install_flash_player_10.1.102.64url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=35061
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2010-002336 // 
            
            
            
            CNNVD: CNNVD-201011-075

EXTERNAL IDS
db:NVDid:CVE-2010-3652
Trust: 2.9
db:BIDid:44687
Trust: 2.8
db:VUPENid:ADV-2010-2903
Trust: 2.5
db:SECUNIAid:42926
Trust: 1.8
db:SECUNIAid:42183
Trust: 1.8
db:SECUNIAid:43026
Trust: 1.8
db:VUPENid:ADV-2011-0173
Trust: 1.7
db:VUPENid:ADV-2010-2918
Trust: 1.7
db:VUPENid:ADV-2010-2906
Trust: 1.7
db:VUPENid:ADV-2011-0192
Trust: 1.7
db:SECUNIAid:41917
Trust: 0.9
db:JVNDBid:JVNDB-2010-002336
Trust: 0.8
db:CNNVDid:CNNVD-201011-075
Trust: 0.7
db:VULHUBid:VHN-46257
Trust: 0.1
db:PACKETSTORMid:97654
Trust: 0.1
db:PACKETSTORMid:97735
Trust: 0.1
db:PACKETSTORMid:97788
Trust: 0.1
db:PACKETSTORMid:95253
Trust: 0.1
db:PACKETSTORMid:95657
Trust: 0.1
sources:
            
            
            VULHUB: VHN-46257 // 
            
            
            
            BID: 44687 // 
            
            
            
            JVNDB: JVNDB-2010-002336 // 
            
            
            
            PACKETSTORM: 97654 // 
            
            
            
            PACKETSTORM: 97735 // 
            
            
            
            PACKETSTORM: 97788 // 
            
            
            
            PACKETSTORM: 95253 // 
            
            
            
            PACKETSTORM: 95657 // 
            
            
            
            CNNVD: CNNVD-201011-075 // 
            
            
            
            NVD: CVE-2010-3652

REFERENCES
url:http://www.securityfocus.com/bid/44687
Trust: 2.5
url:http://www.vupen.com/english/advisories/2010/2903
Trust: 2.5
url:http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1
Trust: 2.1
url:http://www.adobe.com/support/security/bulletins/apsb10-26.html
Trust: 2.1
url:http://security.gentoo.org/glsa/glsa-201101-09.xml
Trust: 1.8
url:http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html
Trust: 1.7
url:http://support.apple.com/kb/ht4435
Trust: 1.7
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11965
Trust: 1.7
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15284
Trust: 1.7
url:http://www.redhat.com/support/errata/rhsa-2010-0829.html
Trust: 1.7
url:http://www.redhat.com/support/errata/rhsa-2010-0834.html
Trust: 1.7
url:http://www.redhat.com/support/errata/rhsa-2010-0867.html
Trust: 1.7
url:http://secunia.com/advisories/42183
Trust: 1.7
url:http://secunia.com/advisories/42926
Trust: 1.7
url:http://secunia.com/advisories/43026
Trust: 1.7
url:http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html
Trust: 1.7
url:http://www.vupen.com/english/advisories/2010/2906
Trust: 1.7
url:http://www.vupen.com/english/advisories/2010/2918
Trust: 1.7
url:http://www.vupen.com/english/advisories/2011/0173
Trust: 1.7
url:http://www.vupen.com/english/advisories/2011/0192
Trust: 1.7
url:http://marc.info/?l=bugtraq&m=130331642631603&w=2
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3652
Trust: 0.9
url:http://www.ipa.go.jp/security/ciadr/vul/20101105-adobe.html
Trust: 0.8
url:http://www.jpcert.or.jp/at/2010/at100029.txt
Trust: 0.8
url:http://jvn.jp/cert/jvnvu331391
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3652
Trust: 0.8
url:http://secunia.com/advisories/41917
Trust: 0.8
url:http://www.npa.go.jp/cyberpolice/#topics
Trust: 0.8
url:http://secunia.com/products/corporate/evm/
Trust: 0.4
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.4
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.4
url:http://secunia.com/products/corporate/vim/
Trust: 0.4
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.4
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.4
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.4
url:http://www.adobe.com/products/flash/
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=130331642631603&w=2
Trust: 0.1
url:http://secunia.com/advisories/42926/#comments
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=42926
Trust: 0.1
url:http://secunia.com/advisories/42926/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2182
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3639
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2181
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2161
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0187
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2174
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3644
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2166
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2215
Trust: 0.1
url:http://www.adobe.com/support/security/bulletins/apsb10-14.html
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2176
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2171
Trust: 0.1
url:http://creativecommons.org/licenses/by-sa/2.5
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2162
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2160
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2181
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2008-4546
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4546
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-1297
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2163
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2180
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2171
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2180
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2176
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2164
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2179
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2169
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3648
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2164
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0187
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2163
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0209
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2173
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3654
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1297
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-3793
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2177
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3645
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2179
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2165
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2172
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3976
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2216
Trust: 0.1
url:http://www.adobe.com/support/security/bulletins/apsb10-16.html
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3647
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2173
Trust: 0.1
url:http://www.adobe.com/support/security/bulletins/apsb10-06.html
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2172
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3793
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2160
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2213
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2186
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2184
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0186
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2167
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3646
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2169
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2175
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2214
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2178
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2165
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2188
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2189
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3643
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2161
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0186
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3636
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0209
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2166
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3641
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2185
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2174
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3650
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2183
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2178
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2170
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2177
Trust: 0.1
url:http://security.gentoo.org/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2162
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3640
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2170
Trust: 0.1
url:http://www.adobe.com/support/security/bulletins/apsb10-22.html
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2175
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2187
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3649
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2167
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2182
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2884
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3642
Trust: 0.1
url:https://bugs.gentoo.org.
Trust: 0.1
url:http://secunia.com/advisories/43026/
Trust: 0.1
url:http://secunia.com/advisories/43026/#comments
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=43026
Trust: 0.1
url:http://www.gentoo.org/security/en/glsa/glsa-201101-09.xml
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
Trust: 0.1
url:http://secunia.com/advisories/41917/#comments
Trust: 0.1
url:http://secunia.com/advisories/41917/
Trust: 0.1
url:http://www.adobe.com/support/security/advisories/apsa10-05.html
Trust: 0.1
url:http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=42183
Trust: 0.1
url:http://secunia.com/advisories/42183/#comments
Trust: 0.1
url:https://rhn.redhat.com/errata/rhsa-2010-0829.html
Trust: 0.1
url:http://secunia.com/advisories/42183/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-46257 // 
            
