All the vulnerabilites related to adobe - flex
Vulnerability from fkie_nvd
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*", "matchCriteriaId": "14F82070-F701-4F73-9E69-D694B0618B13", "versionEndIncluding": "1.5.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "697E64F5-0150-4542-B3C3-7443A00E8DB4", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.01:*:*:*:*:*:*:*", "matchCriteriaId": "A4D16ACA-65FF-4FBD-818D-DF1606539687", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4C2F45DC-32D8-4152-B090-C764B1998C0A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "15DDE65E-ED35-42B6-A139-BB6F571B5967", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "C344DE1F-E67B-4B5D-9C2F-9E118C6220B1", "versionEndIncluding": "10.0.22.87", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "DDFF4A51-C936-4C5B-8276-FD454C9E4F40", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5ECC9D7-3386-4FEA-9218-91E31FF90F3A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "F0E93289-6EE0-401A-958D-F59D2CDAE2F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "matchCriteriaId": "0FA3E556-BF8F-4D30-8DE5-09DA3FD8D5C3", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:linux:*:*:*:*:*", "matchCriteriaId": "C00E5438-DBD7-4A47-8E5F-0D3946EA3102", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "matchCriteriaId": "A82D5B56-44E0-4120-B73E-0A1155AF4B05", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "matchCriteriaId": "8E895107-ED8A-4F88-87C3-935EAE299C01", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4007D621-A0BC-4927-82A7-10D73802BCF8", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "641776AE-5408-439E-8290-DD9324771874", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "138A932A-D775-46A2-86EC-3C03C96884C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "D12E3957-D7B2-4F3B-BB64-8B50B8958DEF", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*", "matchCriteriaId": "F648661E-BA18-41F9-A0A7-F9D5D7E2056B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*", "matchCriteriaId": "A88BDD68-3EDD-49F4-B656-EB03BF849664", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "matchCriteriaId": "32912721-F750-4C20-B999-E728F7D3A85D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "matchCriteriaId": "A95FA639-346C-491C-81A8-6C2A7B01AA19", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9F1E5AB-DEFA-42FC-A299-C8EEB778F9C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC7DD938-F963-4E03-B66B-F00436E4EA9D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "934A869D-D58D-4C36-B86E-013F62790585", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "ACFA6611-99DA-48B0-89F7-DD99B8E30334", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "matchCriteriaId": "59AF804B-BD7A-4AD7-AD44-B5D980443B8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "matchCriteriaId": "0557AA2A-FA3A-460A-8F03-DC74B149CA3D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FC04ABF-6191-4AA5-90B2-E7A97E6C6005", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "matchCriteriaId": "F22F1B02-CCF5-4770-A79B-1F58CA4321CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "matchCriteriaId": "93957171-F1F4-43ED-A8B9-2D36C81EB1F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "matchCriteriaId": "7AE89894-E492-4380-8A2B-4CDD3A15667A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C6ED706-BAF2-4795-B597-6F7EE8CA8911", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "matchCriteriaId": "260E2CF6-4D15-4168-A933-3EC52D8F93FF", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "matchCriteriaId": "D50BF190-2629-49A8-A377-4723C93FFB3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "matchCriteriaId": "08E4028B-72E7-4E4A-AD0F-645F5AACAA29", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "matchCriteriaId": "63313ADA-3C52-47C8-9745-6BF6AEF0F6AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*", "matchCriteriaId": "BA646396-7C10-45A0-89A9-C75C5D8AFB3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flex:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D250C7-E7DE-491C-9FE3-F9F77C971B24", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR anteriores a v1.5.2, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (finalizaci\u00f3n de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no especificados." } ], "id": "CVE-2009-1866", "lastModified": "2024-11-21T01:03:34.373", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2009-07-31T19:30:00.297", "references": [ { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "source": "cve@mitre.org", "url": "http://osvdb.org/56774" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/36193" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/36374" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/36701" }, { "source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT3864" }, { "source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT3865" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "source": "cve@mitre.org", "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/35890" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/35901" }, { "source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1022629" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52186" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16198" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7271" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/56774" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36193" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36374" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36701" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3864" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3865" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/35890" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/35901" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1022629" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52186" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16198" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7271" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*", "matchCriteriaId": "14F82070-F701-4F73-9E69-D694B0618B13", "versionEndIncluding": "1.5.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "697E64F5-0150-4542-B3C3-7443A00E8DB4", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.01:*:*:*:*:*:*:*", "matchCriteriaId": "A4D16ACA-65FF-4FBD-818D-DF1606539687", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4C2F45DC-32D8-4152-B090-C764B1998C0A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "15DDE65E-ED35-42B6-A139-BB6F571B5967", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "C344DE1F-E67B-4B5D-9C2F-9E118C6220B1", "versionEndIncluding": "10.0.22.87", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "DDFF4A51-C936-4C5B-8276-FD454C9E4F40", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5ECC9D7-3386-4FEA-9218-91E31FF90F3A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "F0E93289-6EE0-401A-958D-F59D2CDAE2F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "matchCriteriaId": "0FA3E556-BF8F-4D30-8DE5-09DA3FD8D5C3", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:linux:*:*:*:*:*", "matchCriteriaId": "C00E5438-DBD7-4A47-8E5F-0D3946EA3102", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "matchCriteriaId": "A82D5B56-44E0-4120-B73E-0A1155AF4B05", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "matchCriteriaId": "8E895107-ED8A-4F88-87C3-935EAE299C01", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4007D621-A0BC-4927-82A7-10D73802BCF8", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "641776AE-5408-439E-8290-DD9324771874", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "138A932A-D775-46A2-86EC-3C03C96884C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "D12E3957-D7B2-4F3B-BB64-8B50B8958DEF", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*", "matchCriteriaId": "F648661E-BA18-41F9-A0A7-F9D5D7E2056B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*", "matchCriteriaId": "A88BDD68-3EDD-49F4-B656-EB03BF849664", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "matchCriteriaId": "32912721-F750-4C20-B999-E728F7D3A85D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "matchCriteriaId": "A95FA639-346C-491C-81A8-6C2A7B01AA19", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9F1E5AB-DEFA-42FC-A299-C8EEB778F9C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC7DD938-F963-4E03-B66B-F00436E4EA9D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "934A869D-D58D-4C36-B86E-013F62790585", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "ACFA6611-99DA-48B0-89F7-DD99B8E30334", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "matchCriteriaId": "59AF804B-BD7A-4AD7-AD44-B5D980443B8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "matchCriteriaId": "0557AA2A-FA3A-460A-8F03-DC74B149CA3D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FC04ABF-6191-4AA5-90B2-E7A97E6C6005", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "matchCriteriaId": "F22F1B02-CCF5-4770-A79B-1F58CA4321CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "matchCriteriaId": "93957171-F1F4-43ED-A8B9-2D36C81EB1F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "matchCriteriaId": "7AE89894-E492-4380-8A2B-4CDD3A15667A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C6ED706-BAF2-4795-B597-6F7EE8CA8911", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "matchCriteriaId": "260E2CF6-4D15-4168-A933-3EC52D8F93FF", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "matchCriteriaId": "D50BF190-2629-49A8-A377-4723C93FFB3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "matchCriteriaId": "08E4028B-72E7-4E4A-AD0F-645F5AACAA29", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "matchCriteriaId": "63313ADA-3C52-47C8-9745-6BF6AEF0F6AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*", "matchCriteriaId": "BA646396-7C10-45A0-89A9-C75C5D8AFB3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flex:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D250C7-E7DE-491C-9FE3-F9F77C971B24", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a \"null pointer vulnerability.\"" }, { "lang": "es", "value": "Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR anteriores a v1.5.2, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (finalizar la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no especificados, relacionados con una vulnerabilidad de puntero nulo." } ], "id": "CVE-2009-1865", "lastModified": "2024-11-21T01:03:34.197", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2009-07-31T19:30:00.267", "references": [ { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/36193" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/36374" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/36701" }, { "source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT3864" }, { "source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT3865" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "source": "cve@mitre.org", "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/35890" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/35906" }, { "source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1022629" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52182" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16338" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7011" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36193" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36374" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36701" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3864" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3865" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/35890" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/35906" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1022629" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52182" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16338" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7011" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:air:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "697E64F5-0150-4542-B3C3-7443A00E8DB4", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash:basic:8:*:*:*:*:*:*", "matchCriteriaId": "AE84A707-495C-4690-9E37-60D8DED51342", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash:professional:8:*:*:*:*:*:*", "matchCriteriaId": "81CE77EB-2050-4EC5-957F-90F4F96230A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash:professional:cs3:*:*:*:*:*:*", "matchCriteriaId": "5845F66C-214D-48AE-BE8B-28A19F2D757C", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E284324-E67D-4C9A-9144-D08908BBD299", "versionEndIncluding": "9.0.115.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "DDFF4A51-C936-4C5B-8276-FD454C9E4F40", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5ECC9D7-3386-4FEA-9218-91E31FF90F3A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "F0E93289-6EE0-401A-958D-F59D2CDAE2F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "matchCriteriaId": "0FA3E556-BF8F-4D30-8DE5-09DA3FD8D5C3", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "matchCriteriaId": "A82D5B56-44E0-4120-B73E-0A1155AF4B05", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "matchCriteriaId": "8E895107-ED8A-4F88-87C3-935EAE299C01", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0_r67:*:*:*:*:*:*:*", "matchCriteriaId": "7AB20235-B2F2-426E-B797-BFA361CEC488", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4007D621-A0BC-4927-82A7-10D73802BCF8", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "641776AE-5408-439E-8290-DD9324771874", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "138A932A-D775-46A2-86EC-3C03C96884C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8:*:pro:*:*:*:*:*", "matchCriteriaId": "9D344A18-4D7B-4B9C-8A8D-AE765FCA32C2", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8:*:professional:*:*:*:*:*", "matchCriteriaId": "1DAAAEA6-ED8F-496B-81B5-E8D3E3176287", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "D12E3957-D7B2-4F3B-BB64-8B50B8958DEF", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*", "matchCriteriaId": "F648661E-BA18-41F9-A0A7-F9D5D7E2056B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*", "matchCriteriaId": "A88BDD68-3EDD-49F4-B656-EB03BF849664", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "matchCriteriaId": "32912721-F750-4C20-B999-E728F7D3A85D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "matchCriteriaId": "A95FA639-346C-491C-81A8-6C2A7B01AA19", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9F1E5AB-DEFA-42FC-A299-C8EEB778F9C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC7DD938-F963-4E03-B66B-F00436E4EA9D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "B2A0777F-22C2-4FD5-BE81-8982BE6874D2", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:windows:*:*:*:*:*", "matchCriteriaId": "5A37EB65-9EDD-41B0-ABEB-8A00232D8770", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*", "matchCriteriaId": "600DDA9D-6440-48D1-8539-7127398A8678", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "934A869D-D58D-4C36-B86E-013F62790585", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "ACFA6611-99DA-48B0-89F7-DD99B8E30334", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "matchCriteriaId": "59AF804B-BD7A-4AD7-AD44-B5D980443B8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*", "matchCriteriaId": "F5D52F86-2E38-4C66-9939-7603367B8D0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "matchCriteriaId": "0557AA2A-FA3A-460A-8F03-DC74B149CA3D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FC04ABF-6191-4AA5-90B2-E7A97E6C6005", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "matchCriteriaId": "F22F1B02-CCF5-4770-A79B-1F58CA4321CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "matchCriteriaId": "93957171-F1F4-43ED-A8B9-2D36C81EB1F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "matchCriteriaId": "7AE89894-E492-4380-8A2B-4CDD3A15667A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C6ED706-BAF2-4795-B597-6F7EE8CA8911", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "matchCriteriaId": "D50BF190-2629-49A8-A377-4723C93FFB3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*", "matchCriteriaId": "BDD0A103-6D00-4D3D-9570-2DF74B6FE294", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flex:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D250C7-E7DE-491C-9FE3-F9F77C971B24", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly." }, { "lang": "es", "value": "Adobe Flash Player 9.0.115.0 y versiones anteriores, y 8.0.39.0 y versiones anteriores, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero SWF con una etiqueta modificada DeclareFunction2 Actionscript, lo cual evita que un objeto sea instanciado adecuadamente." } ], "id": "CVE-2007-6019", "lastModified": "2024-11-21T00:39:11.617", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2008-04-09T21:05:00.000", "references": [ { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html" }, { "source": "PSIRT-CNA@flexerasoftware.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29763" }, { "source": "PSIRT-CNA@flexerasoftware.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29865" }, { "source": "PSIRT-CNA@flexerasoftware.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/30430" }, { "source": "PSIRT-CNA@flexerasoftware.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/30507" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://securityreason.com/securityalert/3805" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1" }, { "source": "PSIRT-CNA@flexerasoftware.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/archive/1/490623/100/0/threaded" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/archive/1/490824/100/0/threaded" }, { "source": "PSIRT-CNA@flexerasoftware.com", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/28694" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securitytracker.com/id?1019810" }, { "source": "PSIRT-CNA@flexerasoftware.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html" }, { "source": "PSIRT-CNA@flexerasoftware.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.vupen.com/english/advisories/2008/1724/references" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-021" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41717" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29763" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29865" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/30430" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/30507" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3805" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/490623/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/490824/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/28694" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1019810" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1724/references" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-021" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41717" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160" } ], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:air:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "15DDE65E-ED35-42B6-A139-BB6F571B5967", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "67971799-2A4E-4FD2-BF8B-5E0B82032E55", "versionEndIncluding": "10.0.12.36", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "DDFF4A51-C936-4C5B-8276-FD454C9E4F40", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5ECC9D7-3386-4FEA-9218-91E31FF90F3A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "F0E93289-6EE0-401A-958D-F59D2CDAE2F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "matchCriteriaId": "0FA3E556-BF8F-4D30-8DE5-09DA3FD8D5C3", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:linux:*:*:*:*:*", "matchCriteriaId": "C00E5438-DBD7-4A47-8E5F-0D3946EA3102", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "matchCriteriaId": "A82D5B56-44E0-4120-B73E-0A1155AF4B05", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "matchCriteriaId": "8E895107-ED8A-4F88-87C3-935EAE299C01", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4007D621-A0BC-4927-82A7-10D73802BCF8", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "641776AE-5408-439E-8290-DD9324771874", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "138A932A-D775-46A2-86EC-3C03C96884C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "D12E3957-D7B2-4F3B-BB64-8B50B8958DEF", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*", "matchCriteriaId": "F648661E-BA18-41F9-A0A7-F9D5D7E2056B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*", "matchCriteriaId": "A88BDD68-3EDD-49F4-B656-EB03BF849664", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "matchCriteriaId": "32912721-F750-4C20-B999-E728F7D3A85D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "matchCriteriaId": "A95FA639-346C-491C-81A8-6C2A7B01AA19", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9F1E5AB-DEFA-42FC-A299-C8EEB778F9C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC7DD938-F963-4E03-B66B-F00436E4EA9D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "934A869D-D58D-4C36-B86E-013F62790585", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "ACFA6611-99DA-48B0-89F7-DD99B8E30334", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "matchCriteriaId": "59AF804B-BD7A-4AD7-AD44-B5D980443B8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "matchCriteriaId": "0557AA2A-FA3A-460A-8F03-DC74B149CA3D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FC04ABF-6191-4AA5-90B2-E7A97E6C6005", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "matchCriteriaId": "F22F1B02-CCF5-4770-A79B-1F58CA4321CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "matchCriteriaId": "93957171-F1F4-43ED-A8B9-2D36C81EB1F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "matchCriteriaId": "7AE89894-E492-4380-8A2B-4CDD3A15667A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C6ED706-BAF2-4795-B597-6F7EE8CA8911", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "matchCriteriaId": "260E2CF6-4D15-4168-A933-3EC52D8F93FF", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "matchCriteriaId": "D50BF190-2629-49A8-A377-4723C93FFB3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "matchCriteriaId": "08E4028B-72E7-4E4A-AD0F-645F5AACAA29", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "matchCriteriaId": "63313ADA-3C52-47C8-9745-6BF6AEF0F6AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:cs3:*:pro:*:*:*:*:*", "matchCriteriaId": "A3618623-8C9F-47CA-BBF6-B0DA98CB41FB", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:cs4:*:pro:*:*:*:*:*", "matchCriteriaId": "9E1093EF-0A76-4757-9D8D-6808A5D95C86", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player_for_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "A72D07B5-1311-4653-8E84-7414E11A797C", "versionEndIncluding": "10.0.15.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flex:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D250C7-E7DE-491C-9FE3-F9F77C971B24", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the \"mouse pointer display,\" related to a \"Clickjacking attack.