            
            
            BID: 44687 // 
            
            
            
            JVNDB: JVNDB-2010-002336 // 
            
            
            
            PACKETSTORM: 97654 // 
            
            
            
            PACKETSTORM: 97735 // 
            
            
            
            PACKETSTORM: 97788 // 
            
            
            
            PACKETSTORM: 95253 // 
            
            
            
            PACKETSTORM: 95657 // 
            
            
            
            CNNVD: CNNVD-201011-075 // 
            
            
            
            NVD: CVE-2010-3652

CREDITS
Will Dormman of CERT
Trust: 0.9
sources:
            
            
            BID: 44687 // 
            
            
            
            CNNVD: CNNVD-201011-075

SOURCES
db:VULHUBid:VHN-46257
db:BIDid:44687
db:JVNDBid:JVNDB-2010-002336
db:PACKETSTORMid:97654
db:PACKETSTORMid:97735
db:PACKETSTORMid:97788
db:PACKETSTORMid:95253
db:PACKETSTORMid:95657
db:CNNVDid:CNNVD-201011-075
db:NVDid:CVE-2010-3652

LAST UPDATE DATE
2024-08-14T12:28:43.039000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-46257date:2019-10-09T00:00:00
db:BIDid:44687date:2015-03-19T08:33:00
db:JVNDBid:JVNDB-2010-002336date:2011-02-02T00:00:00
db:CNNVDid:CNNVD-201011-075date:2019-10-17T00:00:00
db:NVDid:CVE-2010-3652date:2024-05-17T16:54:47.760

SOURCES RELEASE DATE
db:VULHUBid:VHN-46257date:2010-11-07T00:00:00
db:BIDid:44687date:2010-11-04T00:00:00
db:JVNDBid:JVNDB-2010-002336date:2010-11-24T00:00:00
db:PACKETSTORMid:97654date:2011-01-19T04:51:35
db:PACKETSTORMid:97735date:2011-01-21T21:15:05
db:PACKETSTORMid:97788date:2011-01-24T07:05:29
db:PACKETSTORMid:95253date:2010-10-29T05:44:30
db:PACKETSTORMid:95657date:2010-11-09T02:06:41
db:CNNVDid:CNNVD-201011-075date:2010-11-10T00:00:00
db:NVDid:CVE-2010-3652date:2010-11-07T22:00:02.503