\"" }, { "lang": "es", "value": "Adobe Flash Player 9.x antes de la 9.0.159.0 y 10.x antes de la 10.0.22.87 sobre Windows permite a atacantes remotos enga\u00f1ar a un usuario para que visite una URL arbitraria a trav\u00e9s de una manipulaci\u00f3n no especificada de la \"pantalla el puntero del rat\u00f3n\", relacionada con un \"ataque de Clickjacking \"." } ], "evaluatorSolution": "Per: http://www.adobe.com/support/security/bulletins/apsb09-01.html\r\n\r\n\"This update resolves a Windows-only issue with mouse pointer display that could potentially contribute to a Clickjacking attack. (CVE-2009-0522)\"", "id": "CVE-2009-0522", "lastModified": "2024-11-21T01:00:09.003", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2009-02-26T16:17:19.937", "references": [ { "source": "cve@mitre.org", "url": "http://isc.sans.org/diary.html?storyid=5929" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/34012" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1021752" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/0513" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48903" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6674" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://isc.sans.org/diary.html?storyid=5929" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/34012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1021752" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/0513" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48903" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6674" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*", "matchCriteriaId": "14F82070-F701-4F73-9E69-D694B0618B13", "versionEndIncluding": "1.5.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "697E64F5-0150-4542-B3C3-7443A00E8DB4", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.01:*:*:*:*:*:*:*", "matchCriteriaId": "A4D16ACA-65FF-4FBD-818D-DF1606539687", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4C2F45DC-32D8-4152-B090-C764B1998C0A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "15DDE65E-ED35-42B6-A139-BB6F571B5967", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "C344DE1F-E67B-4B5D-9C2F-9E118C6220B1", "versionEndIncluding": "10.0.22.87", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "DDFF4A51-C936-4C5B-8276-FD454C9E4F40", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5ECC9D7-3386-4FEA-9218-91E31FF90F3A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "F0E93289-6EE0-401A-958D-F59D2CDAE2F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "matchCriteriaId": "0FA3E556-BF8F-4D30-8DE5-09DA3FD8D5C3", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:linux:*:*:*:*:*", "matchCriteriaId": "C00E5438-DBD7-4A47-8E5F-0D3946EA3102", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "matchCriteriaId": "A82D5B56-44E0-4120-B73E-0A1155AF4B05", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "matchCriteriaId": "8E895107-ED8A-4F88-87C3-935EAE299C01", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4007D621-A0BC-4927-82A7-10D73802BCF8", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "641776AE-5408-439E-8290-DD9324771874", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "138A932A-D775-46A2-86EC-3C03C96884C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "D12E3957-D7B2-4F3B-BB64-8B50B8958DEF", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*", "matchCriteriaId": "F648661E-BA18-41F9-A0A7-F9D5D7E2056B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*", "matchCriteriaId": "A88BDD68-3EDD-49F4-B656-EB03BF849664", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "matchCriteriaId": "32912721-F750-4C20-B999-E728F7D3A85D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "matchCriteriaId": "A95FA639-346C-491C-81A8-6C2A7B01AA19", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9F1E5AB-DEFA-42FC-A299-C8EEB778F9C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC7DD938-F963-4E03-B66B-F00436E4EA9D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "934A869D-D58D-4C36-B86E-013F62790585", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "ACFA6611-99DA-48B0-89F7-DD99B8E30334", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "matchCriteriaId": "59AF804B-BD7A-4AD7-AD44-B5D980443B8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "matchCriteriaId": "0557AA2A-FA3A-460A-8F03-DC74B149CA3D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FC04ABF-6191-4AA5-90B2-E7A97E6C6005", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "matchCriteriaId": "F22F1B02-CCF5-4770-A79B-1F58CA4321CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "matchCriteriaId": "93957171-F1F4-43ED-A8B9-2D36C81EB1F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "matchCriteriaId": "7AE89894-E492-4380-8A2B-4CDD3A15667A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C6ED706-BAF2-4795-B597-6F7EE8CA8911", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "matchCriteriaId": "260E2CF6-4D15-4168-A933-3EC52D8F93FF", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "matchCriteriaId": "D50BF190-2629-49A8-A377-4723C93FFB3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "matchCriteriaId": "08E4028B-72E7-4E4A-AD0F-645F5AACAA29", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "matchCriteriaId": "63313ADA-3C52-47C8-9745-6BF6AEF0F6AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*", "matchCriteriaId": "BA646396-7C10-45A0-89A9-C75C5D8AFB3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flex:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D250C7-E7DE-491C-9FE3-F9F77C971B24", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR versiones anteriores a v1.5.2, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (finalizaci\u00f3n de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no especificados relacionados con el an\u00e1lisis sint\u00e1ctico de una URL." } ], "id": "CVE-2009-1868", "lastModified": "2024-11-21T01:03:34.737", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2009-07-31T19:30:00.343", "references": [ { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "source": "cve@mitre.org", "url": "http://osvdb.org/56776" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/36193" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/36374" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/36701" }, { "source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT3864" }, { "source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT3865" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "source": "cve@mitre.org", "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/35890" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/35902" }, { "source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1022629" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52185" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15955" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6865" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/56776" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36193" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36374" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36701" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3864" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3865" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/35890" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/35902" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1022629" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52185" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15955" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6865" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*", "matchCriteriaId": "14F82070-F701-4F73-9E69-D694B0618B13", "versionEndIncluding": "1.5.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "697E64F5-0150-4542-B3C3-7443A00E8DB4", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.01:*:*:*:*:*:*:*", "matchCriteriaId": "A4D16ACA-65FF-4FBD-818D-DF1606539687", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4C2F45DC-32D8-4152-B090-C764B1998C0A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "15DDE65E-ED35-42B6-A139-BB6F571B5967", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "C344DE1F-E67B-4B5D-9C2F-9E118C6220B1", "versionEndIncluding": "10.0.22.87", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "DDFF4A51-C936-4C5B-8276-FD454C9E4F40", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5ECC9D7-3386-4FEA-9218-91E31FF90F3A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "F0E93289-6EE0-401A-958D-F59D2CDAE2F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "matchCriteriaId": "0FA3E556-BF8F-4D30-8DE5-09DA3FD8D5C3", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:linux:*:*:*:*:*", "matchCriteriaId": "C00E5438-DBD7-4A47-8E5F-0D3946EA3102", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "matchCriteriaId": "A82D5B56-44E0-4120-B73E-0A1155AF4B05", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "matchCriteriaId": "8E895107-ED8A-4F88-87C3-935EAE299C01", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4007D621-A0BC-4927-82A7-10D73802BCF8", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "641776AE-5408-439E-8290-DD9324771874", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "138A932A-D775-46A2-86EC-3C03C96884C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "D12E3957-D7B2-4F3B-BB64-8B50B8958DEF", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*", "matchCriteriaId": "F648661E-BA18-41F9-A0A7-F9D5D7E2056B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*", "matchCriteriaId": "A88BDD68-3EDD-49F4-B656-EB03BF849664", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "matchCriteriaId": "32912721-F750-4C20-B999-E728F7D3A85D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "matchCriteriaId": "A95FA639-346C-491C-81A8-6C2A7B01AA19", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9F1E5AB-DEFA-42FC-A299-C8EEB778F9C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC7DD938-F963-4E03-B66B-F00436E4EA9D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "934A869D-D58D-4C36-B86E-013F62790585", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "ACFA6611-99DA-48B0-89F7-DD99B8E30334", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "matchCriteriaId": "59AF804B-BD7A-4AD7-AD44-B5D980443B8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "matchCriteriaId": "0557AA2A-FA3A-460A-8F03-DC74B149CA3D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FC04ABF-6191-4AA5-90B2-E7A97E6C6005", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "matchCriteriaId": "F22F1B02-CCF5-4770-A79B-1F58CA4321CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "matchCriteriaId": "93957171-F1F4-43ED-A8B9-2D36C81EB1F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "matchCriteriaId": "7AE89894-E492-4380-8A2B-4CDD3A15667A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C6ED706-BAF2-4795-B597-6F7EE8CA8911", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "matchCriteriaId": "260E2CF6-4D15-4168-A933-3EC52D8F93FF", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "matchCriteriaId": "D50BF190-2629-49A8-A377-4723C93FFB3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "matchCriteriaId": "08E4028B-72E7-4E4A-AD0F-645F5AACAA29", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "matchCriteriaId": "63313ADA-3C52-47C8-9745-6BF6AEF0F6AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*", "matchCriteriaId": "BA646396-7C10-45A0-89A9-C75C5D8AFB3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flex:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D250C7-E7DE-491C-9FE3-F9F77C971B24", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a \"clickjacking vulnerability.\"" }, { "lang": "es", "value": "Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR versiones anteriores a v1.5.2, permite que atacantes enga\u00f1en al usuario para (1) pulsar en un enlace o (2) completar un di\u00e1logo, relacionado con una vulnerabilidad de \"clickjacking\"." } ], "id": "CVE-2009-1867", "lastModified": "2024-11-21T01:03:34.560", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2009-07-31T19:30:00.313", "references": [ { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "source": "cve@mitre.org", "url": "http://osvdb.org/56775" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/36193" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/36374" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/36701" }, { "source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT3864" }, { "source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT3865" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "source": "cve@mitre.org", "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/35890" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/35905" }, { "source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1022629" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52183" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15430" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6694" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/56775" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36193" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36374" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36701" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3864" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3865" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/35890" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/35905" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1022629" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52183" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15430" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6694" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-59" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*", "matchCriteriaId": "14F82070-F701-4F73-9E69-D694B0618B13", "versionEndIncluding": "1.5.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "697E64F5-0150-4542-B3C3-7443A00E8DB4", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.01:*:*:*:*:*:*:*", "matchCriteriaId": "A4D16ACA-65FF-4FBD-818D-DF1606539687", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4C2F45DC-32D8-4152-B090-C764B1998C0A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "15DDE65E-ED35-42B6-A139-BB6F571B5967", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "C344DE1F-E67B-4B5D-9C2F-9E118C6220B1", "versionEndIncluding": "10.0.22.87", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "DDFF4A51-C936-4C5B-8276-FD454C9E4F40", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5ECC9D7-3386-4FEA-9218-91E31FF90F3A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "F0E93289-6EE0-401A-958D-F59D2CDAE2F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "matchCriteriaId": "0FA3E556-BF8F-4D30-8DE5-09DA3FD8D5C3", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:linux:*:*:*:*:*", "matchCriteriaId": "C00E5438-DBD7-4A47-8E5F-0D3946EA3102", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "matchCriteriaId": "A82D5B56-44E0-4120-B73E-0A1155AF4B05", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "matchCriteriaId": "8E895107-ED8A-4F88-87C3-935EAE299C01", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4007D621-A0BC-4927-82A7-10D73802BCF8", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "641776AE-5408-439E-8290-DD9324771874", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "138A932A-D775-46A2-86EC-3C03C96884C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "D12E3957-D7B2-4F3B-BB64-8B50B8958DEF", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*", "matchCriteriaId": "F648661E-BA18-41F9-A0A7-F9D5D7E2056B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*", "matchCriteriaId": "A88BDD68-3EDD-49F4-B656-EB03BF849664", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "matchCriteriaId": "32912721-F750-4C20-B999-E728F7D3A85D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "matchCriteriaId": "A95FA639-346C-491C-81A8-6C2A7B01AA19", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9F1E5AB-DEFA-42FC-A299-C8EEB778F9C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC7DD938-F963-4E03-B66B-F00436E4EA9D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "934A869D-D58D-4C36-B86E-013F62790585", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "ACFA6611-99DA-48B0-89F7-DD99B8E30334", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "matchCriteriaId": "59AF804B-BD7A-4AD7-AD44-B5D980443B8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "matchCriteriaId": "0557AA2A-FA3A-460A-8F03-DC74B149CA3D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FC04ABF-6191-4AA5-90B2-E7A97E6C6005", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "matchCriteriaId": "F22F1B02-CCF5-4770-A79B-1F58CA4321CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "matchCriteriaId": "93957171-F1F4-43ED-A8B9-2D36C81EB1F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "matchCriteriaId": "7AE89894-E492-4380-8A2B-4CDD3A15667A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C6ED706-BAF2-4795-B597-6F7EE8CA8911", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "matchCriteriaId": "260E2CF6-4D15-4168-A933-3EC52D8F93FF", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "matchCriteriaId": "D50BF190-2629-49A8-A377-4723C93FFB3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "matchCriteriaId": "08E4028B-72E7-4E4A-AD0F-645F5AACAA29", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "matchCriteriaId": "63313ADA-3C52-47C8-9745-6BF6AEF0F6AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*", "matchCriteriaId": "BA646396-7C10-45A0-89A9-C75C5D8AFB3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flex:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D250C7-E7DE-491C-9FE3-F9F77C971B24", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR anteriores a v1.5.2, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (finalizaci\u00f3n de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no especificados." } ], "id": "CVE-2009-1864", "lastModified": "2024-11-21T01:03:34.027", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2009-07-31T19:30:00.233", "references": [ { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/36193" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/36374" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/36701" }, { "source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT3864" }, { "source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT3865" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "source": "cve@mitre.org", "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/35890" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/35904" }, { "source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1022629" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52184" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16133" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6660" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36193" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36374" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36701" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3864" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3865" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/35890" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/35904" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1022629" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52184" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16133" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6660" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
adobe | flex | 3.0.1 | |
adobe | flex_builder | 3 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:flex:3.0.1:*:sdk:*:*:*:*:*", "matchCriteriaId": "DDB08AFF-83FA-4D5D-8DDF-70AC8AC8275D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flex_builder:3:*:*:*:*:*:*:*", "matchCriteriaId": "8764CF7F-6DD8-4C3A-9251-70B86FD76B24", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 History Management feature in Adobe Flex 3.0.1 SDK and Flex Builder 3, and generated applications, allow remote attackers to inject arbitrary web script or HTML via the anchor identifier to (1) client-side-detection-with-history/history/historyFrame.html, (2) express-installation-with-history/history/historyFrame.html, or (3) no-player-detection-with-history/history/historyFrame.html in templates/html-templates/. NOTE: Firefox 2.0 and possibly other browsers prevent exploitation." }, { "lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en Flex 3 History Management en Adobe Flex 3.0.1 SDK, Flex Builder 3 y las aplicaciones generadas con \u00e9stos, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del marcador identificador al (1) client-side-detection-with-history/history/historyFrame.html, (2) express-installation-with-history/history/historyFrame.html, o (3) no-player-detection-with-history/history/historyFrame.html en templates/html-templates/. NOTA: Firefox 2.0 y probablemente otros navegadores evitan la explotaci\u00f3n." } ], "id": "CVE-2008-2640", "lastModified": "2024-11-21T00:47:22.393", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2008-06-18T19:41:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://blog.watchfire.com/wfblog/2008/06/javascript-code.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/30746" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1020301" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.adobe.com/support/security/bulletins/apsb08-14.html" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/29778" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1862" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43150" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://blog.watchfire.com/wfblog/2008/06/javascript-code.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/30746" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1020301" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.adobe.com/support/security/bulletins/apsb08-14.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/29778" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1862" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43150" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*", "matchCriteriaId": "14F82070-F701-4F73-9E69-D694B0618B13", "versionEndIncluding": "1.5.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "697E64F5-0150-4542-B3C3-7443A00E8DB4", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.01:*:*:*:*:*:*:*", "matchCriteriaId": "A4D16ACA-65FF-4FBD-818D-DF1606539687", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4C2F45DC-32D8-4152-B090-C764B1998C0A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "15DDE65E-ED35-42B6-A139-BB6F571B5967", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "C344DE1F-E67B-4B5D-9C2F-9E118C6220B1", "versionEndIncluding": "10.0.22.87", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "DDFF4A51-C936-4C5B-8276-FD454C9E4F40", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5ECC9D7-3386-4FEA-9218-91E31FF90F3A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "F0E93289-6EE0-401A-958D-F59D2CDAE2F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "matchCriteriaId": "0FA3E556-BF8F-4D30-8DE5-09DA3FD8D5C3", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:linux:*:*:*:*:*", "matchCriteriaId": "C00E5438-DBD7-4A47-8E5F-0D3946EA3102", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "matchCriteriaId": "A82D5B56-44E0-4120-B73E-0A1155AF4B05", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "matchCriteriaId": "8E895107-ED8A-4F88-87C3-935EAE299C01", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4007D621-A0BC-4927-82A7-10D73802BCF8", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "641776AE-5408-439E-8290-DD9324771874", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "138A932A-D775-46A2-86EC-3C03C96884C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "D12E3957-D7B2-4F3B-BB64-8B50B8958DEF", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*", "matchCriteriaId": "F648661E-BA18-41F9-A0A7-F9D5D7E2056B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*", "matchCriteriaId": "A88BDD68-3EDD-49F4-B656-EB03BF849664", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "matchCriteriaId": "32912721-F750-4C20-B999-E728F7D3A85D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "matchCriteriaId": "A95FA639-346C-491C-81A8-6C2A7B01AA19", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9F1E5AB-DEFA-42FC-A299-C8EEB778F9C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC7DD938-F963-4E03-B66B-F00436E4EA9D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "934A869D-D58D-4C36-B86E-013F62790585", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "ACFA6611-99DA-48B0-89F7-DD99B8E30334", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "matchCriteriaId": "59AF804B-BD7A-4AD7-AD44-B5D980443B8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "matchCriteriaId": "0557AA2A-FA3A-460A-8F03-DC74B149CA3D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FC04ABF-6191-4AA5-90B2-E7A97E6C6005", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "matchCriteriaId": "F22F1B02-CCF5-4770-A79B-1F58CA4321CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "matchCriteriaId": "93957171-F1F4-43ED-A8B9-2D36C81EB1F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "matchCriteriaId": "7AE89894-E492-4380-8A2B-4CDD3A15667A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C6ED706-BAF2-4795-B597-6F7EE8CA8911", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "matchCriteriaId": "260E2CF6-4D15-4168-A933-3EC52D8F93FF", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "matchCriteriaId": "D50BF190-2629-49A8-A377-4723C93FFB3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "matchCriteriaId": "08E4028B-72E7-4E4A-AD0F-645F5AACAA29", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "matchCriteriaId": "63313ADA-3C52-47C8-9745-6BF6AEF0F6AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*", "matchCriteriaId": "BA646396-7C10-45A0-89A9-C75C5D8AFB3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flex:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D250C7-E7DE-491C-9FE3-F9F77C971B24", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer." }, { "lang": "es", "value": "Desbordamiento de entero en Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR versiones anteriores a v1.5.2, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (finalizaci\u00f3n de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no especificados." } ], "id": "CVE-2009-1869", "lastModified": "2024-11-21T01:03:34.917", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2009-07-31T19:30:00.360", "references": [ { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "source": "cve@mitre.org", "url": "http://osvdb.org/56777" }, { "source": "cve@mitre.org", "url": "http://roeehay.blogspot.com/2009/08/advisory-adobe-flash-player-avm2.html" }, { "source": "cve@mitre.org", "url": "http://roeehay.blogspot.com/2009/08/exploitation-of-cve-2009-1869.html" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/36193" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/36374" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/36701" }, { "source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT3864" }, { "source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT3865" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "source": "cve@mitre.org", "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/505467/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/35890" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/35907" }, { "source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1022629" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52181" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15994" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6998" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/56777" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://roeehay.blogspot.com/2009/08/advisory-adobe-flash-player-avm2.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://roeehay.blogspot.com/2009/08/exploitation-of-cve-2009-1869.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36193" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36374" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36701" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3864" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3865" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/505467/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/35890" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/35907" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1022629" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52181" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15994" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6998" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-189" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*", "matchCriteriaId": "14F82070-F701-4F73-9E69-D694B0618B13", "versionEndIncluding": "1.5.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "697E64F5-0150-4542-B3C3-7443A00E8DB4", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.01:*:*:*:*:*:*:*", "matchCriteriaId": "A4D16ACA-65FF-4FBD-818D-DF1606539687", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4C2F45DC-32D8-4152-B090-C764B1998C0A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "15DDE65E-ED35-42B6-A139-BB6F571B5967", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "C344DE1F-E67B-4B5D-9C2F-9E118C6220B1", "versionEndIncluding": "10.0.22.87", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "DDFF4A51-C936-4C5B-8276-FD454C9E4F40", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5ECC9D7-3386-4FEA-9218-91E31FF90F3A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "F0E93289-6EE0-401A-958D-F59D2CDAE2F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "matchCriteriaId": "0FA3E556-BF8F-4D30-8DE5-09DA3FD8D5C3", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:linux:*:*:*:*:*", "matchCriteriaId": "C00E5438-DBD7-4A47-8E5F-0D3946EA3102", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "matchCriteriaId": "A82D5B56-44E0-4120-B73E-0A1155AF4B05", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "matchCriteriaId": "8E895107-ED8A-4F88-87C3-935EAE299C01", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4007D621-A0BC-4927-82A7-10D73802BCF8", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "641776AE-5408-439E-8290-DD9324771874", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "138A932A-D775-46A2-86EC-3C03C96884C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "D12E3957-D7B2-4F3B-BB64-8B50B8958DEF", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*", "matchCriteriaId": "F648661E-BA18-41F9-A0A7-F9D5D7E2056B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*", "matchCriteriaId": "A88BDD68-3EDD-49F4-B656-EB03BF849664", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "matchCriteriaId": "32912721-F750-4C20-B999-E728F7D3A85D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "matchCriteriaId": "A95FA639-346C-491C-81A8-6C2A7B01AA19", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9F1E5AB-DEFA-42FC-A299-C8EEB778F9C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC7DD938-F963-4E03-B66B-F00436E4EA9D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "934A869D-D58D-4C36-B86E-013F62790585", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "ACFA6611-99DA-48B0-89F7-DD99B8E30334", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "matchCriteriaId": "59AF804B-BD7A-4AD7-AD44-B5D980443B8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "matchCriteriaId": "0557AA2A-FA3A-460A-8F03-DC74B149CA3D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FC04ABF-6191-4AA5-90B2-E7A97E6C6005", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "matchCriteriaId": "F22F1B02-CCF5-4770-A79B-1F58CA4321CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "matchCriteriaId": "93957171-F1F4-43ED-A8B9-2D36C81EB1F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "matchCriteriaId": "7AE89894-E492-4380-8A2B-4CDD3A15667A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C6ED706-BAF2-4795-B597-6F7EE8CA8911", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "matchCriteriaId": "260E2CF6-4D15-4168-A933-3EC52D8F93FF", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "matchCriteriaId": "D50BF190-2629-49A8-A377-4723C93FFB3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "matchCriteriaId": "08E4028B-72E7-4E4A-AD0F-645F5AACAA29", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "matchCriteriaId": "63313ADA-3C52-47C8-9745-6BF6AEF0F6AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*", "matchCriteriaId": "BA646396-7C10-45A0-89A9-C75C5D8AFB3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flex:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D250C7-E7DE-491C-9FE3-F9F77C971B24", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a \"local sandbox vulnerability.\"" }, { "lang": "es", "value": "Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR versiones anteriores a v1.5.2, permite que atacantes obtengan informaci\u00f3n sensible mediante vectores involucrados con el almacenamiento de un fichero SWF en el disco duro, relacionados con una vulnerabilidad en la \"sandbox\" local." } ], "id": "CVE-2009-1870", "lastModified": "2024-11-21T01:03:35.103", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2009-07-31T19:30:00.390", "references": [ { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "source": "cve@mitre.org", "url": "http://osvdb.org/56778" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/36193" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/36374" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/36701" }, { "source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT3864" }, { "source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT3865" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "source": "cve@mitre.org", "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/35890" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/35908" }, { "source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1022629" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52180" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15887" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6648" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/56778" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36193" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36374" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36701" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3864" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3865" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/35890" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/35908" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1022629" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52180" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15887" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6648" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:air:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "15DDE65E-ED35-42B6-A139-BB6F571B5967", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "67971799-2A4E-4FD2-BF8B-5E0B82032E55", "versionEndIncluding": "10.0.12.36", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "DDFF4A51-C936-4C5B-8276-FD454C9E4F40", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5ECC9D7-3386-4FEA-9218-91E31FF90F3A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "F0E93289-6EE0-401A-958D-F59D2CDAE2F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "matchCriteriaId": "0FA3E556-BF8F-4D30-8DE5-09DA3FD8D5C3", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:linux:*:*:*:*:*", "matchCriteriaId": "C00E5438-DBD7-4A47-8E5F-0D3946EA3102", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "matchCriteriaId": "A82D5B56-44E0-4120-B73E-0A1155AF4B05", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "matchCriteriaId": "8E895107-ED8A-4F88-87C3-935EAE299C01", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4007D621-A0BC-4927-82A7-10D73802BCF8", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "641776AE-5408-439E-8290-DD9324771874", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "138A932A-D775-46A2-86EC-3C03C96884C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "D12E3957-D7B2-4F3B-BB64-8B50B8958DEF", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*", "matchCriteriaId": "F648661E-BA18-41F9-A0A7-F9D5D7E2056B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*", "matchCriteriaId": "A88BDD68-3EDD-49F4-B656-EB03BF849664", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "matchCriteriaId": "32912721-F750-4C20-B999-E728F7D3A85D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "matchCriteriaId": "A95FA639-346C-491C-81A8-6C2A7B01AA19", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9F1E5AB-DEFA-42FC-A299-C8EEB778F9C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC7DD938-F963-4E03-B66B-F00436E4EA9D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "934A869D-D58D-4C36-B86E-013F62790585", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "ACFA6611-99DA-48B0-89F7-DD99B8E30334", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "matchCriteriaId": "59AF804B-BD7A-4AD7-AD44-B5D980443B8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "matchCriteriaId": "0557AA2A-FA3A-460A-8F03-DC74B149CA3D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FC04ABF-6191-4AA5-90B2-E7A97E6C6005", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "matchCriteriaId": "F22F1B02-CCF5-4770-A79B-1F58CA4321CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "matchCriteriaId": "93957171-F1F4-43ED-A8B9-2D36C81EB1F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "matchCriteriaId": "7AE89894-E492-4380-8A2B-4CDD3A15667A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C6ED706-BAF2-4795-B597-6F7EE8CA8911", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "matchCriteriaId": "260E2CF6-4D15-4168-A933-3EC52D8F93FF", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "matchCriteriaId": "D50BF190-2629-49A8-A377-4723C93FFB3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "matchCriteriaId": "08E4028B-72E7-4E4A-AD0F-645F5AACAA29", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "matchCriteriaId": "63313ADA-3C52-47C8-9745-6BF6AEF0F6AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:cs3:*:pro:*:*:*:*:*", "matchCriteriaId": "A3618623-8C9F-47CA-BBF6-B0DA98CB41FB", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:cs4:*:pro:*:*:*:*:*", "matchCriteriaId": "9E1093EF-0A76-4757-9D8D-6808A5D95C86", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player_for_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "A72D07B5-1311-4653-8E84-7414E11A797C", "versionEndIncluding": "10.0.15.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flex:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D250C7-E7DE-491C-9FE3-F9F77C971B24", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file." }, { "lang": "es", "value": "Vulnerabilidad no especificada en Adobe Flash Player 9.x anteriores a v9.0.159.0 y v10.x anteriores a v10.0.22.87, permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del navegador) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero Shockwave Flash (tambi\u00e9n conocido como .swf)." } ], "id": "CVE-2009-0519", "lastModified": "2024-11-21T01:00:08.460", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2009-02-26T16:17:19.877", "references": [ { "source": "cve@mitre.org", "url": "http://isc.sans.org/diary.html?storyid=5929" }, { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" }, { "source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2009-0332.html" }, { "source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2009-0334.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/34012" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/34226" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/34293" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/35074" }, { "source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1" }, { "source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT3549" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/33890" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/0513" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/0743" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/1297" }, { "source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487141" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48900" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15837" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6470" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://isc.sans.org/diary.html?storyid=5929" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2009-0332.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2009-0334.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/34012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/34226" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/34293" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/35074" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3549" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/33890" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/0513" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/0743" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/1297" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487141" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48900" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15837" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6470" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:air:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "15DDE65E-ED35-42B6-A139-BB6F571B5967", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "67971799-2A4E-4FD2-BF8B-5E0B82032E55", "versionEndIncluding": "10.0.12.36", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "DDFF4A51-C936-4C5B-8276-FD454C9E4F40", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5ECC9D7-3386-4FEA-9218-91E31FF90F3A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "F0E93289-6EE0-401A-958D-F59D2CDAE2F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "matchCriteriaId": "0FA3E556-BF8F-4D30-8DE5-09DA3FD8D5C3", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:linux:*:*:*:*:*", "matchCriteriaId": "C00E5438-DBD7-4A47-8E5F-0D3946EA3102", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "matchCriteriaId": "A82D5B56-44E0-4120-B73E-0A1155AF4B05", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "matchCriteriaId": "8E895107-ED8A-4F88-87C3-935EAE299C01", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4007D621-A0BC-4927-82A7-10D73802BCF8", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "641776AE-5408-439E-8290-DD9324771874", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "138A932A-D775-46A2-86EC-3C03C96884C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "D12E3957-D7B2-4F3B-BB64-8B50B8958DEF", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*", "matchCriteriaId": "F648661E-BA18-41F9-A0A7-F9D5D7E2056B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*", "matchCriteriaId": "A88BDD68-3EDD-49F4-B656-EB03BF849664", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "matchCriteriaId": "32912721-F750-4C20-B999-E728F7D3A85D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "matchCriteriaId": "A95FA639-346C-491C-81A8-6C2A7B01AA19", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9F1E5AB-DEFA-42FC-A299-C8EEB778F9C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC7DD938-F963-4E03-B66B-F00436E4EA9D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "934A869D-D58D-4C36-B86E-013F62790585", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "ACFA6611-99DA-48B0-89F7-DD99B8E30334", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "matchCriteriaId": "59AF804B-BD7A-4AD7-AD44-B5D980443B8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "matchCriteriaId": "0557AA2A-FA3A-460A-8F03-DC74B149CA3D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FC04ABF-6191-4AA5-90B2-E7A97E6C6005", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "matchCriteriaId": "F22F1B02-CCF5-4770-A79B-1F58CA4321CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "matchCriteriaId": "93957171-F1F4-43ED-A8B9-2D36C81EB1F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "matchCriteriaId": "7AE89894-E492-4380-8A2B-4CDD3A15667A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C6ED706-BAF2-4795-B597-6F7EE8CA8911", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "matchCriteriaId": "260E2CF6-4D15-4168-A933-3EC52D8F93FF", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "matchCriteriaId": "D50BF190-2629-49A8-A377-4723C93FFB3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "matchCriteriaId": "08E4028B-72E7-4E4A-AD0F-645F5AACAA29", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "matchCriteriaId": "63313ADA-3C52-47C8-9745-6BF6AEF0F6AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:cs3:*:pro:*:*:*:*:*", "matchCriteriaId": "A3618623-8C9F-47CA-BBF6-B0DA98CB41FB", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:cs4:*:pro:*:*:*:*:*", "matchCriteriaId": "9E1093EF-0A76-4757-9D8D-6808A5D95C86", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player_for_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "A72D07B5-1311-4653-8E84-7414E11A797C", "versionEndIncluding": "10.0.15.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flex:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D250C7-E7DE-491C-9FE3-F9F77C971B24", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a \"buffer overflow issue.\"" }, { "lang": "es", "value": "Adobe Flash Player v9.x anteriores a v9.0.159.0 y 10.x before 10.0.22.87 no elimina apropiadamente referencias a objetos destruidos durante el procesado de un archivo Shockwave Flash, lo que permite a los atacantes remotos ejecutar arbitrariamente c\u00f3digo a trav\u00e9s de un fichero manipulado, en relaci\u00f3n a un \"asunto de desbordamiento de b\u00fafer\"." } ], "id": "CVE-2009-0520", "lastModified": "2024-11-21T01:00:08.643", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2009-02-26T16:17:19.890", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://isc.sans.org/diary.html?storyid=5929" }, { "source": "cve@mitre.org", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773" }, { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" }, { "source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2009-0332.html" }, { "source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2009-0334.html" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/34012" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/34226" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/34293" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/35074" }, { "source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1021750" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1" }, { "source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT3549" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/33880" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.vupen.com/english/advisories/2009/0513" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/0743" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/1297" }, { "source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48887" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://isc.sans.org/diary.html?storyid=5929" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2009-0332.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2009-0334.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/34012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/34226" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/34293" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/35074" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1021750" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3549" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/33880" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.vupen.com/english/advisories/2009/0513" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/0743" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/1297" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48887" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*", "matchCriteriaId": "14F82070-F701-4F73-9E69-D694B0618B13", "versionEndIncluding": "1.5.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "697E64F5-0150-4542-B3C3-7443A00E8DB4", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.01:*:*:*:*:*:*:*", "matchCriteriaId": "A4D16ACA-65FF-4FBD-818D-DF1606539687", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4C2F45DC-32D8-4152-B090-C764B1998C0A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:air:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "15DDE65E-ED35-42B6-A139-BB6F571B5967", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "C344DE1F-E67B-4B5D-9C2F-9E118C6220B1", "versionEndIncluding": "10.0.22.87", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "DDFF4A51-C936-4C5B-8276-FD454C9E4F40", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5ECC9D7-3386-4FEA-9218-91E31FF90F3A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "F0E93289-6EE0-401A-958D-F59D2CDAE2F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "matchCriteriaId": "0FA3E556-BF8F-4D30-8DE5-09DA3FD8D5C3", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:linux:*:*:*:*:*", "matchCriteriaId": "C00E5438-DBD7-4A47-8E5F-0D3946EA3102", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "matchCriteriaId": "A82D5B56-44E0-4120-B73E-0A1155AF4B05", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "matchCriteriaId": "8E895107-ED8A-4F88-87C3-935EAE299C01", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4007D621-A0BC-4927-82A7-10D73802BCF8", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "641776AE-5408-439E-8290-DD9324771874", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "138A932A-D775-46A2-86EC-3C03C96884C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "D12E3957-D7B2-4F3B-BB64-8B50B8958DEF", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*", "matchCriteriaId": "F648661E-BA18-41F9-A0A7-F9D5D7E2056B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*", "matchCriteriaId": "A88BDD68-3EDD-49F4-B656-EB03BF849664", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "matchCriteriaId": "32912721-F750-4C20-B999-E728F7D3A85D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "matchCriteriaId": "A95FA639-346C-491C-81A8-6C2A7B01AA19", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9F1E5AB-DEFA-42FC-A299-C8EEB778F9C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC7DD938-F963-4E03-B66B-F00436E4EA9D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "934A869D-D58D-4C36-B86E-013F62790585", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "ACFA6611-99DA-48B0-89F7-DD99B8E30334", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "matchCriteriaId": "59AF804B-BD7A-4AD7-AD44-B5D980443B8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "matchCriteriaId": "0557AA2A-FA3A-460A-8F03-DC74B149CA3D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FC04ABF-6191-4AA5-90B2-E7A97E6C6005", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "matchCriteriaId": "F22F1B02-CCF5-4770-A79B-1F58CA4321CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "matchCriteriaId": "93957171-F1F4-43ED-A8B9-2D36C81EB1F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "matchCriteriaId": "7AE89894-E492-4380-8A2B-4CDD3A15667A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C6ED706-BAF2-4795-B597-6F7EE8CA8911", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "matchCriteriaId": "260E2CF6-4D15-4168-A933-3EC52D8F93FF", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "matchCriteriaId": "D50BF190-2629-49A8-A377-4723C93FFB3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "matchCriteriaId": "08E4028B-72E7-4E4A-AD0F-645F5AACAA29", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "matchCriteriaId": "63313ADA-3C52-47C8-9745-6BF6AEF0F6AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*", "matchCriteriaId": "BA646396-7C10-45A0-89A9-C75C5D8AFB3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flex:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D250C7-E7DE-491C-9FE3-F9F77C971B24", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to a \"privilege escalation vulnerability.\"" }, { "lang": "es", "value": "Vulnerabilidad no especificada en Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (finalizaci\u00f3n de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no especificados, relacionados con una vulnerabilidad de escalada de privilegios." } ], "id": "CVE-2009-1863", "lastModified": "2024-11-21T01:03:33.847", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2009-07-31T19:30:00.203", "references": [ { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/36193" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/36374" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/36701" }, { "source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT3864" }, { "source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT3865" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "source": "cve@mitre.org", "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/35890" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/35900" }, { "source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1022629" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52179" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16391" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6961" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36193" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36374" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36701" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3864" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3865" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/35890" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/35900" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1022629" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52179" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16391" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6961" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-264" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:air:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "697E64F5-0150-4542-B3C3-7443A00E8DB4", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E284324-E67D-4C9A-9144-D08908BBD299", "versionEndIncluding": "9.0.115.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flex:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D250C7-E7DE-491C-9FE3-F9F77C971B24", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors." }, { "lang": "es", "value": "Vulnerabilidad no especificada en Adobe Flash Player 9.0.115.0 y versiones anteriores, y 8.0.39.0 y versiones anteriores, hace m\u00e1s f\u00e1cil a atacantes remotos llevar a cabo ataques DNS a trav\u00e9s de vectores desconocidos." } ], "id": "CVE-2008-1655", "lastModified": "2024-11-21T00:45:01.220", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2008-04-09T21:05:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" }, { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/29763" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/29865" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/30430" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/30507" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1" }, { "source": "cve@mitre.org", "url": "http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html#goal_dns" }, { "source": "cve@mitre.org", "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html" }, { "source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/44283" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28697" }, { "source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019808" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1724/references" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41807" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10724" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29763" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29865" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30430" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30507" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html#goal_dns" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/44283" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/28697" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1019808" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1724/references" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41807" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10724" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:air:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "15DDE65E-ED35-42B6-A139-BB6F571B5967", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "67971799-2A4E-4FD2-BF8B-5E0B82032E55", "versionEndIncluding": "10.0.12.36", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "DDFF4A51-C936-4C5B-8276-FD454C9E4F40", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5ECC9D7-3386-4FEA-9218-91E31FF90F3A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "F0E93289-6EE0-401A-958D-F59D2CDAE2F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "matchCriteriaId": "0FA3E556-BF8F-4D30-8DE5-09DA3FD8D5C3", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:linux:*:*:*:*:*", "matchCriteriaId": "C00E5438-DBD7-4A47-8E5F-0D3946EA3102", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "matchCriteriaId": "A82D5B56-44E0-4120-B73E-0A1155AF4B05", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "matchCriteriaId": "8E895107-ED8A-4F88-87C3-935EAE299C01", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4007D621-A0BC-4927-82A7-10D73802BCF8", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "641776AE-5408-439E-8290-DD9324771874", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "138A932A-D775-46A2-86EC-3C03C96884C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "D12E3957-D7B2-4F3B-BB64-8B50B8958DEF", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*", "matchCriteriaId": "F648661E-BA18-41F9-A0A7-F9D5D7E2056B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*", "matchCriteriaId": "A88BDD68-3EDD-49F4-B656-EB03BF849664", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "matchCriteriaId": "32912721-F750-4C20-B999-E728F7D3A85D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "matchCriteriaId": "A95FA639-346C-491C-81A8-6C2A7B01AA19", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9F1E5AB-DEFA-42FC-A299-C8EEB778F9C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC7DD938-F963-4E03-B66B-F00436E4EA9D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "934A869D-D58D-4C36-B86E-013F62790585", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "ACFA6611-99DA-48B0-89F7-DD99B8E30334", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "matchCriteriaId": "59AF804B-BD7A-4AD7-AD44-B5D980443B8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "matchCriteriaId": "0557AA2A-FA3A-460A-8F03-DC74B149CA3D", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FC04ABF-6191-4AA5-90B2-E7A97E6C6005", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "matchCriteriaId": "F22F1B02-CCF5-4770-A79B-1F58CA4321CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "matchCriteriaId": "93957171-F1F4-43ED-A8B9-2D36C81EB1F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "matchCriteriaId": "7AE89894-E492-4380-8A2B-4CDD3A15667A", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C6ED706-BAF2-4795-B597-6F7EE8CA8911", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "matchCriteriaId": "260E2CF6-4D15-4168-A933-3EC52D8F93FF", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "matchCriteriaId": "D50BF190-2629-49A8-A377-4723C93FFB3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "matchCriteriaId": "08E4028B-72E7-4E4A-AD0F-645F5AACAA29", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "matchCriteriaId": "63313ADA-3C52-47C8-9745-6BF6AEF0F6AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:cs3:*:pro:*:*:*:*:*", "matchCriteriaId": "A3618623-8C9F-47CA-BBF6-B0DA98CB41FB", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:cs4:*:pro:*:*:*:*:*", "matchCriteriaId": "9E1093EF-0A76-4757-9D8D-6808A5D95C86", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player_for_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "A72D07B5-1311-4653-8E84-7414E11A797C", "versionEndIncluding": "10.0.15.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flex:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D250C7-E7DE-491C-9FE3-F9F77C971B24", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to \"a potential Clickjacking issue variant.\"" }, { "lang": "es", "value": "Una vulnerabilidad no especificada en Administrador de configuraci\u00f3n de Adobe Flash Player 9.x antes de 9.0.159.0, 10.x antes de 10.0.22.87 y, posiblemente otras versiones, permite a atacantes remotos enga\u00f1ar a un usuario para que visite una URL arbitraria a trav\u00e9s de vectores desconocidos, relacionados con \"una posible variante del problema de Clickjacking.\"" } ], "id": "CVE-2009-0114", "lastModified": "2024-11-21T00:59:05.310", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2009-02-26T16:17:19.797", "references": [ { "source": "cve@mitre.org", "url": "http://isc.sans.org/diary.html?storyid=5929" }, { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/34226" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/34293" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/35074" }, { "source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1021751" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1" }, { "source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT3549" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.vupen.com/english/advisories/2009/0513" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/0743" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/1297" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48902" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16419" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6662" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://isc.sans.org/diary.html?storyid=5929" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/34226" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/34293" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/35074" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1021751" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3549" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.vupen.com/english/advisories/2009/0513" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/0743" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/1297" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48902" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16419" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6662" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
var-201011-0237
Vulnerability from variot
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Executed any code or denial of service (DoS) There are vulnerabilities that cause a condition. This vulnerability is CVE-2010-3640 , CVE-2010-3641 , CVE-2010-3642 , CVE-2010-3643 , CVE-2010-3645 , CVE-2010-3646 , CVE-2010-3647 , CVE-2010-3648 , CVE-2010-3649 , CVE-2010-3650 and CVE-2010-3652 This is a different vulnerability.Arbitrary code execution or denial of service by an attacker (DoS) May be in a state. Adobe Flash Player is prone to a remote memory corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest stable version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
[ 1 ] APSB10-06 http://www.adobe.com/support/security/bulletins/apsb10-06.html [ 2 ] APSB10-14 http://www.adobe.com/support/security/bulletins/apsb10-14.html [ 3 ] APSB10-16 http://www.adobe.com/support/security/bulletins/apsb10-16.html [ 4 ] APSB10-22 http://www.adobe.com/support/security/bulletins/apsb10-22.html [ 5 ] APSB10-26 http://www.adobe.com/support/security/bulletins/apsb10-26.html [ 6 ] CVE-2008-4546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546 [ 7 ] CVE-2009-3793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793 [ 8 ] CVE-2010-0186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186 [ 9 ] CVE-2010-0187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187 [ 10 ] CVE-2010-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209 [ 11 ] CVE-2010-1297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297 [ 12 ] CVE-2010-2160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160 [ 13 ] CVE-2010-2161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161 [ 14 ] CVE-2010-2162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162 [ 15 ] CVE-2010-2163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163 [ 16 ] CVE-2010-2164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164 [ 17 ] CVE-2010-2165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165 [ 18 ] CVE-2010-2166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166 [ 19 ] CVE-2010-2167 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167 [ 20 ] CVE-2010-2169 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169 [ 21 ] CVE-2010-2170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170 [ 22 ] CVE-2010-2171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171 [ 23 ] CVE-2010-2172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172 [ 24 ] CVE-2010-2173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173 [ 25 ] CVE-2010-2174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174 [ 26 ] CVE-2010-2175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175 [ 27 ] CVE-2010-2176 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176 [ 28 ] CVE-2010-2177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177 [ 29 ] CVE-2010-2178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178 [ 30 ] CVE-2010-2179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179 [ 31 ] CVE-2010-2180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180 [ 32 ] CVE-2010-2181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181 [ 33 ] CVE-2010-2182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182 [ 34 ] CVE-2010-2183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183 [ 35 ] CVE-2010-2184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184 [ 36 ] CVE-2010-2185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185 [ 37 ] CVE-2010-2186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186 [ 38 ] CVE-2010-2187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187 [ 39 ] CVE-2010-2188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188 [ 40 ] CVE-2010-2189 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189 [ 41 ] CVE-2010-2213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213 [ 42 ] CVE-2010-2214 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214 [ 43 ] CVE-2010-2215 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215 [ 44 ] CVE-2010-2216 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216 [ 45 ] CVE-2010-2884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884 [ 46 ] CVE-2010-3636 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636 [ 47 ] CVE-2010-3639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639 [ 48 ] CVE-2010-3640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640 [ 49 ] CVE-2010-3641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641 [ 50 ] CVE-2010-3642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642 [ 51 ] CVE-2010-3643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643 [ 52 ] CVE-2010-3644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644 [ 53 ] CVE-2010-3645 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645 [ 54 ] CVE-2010-3646 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646 [ 55 ] CVE-2010-3647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647 [ 56 ] CVE-2010-3648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648 [ 57 ] CVE-2010-3649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649 [ 58 ] CVE-2010-3650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650 [ 59 ] CVE-2010-3652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652 [ 60 ] CVE-2010-3654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654 [ 61 ] CVE-2010-3976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information: SA38547 SA40026 SA40907 SA41434 SA41917
SOLUTION: Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta: http://secunia.com/products/corporate/vim/
TITLE: Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID: SA41917
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE: 2010-10-29
DISCUSS ADVISORY: http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been discovered in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a fully patched Windows XP Professional SP3. Other versions may also be affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION: Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day.
ORIGINAL ADVISORY: Adobe APSA10-05: http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour: http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
For more information: SA41917
SOLUTION: Updated packages are available via Red Hat Network
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201011-0237", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "10.0" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "flash player", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "air", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "2.0.4" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs3 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs4 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.95.1 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "3" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.8.z extras" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.92.8" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.52.14.1" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.52.15" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.0.45.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "air", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "2.5.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2.12610" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.4" }, { "model": "solaris express", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.01" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.1" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9130" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9120" }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.0" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" } ], "sources": [ { "db": "BID", "id": "44680" }, { "db": "JVNDB", "id": "JVNDB-2010-002328" }, { "db": "CNNVD", "id": "CNNVD-201011-082" }, { "db": "NVD", "id": "CVE-2010-3644" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.289.0", "versionStartIncluding": "9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.1.102.64", "versionStartIncluding": "10.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:sun:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.1.95.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3644" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Will Dormman of CERT", "sources": [ { "db": "BID", "id": "44680" }, { "db": "CNNVD", "id": "CNNVD-201011-082" } ], "trust": 0.9 }, "cve": "CVE-2010-3644", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2010-3644", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-46249", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2010-3644", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201011-082", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-46249", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-46249" }, { "db": "JVNDB", "id": "JVNDB-2010-002328" }, { "db": "CNNVD", "id": "CNNVD-201011-082" }, { "db": "NVD", "id": "CVE-2010-3644" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Executed any code or denial of service (DoS) There are vulnerabilities that cause a condition. This vulnerability is CVE-2010-3640 , CVE-2010-3641 , CVE-2010-3642 , CVE-2010-3643 , CVE-2010-3645 , CVE-2010-3646 , CVE-2010-3647 , CVE-2010-3648 , CVE-2010-3649 , CVE-2010-3650 and CVE-2010-3652 This is a different vulnerability.Arbitrary code execution or denial of service by an attacker (DoS) May be in a state. Adobe Flash Player is prone to a remote memory corruption vulnerability. \nAn attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. \nNOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. For\nfurther information please consult the CVE entries and the Adobe\nSecurity Bulletins referenced below. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest stable\nversion:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=www-plugins/adobe-flash-10.1.102.64\"\n\nReferences\n==========\n\n [ 1 ] APSB10-06\n http://www.adobe.com/support/security/bulletins/apsb10-06.html\n [ 2 ] APSB10-14\n http://www.adobe.com/support/security/bulletins/apsb10-14.html\n [ 3 ] APSB10-16\n http://www.adobe.com/support/security/bulletins/apsb10-16.html\n [ 4 ] APSB10-22\n http://www.adobe.com/support/security/bulletins/apsb10-22.html\n [ 5 ] APSB10-26\n http://www.adobe.com/support/security/bulletins/apsb10-26.html\n [ 6 ] CVE-2008-4546\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546\n [ 7 ] CVE-2009-3793\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793\n [ 8 ] CVE-2010-0186\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186\n [ 9 ] CVE-2010-0187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187\n [ 10 ] CVE-2010-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209\n [ 11 ] CVE-2010-1297\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297\n [ 12 ] CVE-2010-2160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160\n [ 13 ] CVE-2010-2161\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161\n [ 14 ] CVE-2010-2162\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162\n [ 15 ] CVE-2010-2163\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163\n [ 16 ] CVE-2010-2164\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164\n [ 17 ] CVE-2010-2165\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165\n [ 18 ] CVE-2010-2166\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166\n [ 19 ] CVE-2010-2167\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167\n [ 20 ] CVE-2010-2169\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169\n [ 21 ] CVE-2010-2170\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170\n [ 22 ] CVE-2010-2171\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171\n [ 23 ] CVE-2010-2172\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172\n [ 24 ] CVE-2010-2173\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173\n [ 25 ] CVE-2010-2174\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174\n [ 26 ] CVE-2010-2175\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175\n [ 27 ] CVE-2010-2176\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176\n [ 28 ] CVE-2010-2177\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177\n [ 29 ] CVE-2010-2178\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178\n [ 30 ] CVE-2010-2179\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179\n [ 31 ] CVE-2010-2180\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180\n [ 32 ] CVE-2010-2181\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181\n [ 33 ] CVE-2010-2182\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182\n [ 34 ] CVE-2010-2183\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183\n [ 35 ] CVE-2010-2184\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184\n [ 36 ] CVE-2010-2185\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185\n [ 37 ] CVE-2010-2186\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186\n [ 38 ] CVE-2010-2187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187\n [ 39 ] CVE-2010-2188\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188\n [ 40 ] CVE-2010-2189\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189\n [ 41 ] CVE-2010-2213\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213\n [ 42 ] CVE-2010-2214\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214\n [ 43 ] CVE-2010-2215\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215\n [ 44 ] CVE-2010-2216\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216\n [ 45 ] CVE-2010-2884\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884\n [ 46 ] CVE-2010-3636\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636\n [ 47 ] CVE-2010-3639\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639\n [ 48 ] CVE-2010-3640\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640\n [ 49 ] CVE-2010-3641\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641\n [ 50 ] CVE-2010-3642\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642\n [ 51 ] CVE-2010-3643\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643\n [ 52 ] CVE-2010-3644\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644\n [ 53 ] CVE-2010-3645\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645\n [ 54 ] CVE-2010-3646\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646\n [ 55 ] CVE-2010-3647\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647\n [ 56 ] CVE-2010-3648\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648\n [ 57 ] CVE-2010-3649\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649\n [ 58 ] CVE-2010-3650\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650\n [ 59 ] CVE-2010-3652\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652\n [ 60 ] CVE-2010-3654\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654\n [ 61 ] CVE-2010-3976\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201101-09.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n\n. \n\nFor more information:\nSA38547\nSA40026\nSA40907\nSA41434\nSA41917\n\nSOLUTION:\nUpdate to version \"www-plugins/adobe-flash-10.1.102.64\" or later. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. \n\nJoin the beta: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Flash Player Unspecified Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA41917\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/41917/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nRELEASE DATE:\n2010-10-29\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/41917/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/41917/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in Adobe Flash Player, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is confirmed in version 10.1.85.3 running on a\nfully patched Windows XP Professional SP3. Other versions may also be\naffected. \n\nNOTE: The vulnerability is currently being actively exploited. \n\nSOLUTION:\nAdobe plans to release a fixed version on November 9, 2010. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported as a 0-day. \n\nORIGINAL ADVISORY:\nAdobe APSA10-05:\nhttp://www.adobe.com/support/security/advisories/apsa10-05.html\n\nMila Parkour:\nhttp://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This fixes multiple\nvulnerabilities, which can be exploited by malicious people to\ndisclose sensitive information, bypass certain security restrictions,\nor compromise a user\u0027s system. \n\nFor more information:\nSA41917\n\nSOLUTION:\nUpdated packages are available via Red Hat Network", "sources": [ { "db": "NVD", "id": "CVE-2010-3644" }, { "db": "JVNDB", "id": "JVNDB-2010-002328" }, { "db": "BID", "id": "44680" }, { "db": "VULHUB", "id": "VHN-46249" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-3644", "trust": 2.9 }, { "db": "BID", "id": "44680", "trust": 2.8 }, { "db": "VUPEN", "id": "ADV-2010-2903", "trust": 2.5 }, { "db": "SECUNIA", "id": "42926", "trust": 1.8 }, { "db": "SECUNIA", "id": "42183", "trust": 1.8 }, { "db": "SECUNIA", "id": "43026", "trust": 1.8 }, { "db": "VUPEN", "id": "ADV-2011-0173", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-2918", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-2906", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2011-0192", "trust": 1.7 }, { "db": "SECUNIA", "id": "41917", "trust": 0.9 }, { "db": "JVNDB", "id": "JVNDB-2010-002328", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201011-082", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-46249", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97654", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97735", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97788", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95253", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95657", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-46249" }, { "db": "BID", "id": "44680" }, { "db": "JVNDB", "id": "JVNDB-2010-002328" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-082" }, { "db": "NVD", "id": "CVE-2010-3644" } ] }, "id": "VAR-201011-0237", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-46249" } ], "trust": 0.01 }, "last_update_date": "2024-05-18T22:26:52.587000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB10-26", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "title": "cpsid_87813", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/878/cpsid_87813.html" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435?viewlocale=ja_jp" }, { "title": "RHSA-2010:0829", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0829.html" }, { "title": "RHSA-2010:0834", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0834.html" }, { "title": "RHSA-2010:0867", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0867.html" }, { "title": "multiple_vulnerabilities_in_adobe_flash1", "trust": 0.8, "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" }, { "title": "flash-player-10.1.10 2.64-0.1.1.i586", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35063" }, { "title": "MacOSXUpdCombo10.6.5", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35062" }, { "title": "install_flash_player_10.1.102.64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35061" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002328" }, { "db": "CNNVD", "id": "CNNVD-201011-082" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3644" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://www.securityfocus.com/bid/44680" }, { "trust": 2.5, "url": "http://www.vupen.com/english/advisories/2010/2903" }, { "trust": 2.1, "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" }, { "trust": 2.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html" }, { "trust": 1.7, "url": "http://support.apple.com/kb/ht4435" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11660" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16220" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0829.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0834.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0867.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42183" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42926" }, { "trust": 1.7, "url": "http://secunia.com/advisories/43026" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/2906" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/2918" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2011/0173" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2011/0192" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3644" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20101105-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2010/at100029.txt" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu331391" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3644" }, { "trust": 0.8, "url": "http://secunia.com/advisories/41917" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.4, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.4, "url": "http://secunia.com/products/corporate/vim/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.4, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.4, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.3, "url": "http://www.adobe.com/products/flash/" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=130331642631603\u0026amp;w=2" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42926/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42926" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42926/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3639" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2181" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2161" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2174" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2215" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2171" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2162" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2181" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4546" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4546" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2180" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2171" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2180" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2164" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2179" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2169" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3648" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2164" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2173" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3654" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3793" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2177" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3645" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2179" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2165" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2172" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3976" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2216" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-16.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3647" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2173" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-06.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2172" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3793" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2160" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2213" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2184" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2167" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3646" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2169" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2175" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2214" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2178" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2165" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2188" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2189" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3643" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2161" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3636" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3641" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2174" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3650" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2183" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2178" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2170" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2177" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3652" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2162" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3640" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2170" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-22.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2175" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3649" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2167" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2884" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3642" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/advisories/43026/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43026/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43026" }, { "trust": 0.1, "url": "http://www.gentoo.org/security/en/glsa/glsa-201101-09.xml" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa10-05.html" }, { "trust": 0.1, "url": "http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42183" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42183/#comments" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2010-0829.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42183/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-46249" }, { "db": "BID", "id": "44680" }, { "db": "JVNDB", "id": "JVNDB-2010-002328" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-082" }, { "db": "NVD", "id": "CVE-2010-3644" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-46249" }, { "db": "BID", "id": "44680" }, { "db": "JVNDB", "id": "JVNDB-2010-002328" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-082" }, { "db": "NVD", "id": "CVE-2010-3644" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-11-07T00:00:00", "db": "VULHUB", "id": "VHN-46249" }, { "date": "2010-11-04T00:00:00", "db": "BID", "id": "44680" }, { "date": "2010-11-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002328" }, { "date": "2011-01-19T04:51:35", "db": "PACKETSTORM", "id": "97654" }, { "date": "2011-01-21T21:15:05", "db": "PACKETSTORM", "id": "97735" }, { "date": "2011-01-24T07:05:29", "db": "PACKETSTORM", "id": "97788" }, { "date": "2010-10-29T05:44:30", "db": "PACKETSTORM", "id": "95253" }, { "date": "2010-11-09T02:06:41", "db": "PACKETSTORM", "id": "95657" }, { "date": "2010-11-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-082" }, { "date": "2010-11-07T22:00:02.223000", "db": "NVD", "id": "CVE-2010-3644" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-46249" }, { "date": "2015-03-19T09:21:00", "db": "BID", "id": "44680" }, { "date": "2011-02-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002328" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-082" }, { "date": "2024-05-17T17:11:20.827000", "db": "NVD", "id": "CVE-2010-3644" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "97735" }, { "db": "CNNVD", "id": "CNNVD-201011-082" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player Vulnerabilities in arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002328" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201011-082" } ], "trust": 0.6 } }
var-201011-0234
Vulnerability from variot
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions. NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest stable version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
[ 1 ] APSB10-06 http://www.adobe.com/support/security/bulletins/apsb10-06.html [ 2 ] APSB10-14 http://www.adobe.com/support/security/bulletins/apsb10-14.html [ 3 ] APSB10-16 http://www.adobe.com/support/security/bulletins/apsb10-16.html [ 4 ] APSB10-22 http://www.adobe.com/support/security/bulletins/apsb10-22.html [ 5 ] APSB10-26 http://www.adobe.com/support/security/bulletins/apsb10-26.html [ 6 ] CVE-2008-4546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546 [ 7 ] CVE-2009-3793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793 [ 8 ] CVE-2010-0186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186 [ 9 ] CVE-2010-0187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187 [ 10 ] CVE-2010-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209 [ 11 ] CVE-2010-1297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297 [ 12 ] CVE-2010-2160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160 [ 13 ] CVE-2010-2161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161 [ 14 ] CVE-2010-2162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162 [ 15 ] CVE-2010-2163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163 [ 16 ] CVE-2010-2164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164 [ 17 ] CVE-2010-2165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165 [ 18 ] CVE-2010-2166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166 [ 19 ] CVE-2010-2167 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167 [ 20 ] CVE-2010-2169 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169 [ 21 ] CVE-2010-2170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170 [ 22 ] CVE-2010-2171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171 [ 23 ] CVE-2010-2172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172 [ 24 ] CVE-2010-2173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173 [ 25 ] CVE-2010-2174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174 [ 26 ] CVE-2010-2175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175 [ 27 ] CVE-2010-2176 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176 [ 28 ] CVE-2010-2177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177 [ 29 ] CVE-2010-2178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178 [ 30 ] CVE-2010-2179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179 [ 31 ] CVE-2010-2180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180 [ 32 ] CVE-2010-2181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181 [ 33 ] CVE-2010-2182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182 [ 34 ] CVE-2010-2183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183 [ 35 ] CVE-2010-2184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184 [ 36 ] CVE-2010-2185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185 [ 37 ] CVE-2010-2186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186 [ 38 ] CVE-2010-2187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187 [ 39 ] CVE-2010-2188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188 [ 40 ] CVE-2010-2189 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189 [ 41 ] CVE-2010-2213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213 [ 42 ] CVE-2010-2214 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214 [ 43 ] CVE-2010-2215 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215 [ 44 ] CVE-2010-2216 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216 [ 45 ] CVE-2010-2884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884 [ 46 ] CVE-2010-3636 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636 [ 47 ] CVE-2010-3639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639 [ 48 ] CVE-2010-3640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640 [ 49 ] CVE-2010-3641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641 [ 50 ] CVE-2010-3642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642 [ 51 ] CVE-2010-3643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643 [ 52 ] CVE-2010-3644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644 [ 53 ] CVE-2010-3645 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645 [ 54 ] CVE-2010-3646 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646 [ 55 ] CVE-2010-3647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647 [ 56 ] CVE-2010-3648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648 [ 57 ] CVE-2010-3649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649 [ 58 ] CVE-2010-3650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650 [ 59 ] CVE-2010-3652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652 [ 60 ] CVE-2010-3654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654 [ 61 ] CVE-2010-3976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information: SA38547 SA40026 SA40907 SA41434 SA41917
SOLUTION: Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta: http://secunia.com/products/corporate/vim/
TITLE: Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID: SA41917
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE: 2010-10-29
DISCUSS ADVISORY: http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been discovered in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a fully patched Windows XP Professional SP3. Other versions may also be affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION: Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day.
ORIGINAL ADVISORY: Adobe APSA10-05: http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour: http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
For more information: SA41917
SOLUTION: Updated packages are available via Red Hat Network
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201011-0234", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "10.0" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "flash player", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "air", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "2.0.4" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs3 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs4 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.95.1 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "3" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.8.z extras" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.92.8" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.52.14.1" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.52.15" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.0.45.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "air", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "2.5.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2.12610" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.4" }, { "model": "solaris express", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.01" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.1" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9130" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9120" }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.0" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" } ], "sources": [ { "db": "BID", "id": "44677" }, { "db": "JVNDB", "id": "JVNDB-2010-002325" }, { "db": "CNNVD", "id": "CNNVD-201011-085" }, { "db": "NVD", "id": "CVE-2010-3641" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.289.0", "versionStartIncluding": "9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.1.102.64", "versionStartIncluding": "10.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:sun:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.1.95.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3641" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Will Dormman of CERT", "sources": [ { "db": "BID", "id": "44677" }, { "db": "CNNVD", "id": "CNNVD-201011-085" } ], "trust": 0.9 }, "cve": "CVE-2010-3641", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2010-3641", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-46246", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2010-3641", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201011-085", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-46246", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-46246" }, { "db": "JVNDB", "id": "JVNDB-2010-002325" }, { "db": "CNNVD", "id": "CNNVD-201011-085" }, { "db": "NVD", "id": "CVE-2010-3641" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions. \nNOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. For\nfurther information please consult the CVE entries and the Adobe\nSecurity Bulletins referenced below. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest stable\nversion:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=www-plugins/adobe-flash-10.1.102.64\"\n\nReferences\n==========\n\n [ 1 ] APSB10-06\n http://www.adobe.com/support/security/bulletins/apsb10-06.html\n [ 2 ] APSB10-14\n http://www.adobe.com/support/security/bulletins/apsb10-14.html\n [ 3 ] APSB10-16\n http://www.adobe.com/support/security/bulletins/apsb10-16.html\n [ 4 ] APSB10-22\n http://www.adobe.com/support/security/bulletins/apsb10-22.html\n [ 5 ] APSB10-26\n http://www.adobe.com/support/security/bulletins/apsb10-26.html\n [ 6 ] CVE-2008-4546\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546\n [ 7 ] CVE-2009-3793\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793\n [ 8 ] CVE-2010-0186\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186\n [ 9 ] CVE-2010-0187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187\n [ 10 ] CVE-2010-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209\n [ 11 ] CVE-2010-1297\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297\n [ 12 ] CVE-2010-2160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160\n [ 13 ] CVE-2010-2161\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161\n [ 14 ] CVE-2010-2162\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162\n [ 15 ] CVE-2010-2163\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163\n [ 16 ] CVE-2010-2164\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164\n [ 17 ] CVE-2010-2165\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165\n [ 18 ] CVE-2010-2166\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166\n [ 19 ] CVE-2010-2167\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167\n [ 20 ] CVE-2010-2169\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169\n [ 21 ] CVE-2010-2170\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170\n [ 22 ] CVE-2010-2171\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171\n [ 23 ] CVE-2010-2172\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172\n [ 24 ] CVE-2010-2173\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173\n [ 25 ] CVE-2010-2174\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174\n [ 26 ] CVE-2010-2175\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175\n [ 27 ] CVE-2010-2176\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176\n [ 28 ] CVE-2010-2177\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177\n [ 29 ] CVE-2010-2178\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178\n [ 30 ] CVE-2010-2179\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179\n [ 31 ] CVE-2010-2180\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180\n [ 32 ] CVE-2010-2181\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181\n [ 33 ] CVE-2010-2182\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182\n [ 34 ] CVE-2010-2183\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183\n [ 35 ] CVE-2010-2184\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184\n [ 36 ] CVE-2010-2185\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185\n [ 37 ] CVE-2010-2186\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186\n [ 38 ] CVE-2010-2187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187\n [ 39 ] CVE-2010-2188\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188\n [ 40 ] CVE-2010-2189\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189\n [ 41 ] CVE-2010-2213\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213\n [ 42 ] CVE-2010-2214\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214\n [ 43 ] CVE-2010-2215\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215\n [ 44 ] CVE-2010-2216\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216\n [ 45 ] CVE-2010-2884\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884\n [ 46 ] CVE-2010-3636\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636\n [ 47 ] CVE-2010-3639\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639\n [ 48 ] CVE-2010-3640\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640\n [ 49 ] CVE-2010-3641\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641\n [ 50 ] CVE-2010-3642\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642\n [ 51 ] CVE-2010-3643\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643\n [ 52 ] CVE-2010-3644\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644\n [ 53 ] CVE-2010-3645\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645\n [ 54 ] CVE-2010-3646\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646\n [ 55 ] CVE-2010-3647\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647\n [ 56 ] CVE-2010-3648\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648\n [ 57 ] CVE-2010-3649\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649\n [ 58 ] CVE-2010-3650\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650\n [ 59 ] CVE-2010-3652\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652\n [ 60 ] CVE-2010-3654\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654\n [ 61 ] CVE-2010-3976\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201101-09.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n\n. \n\nFor more information:\nSA38547\nSA40026\nSA40907\nSA41434\nSA41917\n\nSOLUTION:\nUpdate to version \"www-plugins/adobe-flash-10.1.102.64\" or later. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. \n\nJoin the beta: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Flash Player Unspecified Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA41917\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/41917/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nRELEASE DATE:\n2010-10-29\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/41917/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/41917/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in Adobe Flash Player, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is confirmed in version 10.1.85.3 running on a\nfully patched Windows XP Professional SP3. Other versions may also be\naffected. \n\nNOTE: The vulnerability is currently being actively exploited. \n\nSOLUTION:\nAdobe plans to release a fixed version on November 9, 2010. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported as a 0-day. \n\nORIGINAL ADVISORY:\nAdobe APSA10-05:\nhttp://www.adobe.com/support/security/advisories/apsa10-05.html\n\nMila Parkour:\nhttp://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This fixes multiple\nvulnerabilities, which can be exploited by malicious people to\ndisclose sensitive information, bypass certain security restrictions,\nor compromise a user\u0027s system. \n\nFor more information:\nSA41917\n\nSOLUTION:\nUpdated packages are available via Red Hat Network", "sources": [ { "db": "NVD", "id": "CVE-2010-3641" }, { "db": "JVNDB", "id": "JVNDB-2010-002325" }, { "db": "BID", "id": "44677" }, { "db": "VULHUB", "id": "VHN-46246" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-3641", "trust": 2.9 }, { "db": "BID", "id": "44677", "trust": 2.8 }, { "db": "VUPEN", "id": "ADV-2010-2903", "trust": 2.5 }, { "db": "SECUNIA", "id": "42183", "trust": 1.8 }, { "db": "SECUNIA", "id": "42926", "trust": 1.8 }, { "db": "SECUNIA", "id": "43026", "trust": 1.8 }, { "db": "VUPEN", "id": "ADV-2011-0173", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-2906", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-2918", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2011-0192", "trust": 1.7 }, { "db": "SECUNIA", "id": "41917", "trust": 0.9 }, { "db": "JVNDB", "id": "JVNDB-2010-002325", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201011-085", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-46246", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97654", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97735", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97788", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95253", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95657", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-46246" }, { "db": "BID", "id": "44677" }, { "db": "JVNDB", "id": "JVNDB-2010-002325" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-085" }, { "db": "NVD", "id": "CVE-2010-3641" } ] }, "id": "VAR-201011-0234", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-46246" } ], "trust": 0.01 }, "last_update_date": "2024-05-18T21:32:28.763000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB10-26", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "title": "cpsid_87813", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/878/cpsid_87813.html" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435?viewlocale=ja_jp" }, { "title": "RHSA-2010:0829", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0829.html" }, { "title": "RHSA-2010:0834", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0834.html" }, { "title": "RHSA-2010:0867", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0867.html" }, { "title": "multiple_vulnerabilities_in_adobe_flash1", "trust": 0.8, "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002325" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3641" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://www.securityfocus.com/bid/44677" }, { "trust": 2.5, "url": "http://www.vupen.com/english/advisories/2010/2903" }, { "trust": 2.1, "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" }, { "trust": 2.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html" }, { "trust": 1.7, "url": "http://support.apple.com/kb/ht4435" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12154" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16161" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0829.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0834.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0867.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42183" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42926" }, { "trust": 1.7, "url": "http://secunia.com/advisories/43026" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/2906" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/2918" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2011/0173" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2011/0192" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3641" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20101105-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2010/at100029.txt" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu331391" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3641" }, { "trust": 0.8, "url": "http://secunia.com/advisories/41917" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.4, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.4, "url": "http://secunia.com/products/corporate/vim/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.4, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.4, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.3, "url": "http://www.adobe.com/products/flash/" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=130331642631603\u0026amp;w=2" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42926/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42926" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42926/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3639" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2181" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2161" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2174" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3644" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2215" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2171" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2162" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2181" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4546" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4546" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2180" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2171" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2180" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2164" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2179" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2169" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3648" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2164" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2173" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3654" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3793" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2177" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3645" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2179" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2165" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2172" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3976" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2216" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-16.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3647" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2173" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-06.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2172" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3793" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2160" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2213" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2184" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2167" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3646" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2169" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2175" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2214" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2178" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2165" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2188" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2189" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3643" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2161" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3636" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2174" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3650" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2183" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2178" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2170" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2177" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3652" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2162" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3640" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2170" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-22.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2175" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3649" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2167" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2884" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3642" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/advisories/43026/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43026/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43026" }, { "trust": 0.1, "url": "http://www.gentoo.org/security/en/glsa/glsa-201101-09.xml" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa10-05.html" }, { "trust": 0.1, "url": "http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42183" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42183/#comments" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2010-0829.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42183/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-46246" }, { "db": "BID", "id": "44677" }, { "db": "JVNDB", "id": "JVNDB-2010-002325" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-085" }, { "db": "NVD", "id": "CVE-2010-3641" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-46246" }, { "db": "BID", "id": "44677" }, { "db": "JVNDB", "id": "JVNDB-2010-002325" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-085" }, { "db": "NVD", "id": "CVE-2010-3641" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-11-07T00:00:00", "db": "VULHUB", "id": "VHN-46246" }, { "date": "2010-11-04T00:00:00", "db": "BID", "id": "44677" }, { "date": "2010-11-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002325" }, { "date": "2011-01-19T04:51:35", "db": "PACKETSTORM", "id": "97654" }, { "date": "2011-01-21T21:15:05", "db": "PACKETSTORM", "id": "97735" }, { "date": "2011-01-24T07:05:29", "db": "PACKETSTORM", "id": "97788" }, { "date": "2010-10-29T05:44:30", "db": "PACKETSTORM", "id": "95253" }, { "date": "2010-11-09T02:06:41", "db": "PACKETSTORM", "id": "95657" }, { "date": "2010-11-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-085" }, { "date": "2010-11-07T22:00:02.080000", "db": "NVD", "id": "CVE-2010-3641" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-46246" }, { "date": "2015-03-19T08:13:00", "db": "BID", "id": "44677" }, { "date": "2011-02-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002325" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-085" }, { "date": "2024-05-17T17:08:16.633000", "db": "NVD", "id": "CVE-2010-3641" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "97735" }, { "db": "CNNVD", "id": "CNNVD-201011-085" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002325" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201011-085" } ], "trust": 0.6 } }
var-201105-0007
Vulnerability from variot
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors. Adobe Flash Player Contains a vulnerability in which important information is obtained.An attacker could obtain important information. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. The product enables viewing of applications, content and video across screens and browsers.
For more information: SA44590
SOLUTION: Updated packages are available via Red Hat Network.
For more information: SA44590
2) An error within WebKit glue may result in an incorrect type cast.
3) Multiple integer overflow errors exist within the handling of SVG filters. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-11
http://security.gentoo.org/
Severity: Normal Title: Adobe Flash Player: Multiple vulnerabilities Date: October 13, 2011 Bugs: #354207, #359019, #363179, #367031, #370215, #372899, #378637, #384017 ID: 201110-11
Synopsis
Multiple vulnerabilities in Adobe Flash Player might allow remote attackers to execute arbitrary code or cause a Denial of Service.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers and Adobe Security Advisories and Bulletins referenced below for details.
Impact
By enticing a user to open a specially crafted SWF file a remote attacker could cause a Denial of Service or the execution of arbitrary code with the privileges of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10"
References
[ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201110-11.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/
TITLE: Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA43269
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43269/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43269
RELEASE DATE: 2011-06-16
DISCUSS ADVISORY: http://secunia.com/advisories/43269/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43269/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43269
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Reader / Acrobat, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
1) An error in 3difr.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
2) An error in tesselate.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
3) An unspecified error can be exploited to cause a heap-based buffer overflow.
4) An integer overflow error in ACE.dll when parsing the "desc" ICC chunk can be exploited to corrupt memory via a specially crafted PDF file.
5) An unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to corrupt memory.
7) An error due to the application loading certain unspecified libraries in an insecure manner can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share.
8) Certain unspecified input is not properly sanitised and can be exploited to execute arbitrary script code.
9) An unspecified error can be exploited to bypass certain security restrictions.
This vulnerability affects Adobe Reader and Acrobat X 10.x only.
10) An unspecified error can be exploited to corrupt memory.
This vulnerability affects 8.x versions only.
11) An unspecified error can be exploited to corrupt memory.
12) An unspecified error can be exploited to corrupt memory.
13) An unspecified error can be exploited to corrupt memory.
For more information: SA44590 SA44846
The vulnerabilities are reported in the following products: * Adobe Reader X (10.0.1) and earlier for Windows. * Adobe Reader X (10.0.3) and earlier for Macintosh. * Adobe Reader 9.4.4 and earlier for Windows and Macintosh. * Adobe Reader 8.2.6 and earlier for Windows and Macintosh. * Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. * Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. * Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh.
SOLUTION: Apply updates (please see the vendor's advisory for details).
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: 1, 2) An anonymous person via ZDI. 4) Secunia Research.
The vendor also credits: 3, 6) Tarjei Mandt, Norman. 5) Rodrigo Rubira Branco. 7) Mila Parkour. 8) Billy Rios, Google Security Team. 9) Christian Navarrete, CubilFelino Security Research Lab. 10) Tavis Ormandy, Google Security Team. 11) Brett Gervasoni, Sense of Security. 12) Will Dormann, CERT/CC. 13) James Quirk, Los Alamos, New Mexico.
ORIGINAL ADVISORY: Adobe (APSB11-16): http://www.adobe.com/support/security/bulletins/apsb11-16.html
Secunia Research: http://secunia.com/secunia_research/2011-41/
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-218/ http://www.zerodayinitiative.com/advisories/ZDI-11-219/
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201105-0007", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.154.25" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.156.12" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.154.13" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.106.16" }, { "model": "flash player", "scope": "lte", "trust": 1.8, "vendor": "adobe", "version": "10.2.159.1" }, { "model": "flash player", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "10.1.92.8" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.2.152.33" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.24.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.63" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.35.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.14.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.28" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.1.52.14.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.67.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.33.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.0.584" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.1.52.15" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.2" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.262.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.112.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.2.152" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.69.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.68.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.25" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.21.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.22.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.16" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.61.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.12.10" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.53.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.18d60" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.66.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.155.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.34.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.45.2" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.283.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.24.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.79" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.42.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.39.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.19.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.31" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.73.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.2.152.32" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.70.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.114.0" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.2.157.51" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.60.0" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.2.157.51" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.2.159.1" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs4 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.2.154.28 for chrome users" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.2.157.51 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary eus", "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "rhel supplementary eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6.z (server)" }, { "model": "rhel supplementary long life", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6 (server)" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "freeflow print server 73.b0.73", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.152.21" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.3.185.21" }, { "model": "hat enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "in motion blackberry playbook tablet software", "scope": "ne", "trust": 0.3, "vendor": "research", "version": "1.0.6" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "freeflow print server 73.a3.31", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "in motion blackberry playbook tablet software", "scope": "eq", "trust": 0.3, "vendor": "research", "version": "1.0.5.2342" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "flash cs4 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.3.181.14" }, { "model": "flash cs5 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" }, { "model": "solaris express", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.24" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.4" }, { "model": "hat enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.27" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.18" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.28" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.153.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "hat enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.65" } ], "sources": [ { "db": "BID", "id": "47847" }, { "db": "JVNDB", "id": "JVNDB-2011-001643" }, { "db": "NVD", "id": "CVE-2011-0579" }, { "db": "CNNVD", "id": "CNNVD-201105-170" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.277.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.102.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.283.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.154.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.154.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2.159.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.156.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2.157.51", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.105.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.106.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2011-0579" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Secunia", "sources": [ { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" } ], "trust": 0.4 }, "cve": "CVE-2011-0579", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2011-0579", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-48524", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2011-0579", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201105-170", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-48524", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-48524" }, { "db": "JVNDB", "id": "JVNDB-2011-001643" }, { "db": "NVD", "id": "CVE-2011-0579" }, { "db": "CNNVD", "id": "CNNVD-201105-170" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors. Adobe Flash Player Contains a vulnerability in which important information is obtained.An attacker could obtain important information. \nAn attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. The product enables viewing of applications, content and video across screens and browsers. \n\nFor more information:\nSA44590\n\nSOLUTION:\nUpdated packages are available via Red Hat Network. \n\nFor more information:\nSA44590\n\n2) An error within WebKit glue may result in an incorrect type cast. \n\n3) Multiple integer overflow errors exist within the handling of SVG\nfilters. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201110-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Adobe Flash Player: Multiple vulnerabilities\n Date: October 13, 2011\n Bugs: #354207, #359019, #363179, #367031, #370215, #372899,\n #378637, #384017\n ID: 201110-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in Adobe Flash Player might allow remote\nattackers to execute arbitrary code or cause a Denial of Service. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers and Adobe Security Advisories and\nBulletins referenced below for details. \n\nImpact\n======\n\nBy enticing a user to open a specially crafted SWF file a remote\nattacker could cause a Denial of Service or the execution of arbitrary\ncode with the privileges of the user running the application. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=www-plugins/adobe-flash-10.3.183.10\"\n\nReferences\n==========\n\n[ 1 ] APSA11-01\n http://www.adobe.com/support/security/advisories/apsa11-01.html\n[ 2 ] APSA11-02\n http://www.adobe.com/support/security/advisories/apsa11-02.html\n[ 3 ] APSB11-02\n http://www.adobe.com/support/security/bulletins/apsb11-02.html\n[ 4 ] APSB11-12\n http://www.adobe.com/support/security/bulletins/apsb11-12.html\n[ 5 ] APSB11-13\n http://www.adobe.com/support/security/bulletins/apsb11-13.html\n[ 6 ] APSB11-21\n https://www.adobe.com/support/security/bulletins/apsb11-21.html\n[ 7 ] APSB11-26\n https://www.adobe.com/support/security/bulletins/apsb11-26.html\n[ 8 ] CVE-2011-0558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558\n[ 9 ] CVE-2011-0559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559\n[ 10 ] CVE-2011-0560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560\n[ 11 ] CVE-2011-0561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561\n[ 12 ] CVE-2011-0571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571\n[ 13 ] CVE-2011-0572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572\n[ 14 ] CVE-2011-0573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573\n[ 15 ] CVE-2011-0574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574\n[ 16 ] CVE-2011-0575\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575\n[ 17 ] CVE-2011-0577\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577\n[ 18 ] CVE-2011-0578\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578\n[ 19 ] CVE-2011-0579\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579\n[ 20 ] CVE-2011-0589\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589\n[ 21 ] CVE-2011-0607\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607\n[ 22 ] CVE-2011-0608\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608\n[ 23 ] CVE-2011-0609\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609\n[ 24 ] CVE-2011-0611\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611\n[ 25 ] CVE-2011-0618\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618\n[ 26 ] CVE-2011-0619\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619\n[ 27 ] CVE-2011-0620\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620\n[ 28 ] CVE-2011-0621\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621\n[ 29 ] CVE-2011-0622\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622\n[ 30 ] CVE-2011-0623\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623\n[ 31 ] CVE-2011-0624\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624\n[ 32 ] CVE-2011-0625\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625\n[ 33 ] CVE-2011-0626\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626\n[ 34 ] CVE-2011-0627\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627\n[ 35 ] CVE-2011-0628\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628\n[ 36 ] CVE-2011-2107\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107\n[ 37 ] CVE-2011-2110\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110\n[ 38 ] CVE-2011-2125\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135\n[ 39 ] CVE-2011-2130\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130\n[ 40 ] CVE-2011-2134\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134\n[ 41 ] CVE-2011-2136\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136\n[ 42 ] CVE-2011-2137\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137\n[ 43 ] CVE-2011-2138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138\n[ 44 ] CVE-2011-2139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139\n[ 45 ] CVE-2011-2140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140\n[ 46 ] CVE-2011-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414\n[ 47 ] CVE-2011-2415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415\n[ 48 ] CVE-2011-2416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416\n[ 49 ] CVE-2011-2417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417\n[ 50 ] CVE-2011-2424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424\n[ 51 ] CVE-2011-2425\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425\n[ 52 ] CVE-2011-2426\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426\n[ 53 ] CVE-2011-2427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427\n[ 54 ] CVE-2011-2428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428\n[ 55 ] CVE-2011-2429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429\n[ 56 ] CVE-2011-2430\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430\n[ 57 ] CVE-2011-2444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201110-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. ----------------------------------------------------------------------\n\n\nJoin Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria\nSee to the presentation \"The Dynamics and Threats of End-Point Software Portfolios\" by Secunia\u0027s Research Analyst Director, Stefan Frei. \nRead more:\nhttp://conference.first.org/ \n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Reader / Acrobat Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA43269\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43269/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269\n\nRELEASE DATE:\n2011-06-16\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43269/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43269/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Adobe Reader /\nAcrobat, which can be exploited by malicious people to conduct\ncross-site scripting attacks, disclose potentially sensitive\ninformation, bypass certain security restrictions, and compromise a\nuser\u0027s system. \n\n1) An error in 3difr.x3d due to the component trusting the provided\nstring length when processing certain files can be exploited to cause\na stack-based buffer overflow. \n\n2) An error in tesselate.x3d due to the component trusting the\nprovided string length when processing certain files can be exploited\nto cause a stack-based buffer overflow. \n\n3) An unspecified error can be exploited to cause a heap-based buffer\noverflow. \n\n4) An integer overflow error in ACE.dll when parsing the \"desc\" ICC\nchunk can be exploited to corrupt memory via a specially crafted PDF\nfile. \n\n5) An unspecified error can be exploited to corrupt memory. \n\n6) An unspecified error can be exploited to corrupt memory. \n\n7) An error due to the application loading certain unspecified\nlibraries in an insecure manner can be exploited to load arbitrary\nlibraries by tricking a user into e.g. opening a file located on a\nremote WebDAV or SMB share. \n\n8) Certain unspecified input is not properly sanitised and can be\nexploited to execute arbitrary script code. \n\n9) An unspecified error can be exploited to bypass certain security\nrestrictions. \n\nThis vulnerability affects Adobe Reader and Acrobat X 10.x only. \n\n10) An unspecified error can be exploited to corrupt memory. \n\nThis vulnerability affects 8.x versions only. \n\n11) An unspecified error can be exploited to corrupt memory. \n\n12) An unspecified error can be exploited to corrupt memory. \n\n13) An unspecified error can be exploited to corrupt memory. \n\nFor more information:\nSA44590\nSA44846\n\nThe vulnerabilities are reported in the following products:\n* Adobe Reader X (10.0.1) and earlier for Windows. \n* Adobe Reader X (10.0.3) and earlier for Macintosh. \n* Adobe Reader 9.4.4 and earlier for Windows and Macintosh. \n* Adobe Reader 8.2.6 and earlier for Windows and Macintosh. \n* Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. \n* Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. \n* Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh. \n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\n1, 2) An anonymous person via ZDI. \n4) Secunia Research. \n\nThe vendor also credits:\n3, 6) Tarjei Mandt, Norman. \n5) Rodrigo Rubira Branco. \n7) Mila Parkour. \n8) Billy Rios, Google Security Team. \n9) Christian Navarrete, CubilFelino Security Research Lab. \n10) Tavis Ormandy, Google Security Team. \n11) Brett Gervasoni, Sense of Security. \n12) Will Dormann, CERT/CC. \n13) James Quirk, Los Alamos, New Mexico. \n\nORIGINAL ADVISORY:\nAdobe (APSB11-16):\nhttp://www.adobe.com/support/security/bulletins/apsb11-16.html\n\nSecunia Research:\nhttp://secunia.com/secunia_research/2011-41/\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-218/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-219/\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2011-0579" }, { "db": "JVNDB", "id": "JVNDB-2011-001643" }, { "db": "BID", "id": "47847" }, { "db": "VULHUB", "id": "VHN-48524" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-0579", "trust": 2.9 }, { "db": "BID", "id": "47847", "trust": 1.2 }, { "db": "SECUNIA", "id": "43269", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2011-001643", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201105-170", "trust": 0.7 }, { "db": "SECUNIA", "id": "44568", "trust": 0.7 }, { "db": "SECUNIA", "id": "44591", "trust": 0.7 }, { "db": "SECUNIA", "id": "44590", "trust": 0.7 }, { "db": "NSFOCUS", "id": "16851", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-48524", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101403", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101417", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105802", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-218", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-219", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "102309", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101414", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48524" }, { "db": "BID", "id": "47847" }, { "db": "JVNDB", "id": "JVNDB-2011-001643" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0579" }, { "db": "CNNVD", "id": "CNNVD-201105-170" } ] }, "id": "VAR-201105-0007", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-48524" } ], "trust": 0.24074074 }, "last_update_date": "2023-12-18T11:47:42.783000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB11-12", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "title": "cpsid_90300", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/903/cpsid_90300.html" }, { "title": "APSB11-12", "trust": 0.8, "url": "http://www.adobe.com/jp/support/security/bulletins/apsb11-12.html" }, { "title": "RHSA-2011:0511", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2011-0511.html" }, { "title": "Multiple vulnerabilities in Adobe Flashplayer", "trust": 0.8, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001643" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48524" }, { "db": "JVNDB", "id": "JVNDB-2011-001643" }, { "db": "NVD", "id": "CVE-2011-0579" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a13379" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15903" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0579" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20110513-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2011/at110013.txt" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0579" }, { "trust": 0.8, "url": "http://secunia.com/advisories/43269" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/47847" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44568" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44590" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44591" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/16851" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.4, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.4, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.3, "url": "http://www.adobe.com/products/flash/" }, { "trust": 0.3, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer" }, { "trust": 0.3, "url": "http://www.blackberry.com/btsc/kb27365" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/127e996-10b83-4ab94539ab540/cert_xrx11-003_v1.0.pdf" }, { "trust": 0.3, "url": "http://twitter.com/secunia" }, { "trust": 0.3, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.3, "url": "http://www.facebook.com/secunia" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44568/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44568" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44568/" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-0511.html" }, { "trust": 0.1, "url": "http://feeds.feedburner.com/googlechromereleases" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44591/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44591/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44591" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0579" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0624" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0627" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0622" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0626" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2414" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0625" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2417" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0575" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0607" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0623" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2135" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0560" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0620" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0621" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0624" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0626" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2425" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2107" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2416" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-02.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2110" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0575" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2424" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0559" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-21.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2426" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0620" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0579" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-13.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0578" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2130" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2134" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0572" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0618" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0619" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2137" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2138" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0558" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0589" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2136" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0578" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0623" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0621" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0577" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0589" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0627" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2428" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0619" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-26.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0607" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2430" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2427" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201110-11.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2140" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0559" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0625" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-01.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0622" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0618" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0577" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43269/" }, { "trust": 0.1, "url": "http://conference.first.org/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43269/#comments" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-16.html" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-218/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-219/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_research/2011-41/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44590/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44590/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44590" } ], "sources": [ { "db": "VULHUB", "id": "VHN-48524" }, { "db": "BID", "id": "47847" }, { "db": "JVNDB", "id": "JVNDB-2011-001643" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0579" }, { "db": "CNNVD", "id": "CNNVD-201105-170" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-48524" }, { "db": "BID", "id": "47847" }, { "db": "JVNDB", "id": "JVNDB-2011-001643" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0579" }, { "db": "CNNVD", "id": "CNNVD-201105-170" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-05-13T00:00:00", "db": "VULHUB", "id": "VHN-48524" }, { "date": "2011-05-12T00:00:00", "db": "BID", "id": "47847" }, { "date": "2011-05-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001643" }, { "date": "2011-05-13T05:29:19", "db": "PACKETSTORM", "id": "101403" }, { "date": "2011-05-15T11:28:00", "db": "PACKETSTORM", "id": "101417" }, { "date": "2011-10-14T06:16:06", "db": "PACKETSTORM", "id": "105802" }, { "date": "2011-06-16T02:14:44", "db": "PACKETSTORM", "id": "102309" }, { "date": "2011-05-15T11:27:52", "db": "PACKETSTORM", "id": "101414" }, { "date": "2011-05-13T22:55:01.173000", "db": "NVD", "id": "CVE-2011-0579" }, { "date": "2011-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201105-170" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-30T00:00:00", "db": "VULHUB", "id": "VHN-48524" }, { "date": "2015-03-19T08:38:00", "db": "BID", "id": "47847" }, { "date": "2011-08-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001643" }, { "date": "2018-10-30T16:26:24.687000", "db": "NVD", "id": "CVE-2011-0579" }, { "date": "2011-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201105-170" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "105802" }, { "db": "CNNVD", "id": "CNNVD-201105-170" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player Vulnerability in which important information is obtained", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001643" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201105-170" } ], "trust": 0.6 } }
var-201105-0011
Vulnerability from variot
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0621. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Malware can exploit this vulnerability via .swf files embedded in .doc files or .xls file attachments in emails to attack the Windows platform. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUSE Security Announcement
Package: flash-player
Announcement ID: SUSE-SA:2011:025
Date: Tue, 17 May 2011 12:00:00 +0000
Affected Products: openSUSE 11.3
openSUSE 11.4
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 10 SP4
Vulnerability Type: remote code execution
CVSS v2 Base Score: 6.8
SUSE Default Package: yes
Cross-References: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619
CVE-2011-0620, CVE-2011-0621, CVE-2011-0622
CVE-2011-0623, CVE-2011-0624, CVE-2011-0625
CVE-2011-0626, CVE-2011-0627
Content of This Advisory:
1) Problem Description
flash-player security update to 10.3
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
6) Authenticity Verification and Additional Information
1) Problem Description and Brief Discussion
Flash Player has been updated to version 10.3, fixing bugs and security issues. - CVE-2011-0589: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0618: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Numeric Errors (CWE-189) - CVE-2011-0619: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0620: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0621: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0622: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0623: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0624: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0625: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0626: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0627: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20)
More information can be found on: http://www.adobe.com/support/security/bulletins/apsb11-12.html
2) Solution or Work-Around
If supported by the browser, you can disable the flash plugin.
3) Special Instructions and Notes
After the flash player update has been installed, all programs utilizing the flash plugin should be restarted. In particular web browser sessions should be restarted.a
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST "Online Update" module or the "zypper" commandline tool. The package and patch management stack will detect which updates are required and automatically perform the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing
x86 Platform:
openSUSE 11.4: http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm
openSUSE 11.3: http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm
Sources:
openSUSE 11.4: http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm
openSUSE 11.3: http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm
Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web:
SUSE Linux Enterprise Desktop 10 SP4 http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69
SUSE Linux Enterprise Desktop 11 SP1 http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
-
Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file and run the command
gpg --verify
replacing
with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made
using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team security@suse.de" where
is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
-
Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with.
The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command
rpm -v --checksig
to verify the signature of the package, replacing
with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement.
-
SUSE runs two security mailing lists to which any interested party may subscribe:
opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to opensuse-security+subscribe@opensuse.org.
opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to opensuse-security-announce+subscribe@opensuse.org. The security@suse.de public key is listed below. =====================================================================
The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team security@suse.de pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key build@suse.de
- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux)
iQEVAwUBTdOSuney5gA9JdPZAQITxQf/Y5fPRPXZbk6J7KRCjiGoJ+zIfmIijKeh fF4WiLL02eRbTKbn/gVtb/bmxoRGRO6Np5q1XDjj253EWUc0Zn/oDWiXQzRvmir6 3os2rjBfUGirpfVzAv0qSAiD7XbMUo/ohvcUwhAxb2PaWipRnynMzUANcARSJ924 6YMitvr1IF+i8xDF8yThCFkkyjkDuBPzgomB6zs1/Fd+ku04mMFHLVYpf22DQcGh wYvHo46lMWURt+aLEu0TJ07OEocaARYfzwqUYuY/4FZ4ias+I1GjCjL1WldQxeA9 rQ3AGEZ9YVARnkg4CwRHWcYlyYwobanDykmODfu20DWM0FOofrH6xw== =mivB -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
For more information: SA44590
SOLUTION: Updated packages are available via Red Hat Network.
For more information: SA44590
2) An error within WebKit glue may result in an incorrect type cast.
3) Multiple integer overflow errors exist within the handling of SVG filters.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers and Adobe Security Advisories and Bulletins referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10"
References
[ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201110-11.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/
TITLE: Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA43269
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43269/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43269
RELEASE DATE: 2011-06-16
DISCUSS ADVISORY: http://secunia.com/advisories/43269/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43269/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43269
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Reader / Acrobat, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
1) An error in 3difr.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
2) An error in tesselate.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
3) An unspecified error can be exploited to cause a heap-based buffer overflow.
4) An integer overflow error in ACE.dll when parsing the "desc" ICC chunk can be exploited to corrupt memory via a specially crafted PDF file.
5) An unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to corrupt memory.
7) An error due to the application loading certain unspecified libraries in an insecure manner can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share.
9) An unspecified error can be exploited to bypass certain security restrictions.
This vulnerability affects Adobe Reader and Acrobat X 10.x only.
10) An unspecified error can be exploited to corrupt memory.
This vulnerability affects 8.x versions only.
11) An unspecified error can be exploited to corrupt memory.
12) An unspecified error can be exploited to corrupt memory.
13) An unspecified error can be exploited to corrupt memory.
For more information: SA44590 SA44846
The vulnerabilities are reported in the following products: * Adobe Reader X (10.0.1) and earlier for Windows. * Adobe Reader X (10.0.3) and earlier for Macintosh. * Adobe Reader 9.4.4 and earlier for Windows and Macintosh. * Adobe Reader 8.2.6 and earlier for Windows and Macintosh. * Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. * Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. * Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh.
SOLUTION: Apply updates (please see the vendor's advisory for details).
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: 1, 2) An anonymous person via ZDI. 4) Secunia Research.
The vendor also credits: 3, 6) Tarjei Mandt, Norman. 5) Rodrigo Rubira Branco. 7) Mila Parkour. 8) Billy Rios, Google Security Team. 9) Christian Navarrete, CubilFelino Security Research Lab. 10) Tavis Ormandy, Google Security Team. 11) Brett Gervasoni, Sense of Security. 12) Will Dormann, CERT/CC. 13) James Quirk, Los Alamos, New Mexico.
ORIGINAL ADVISORY: Adobe (APSB11-16): http://www.adobe.com/support/security/bulletins/apsb11-16.html
Secunia Research: http://secunia.com/secunia_research/2011-41/
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-218/ http://www.zerodayinitiative.com/advisories/ZDI-11-219/
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201105-0011", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.154.25" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.156.12" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.154.13" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.106.16" }, { "model": "flash player", "scope": "lte", "trust": 1.8, "vendor": "adobe", "version": "10.2.159.1" }, { "model": "flash player", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "10.1.92.8" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.2.152.33" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.24.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.63" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.35.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.14.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.28" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.1.52.14.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.67.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.33.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.0.584" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.1.52.15" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.2" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.262.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.112.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.2.152" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.69.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.68.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.25" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.21.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.22.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.16" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.61.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.12.10" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.53.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.18d60" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.66.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.155.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.34.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.45.2" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.283.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.24.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.79" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.42.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.39.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.19.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.31" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.73.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.2.152.32" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.70.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.114.0" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.2.157.51" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.60.0" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.2.157.51" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.2.159.1" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs4 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.2.154.28 for chrome users" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.2.157.51 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary eus", "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "rhel supplementary eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6.z (server)" }, { "model": "rhel supplementary long life", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6 (server)" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "freeflow print server 73.b0.73", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.152.21" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.3.185.21" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "freeflow print server 73.a3.31", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.4" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "flash cs4 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.3.181.14" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "flash cs5 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" }, { "model": "solaris express", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.24" }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.27" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.18" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.28" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.153.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.65" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" } ], "sources": [ { "db": "BID", "id": "47809" }, { "db": "JVNDB", "id": "JVNDB-2011-001648" }, { "db": "NVD", "id": "CVE-2011-0622" }, { "db": "CNNVD", "id": "CNNVD-201105-175" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.154.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.102.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.283.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.277.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2.159.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.154.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.105.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.106.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.156.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2.157.51", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2011-0622" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Secunia", "sources": [ { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" } ], "trust": 0.4 }, "cve": "CVE-2011-0622", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2011-0622", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-48567", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2011-0622", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201105-175", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-48567", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-48567" }, { "db": "JVNDB", "id": "JVNDB-2011-001648" }, { "db": "NVD", "id": "CVE-2011-0622" }, { "db": "CNNVD", "id": "CNNVD-201105-175" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0621. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Malware can exploit this vulnerability via .swf files embedded in .doc files or .xls file attachments in emails to attack the Windows platform. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n______________________________________________________________________________\n\n SUSE Security Announcement\n\n Package: flash-player\n Announcement ID: SUSE-SA:2011:025\n Date: Tue, 17 May 2011 12:00:00 +0000\n Affected Products: openSUSE 11.3\n openSUSE 11.4\n SUSE Linux Enterprise Desktop 11 SP1\n SUSE Linux Enterprise Desktop 10 SP4\n Vulnerability Type: remote code execution\n CVSS v2 Base Score: 6.8\n SUSE Default Package: yes\n Cross-References: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619\n CVE-2011-0620, CVE-2011-0621, CVE-2011-0622\n CVE-2011-0623, CVE-2011-0624, CVE-2011-0625\n CVE-2011-0626, CVE-2011-0627\n\n Content of This Advisory:\n 1) Problem Description\n flash-player security update to 10.3\n 2) Solution or Work-Around\n 3) Special Instructions and Notes\n 4) Package Location and Checksums\n 5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n 6) Authenticity Verification and Additional Information\n\n______________________________________________________________________________\n\n1) Problem Description and Brief Discussion\n\n Flash Player has been updated to version 10.3, fixing bugs\n and security issues. \n - CVE-2011-0589: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0618: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Numeric Errors (CWE-189)\n - CVE-2011-0619: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0620: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0621: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0622: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0623: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0624: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0625: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0626: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0627: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n \n More information can be found on:\n http://www.adobe.com/support/security/bulletins/apsb11-12.html\n\n2) Solution or Work-Around\n\n If supported by the browser, you can disable the flash plugin. \n\n3) Special Instructions and Notes\n\n After the flash player update has been installed, all programs utilizing\n the flash plugin should be restarted. In particular web browser sessions\n should be restarted.a\n\n4) Package Location and Checksums\n\n The preferred method for installing security updates is to use the YaST\n \"Online Update\" module or the \"zypper\" commandline tool. The package and\n patch management stack will detect which updates are required and\n automatically perform the necessary steps to verify and install them. \n\n Alternatively, download the update packages for your distribution manually\n and verify their integrity by the methods listed in Section 6 of this\n announcement. Then install the packages using the command\n\n rpm -Fhv \u003cfile.rpm\u003e\n\n to apply the update, replacing \u003cfile.rpm\u003e with the filename of the\n downloaded RPM package. \n\n \n x86 Platform:\n \n openSUSE 11.4:\n http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm\n \n openSUSE 11.3:\n http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm\n \n Sources:\n \n openSUSE 11.4:\n http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm\n \n openSUSE 11.3:\n http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm\n \n Our maintenance customers are notified individually. The packages are\n offered for installation from the maintenance web:\n \n SUSE Linux Enterprise Desktop 10 SP4\n http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69\n \n SUSE Linux Enterprise Desktop 11 SP1\n http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad\n\n______________________________________________________________________________\n\n5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n\n See SUSE Security Summary Report. \n\n______________________________________________________________________________\n\n6) Authenticity Verification and Additional Information\n\n - Announcement authenticity verification:\n\n SUSE security announcements are published via mailing lists and on Web\n sites. The authenticity and integrity of a SUSE security announcement is\n guaranteed by a cryptographic signature in each announcement. All SUSE\n security announcements are published with a valid signature. \n\n To verify the signature of the announcement, save it as text into a file\n and run the command\n\n gpg --verify \u003cfile\u003e\n\n replacing \u003cfile\u003e with the name of the file where you saved the\n announcement. The output for a valid signature looks like:\n\n gpg: Signature made \u003cDATE\u003e using RSA key ID 3D25D3D9\n gpg: Good signature from \"SuSE Security Team \u003csecurity@suse.de\u003e\"\n\n where \u003cDATE\u003e is replaced by the date the document was signed. \n\n If the security team\u0027s key is not contained in your key ring, you can\n import it from the first installation CD. To import the key, use the\n command\n\n gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc\n\n - Package authenticity verification:\n\n SUSE update packages are available on many mirror FTP servers all over the\n world. While this service is considered valuable and important to the free\n and open source software community, the authenticity and the integrity of\n a package needs to be verified to ensure that it has not been tampered\n with. \n\n The internal rpm package signatures provide an easy way to verify the\n authenticity of an RPM package. Use the command\n\n rpm -v --checksig \u003cfile.rpm\u003e\n\n to verify the signature of the package, replacing \u003cfile.rpm\u003e with the\n filename of the RPM package downloaded. The package is unmodified if it\n contains a valid signature from build@suse.de with the key ID 9C800ACA. \n\n This key is automatically imported into the RPM database (on\n RPMv4-based distributions) and the gpg key ring of \u0027root\u0027 during\n installation. You can also find it on the first installation CD and at\n the end of this announcement. \n\n - SUSE runs two security mailing lists to which any interested party may\n subscribe:\n\n opensuse-security@opensuse.org\n - General Linux and SUSE security discussion. \n All SUSE security announcements are sent to this list. \n To subscribe, send an e-mail to\n \u003copensuse-security+subscribe@opensuse.org\u003e. \n\n opensuse-security-announce@opensuse.org\n - SUSE\u0027s announce-only mailing list. \n Only SUSE\u0027s security announcements are sent to this list. \n To subscribe, send an e-mail to\n \u003copensuse-security-announce+subscribe@opensuse.org\u003e. \n The \u003csecurity@suse.de\u003e public key is listed below. \n =====================================================================\n______________________________________________________________________________\n\n The information in this advisory may be distributed or reproduced,\n provided that the advisory is not modified in any way. In particular, the\n clear text signature should show proof of the authenticity of the text. \n\n SUSE Linux Products GmbH provides no warranties of any kind whatsoever\n with respect to the information contained in this security advisory. \n\nType Bits/KeyID Date User ID\npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team \u003csecurity@suse.de\u003e\npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key \u003cbuild@suse.de\u003e\n\n- -----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1.4.2 (GNU/Linux)\n\nmQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA\nBqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz\nJR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh\n1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U\nP7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+\ncZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg\nVGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b\nyHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7\ntQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ\nxG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63\nOm8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo\nchoXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI\nBkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u\nv/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+\nx9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0\nIx30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq\nMkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2\nsaqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o\nL0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU\nF7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS\nFQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW\ntp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It\nKlj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF\nAjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+\n3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk\nYS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP\n+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR\n8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U\n8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S\ncZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh\nELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB\nUVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo\nAqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n\nKFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi\nBBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro\nnIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg\nKL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx\nyoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn\nB/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV\nwM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh\nUzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF\n5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3\nD3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu\nzgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd\n9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi\na5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13\nCNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp\n271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE\nt5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG\nB/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw\nrbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt\nIJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL\nrWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H\nRKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa\ng8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA\nCspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO\n=ypVs\n- -----END PGP PUBLIC KEY BLOCK-----\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.9 (GNU/Linux)\n\niQEVAwUBTdOSuney5gA9JdPZAQITxQf/Y5fPRPXZbk6J7KRCjiGoJ+zIfmIijKeh\nfF4WiLL02eRbTKbn/gVtb/bmxoRGRO6Np5q1XDjj253EWUc0Zn/oDWiXQzRvmir6\n3os2rjBfUGirpfVzAv0qSAiD7XbMUo/ohvcUwhAxb2PaWipRnynMzUANcARSJ924\n6YMitvr1IF+i8xDF8yThCFkkyjkDuBPzgomB6zs1/Fd+ku04mMFHLVYpf22DQcGh\nwYvHo46lMWURt+aLEu0TJ07OEocaARYfzwqUYuY/4FZ4ias+I1GjCjL1WldQxeA9\nrQ3AGEZ9YVARnkg4CwRHWcYlyYwobanDykmODfu20DWM0FOofrH6xw==\n=mivB\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\nFor more information:\nSA44590\n\nSOLUTION:\nUpdated packages are available via Red Hat Network. \n\nFor more information:\nSA44590\n\n2) An error within WebKit glue may result in an incorrect type cast. \n\n3) Multiple integer overflow errors exist within the handling of SVG\nfilters. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers and Adobe Security Advisories and\nBulletins referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=www-plugins/adobe-flash-10.3.183.10\"\n\nReferences\n==========\n\n[ 1 ] APSA11-01\n http://www.adobe.com/support/security/advisories/apsa11-01.html\n[ 2 ] APSA11-02\n http://www.adobe.com/support/security/advisories/apsa11-02.html\n[ 3 ] APSB11-02\n http://www.adobe.com/support/security/bulletins/apsb11-02.html\n[ 4 ] APSB11-12\n http://www.adobe.com/support/security/bulletins/apsb11-12.html\n[ 5 ] APSB11-13\n http://www.adobe.com/support/security/bulletins/apsb11-13.html\n[ 6 ] APSB11-21\n https://www.adobe.com/support/security/bulletins/apsb11-21.html\n[ 7 ] APSB11-26\n https://www.adobe.com/support/security/bulletins/apsb11-26.html\n[ 8 ] CVE-2011-0558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558\n[ 9 ] CVE-2011-0559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559\n[ 10 ] CVE-2011-0560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560\n[ 11 ] CVE-2011-0561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561\n[ 12 ] CVE-2011-0571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571\n[ 13 ] CVE-2011-0572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572\n[ 14 ] CVE-2011-0573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573\n[ 15 ] CVE-2011-0574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574\n[ 16 ] CVE-2011-0575\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575\n[ 17 ] CVE-2011-0577\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577\n[ 18 ] CVE-2011-0578\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578\n[ 19 ] CVE-2011-0579\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579\n[ 20 ] CVE-2011-0589\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589\n[ 21 ] CVE-2011-0607\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607\n[ 22 ] CVE-2011-0608\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608\n[ 23 ] CVE-2011-0609\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609\n[ 24 ] CVE-2011-0611\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611\n[ 25 ] CVE-2011-0618\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618\n[ 26 ] CVE-2011-0619\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619\n[ 27 ] CVE-2011-0620\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620\n[ 28 ] CVE-2011-0621\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621\n[ 29 ] CVE-2011-0622\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622\n[ 30 ] CVE-2011-0623\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623\n[ 31 ] CVE-2011-0624\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624\n[ 32 ] CVE-2011-0625\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625\n[ 33 ] CVE-2011-0626\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626\n[ 34 ] CVE-2011-0627\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627\n[ 35 ] CVE-2011-0628\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628\n[ 36 ] CVE-2011-2107\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107\n[ 37 ] CVE-2011-2110\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110\n[ 38 ] CVE-2011-2125\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135\n[ 39 ] CVE-2011-2130\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130\n[ 40 ] CVE-2011-2134\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134\n[ 41 ] CVE-2011-2136\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136\n[ 42 ] CVE-2011-2137\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137\n[ 43 ] CVE-2011-2138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138\n[ 44 ] CVE-2011-2139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139\n[ 45 ] CVE-2011-2140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140\n[ 46 ] CVE-2011-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414\n[ 47 ] CVE-2011-2415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415\n[ 48 ] CVE-2011-2416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416\n[ 49 ] CVE-2011-2417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417\n[ 50 ] CVE-2011-2424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424\n[ 51 ] CVE-2011-2425\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425\n[ 52 ] CVE-2011-2426\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426\n[ 53 ] CVE-2011-2427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427\n[ 54 ] CVE-2011-2428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428\n[ 55 ] CVE-2011-2429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429\n[ 56 ] CVE-2011-2430\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430\n[ 57 ] CVE-2011-2444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201110-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. ----------------------------------------------------------------------\n\n\nJoin Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria\nSee to the presentation \"The Dynamics and Threats of End-Point Software Portfolios\" by Secunia\u0027s Research Analyst Director, Stefan Frei. \nRead more:\nhttp://conference.first.org/ \n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Reader / Acrobat Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA43269\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43269/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269\n\nRELEASE DATE:\n2011-06-16\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43269/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43269/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Adobe Reader /\nAcrobat, which can be exploited by malicious people to conduct\ncross-site scripting attacks, disclose potentially sensitive\ninformation, bypass certain security restrictions, and compromise a\nuser\u0027s system. \n\n1) An error in 3difr.x3d due to the component trusting the provided\nstring length when processing certain files can be exploited to cause\na stack-based buffer overflow. \n\n2) An error in tesselate.x3d due to the component trusting the\nprovided string length when processing certain files can be exploited\nto cause a stack-based buffer overflow. \n\n3) An unspecified error can be exploited to cause a heap-based buffer\noverflow. \n\n4) An integer overflow error in ACE.dll when parsing the \"desc\" ICC\nchunk can be exploited to corrupt memory via a specially crafted PDF\nfile. \n\n5) An unspecified error can be exploited to corrupt memory. \n\n6) An unspecified error can be exploited to corrupt memory. \n\n7) An error due to the application loading certain unspecified\nlibraries in an insecure manner can be exploited to load arbitrary\nlibraries by tricking a user into e.g. opening a file located on a\nremote WebDAV or SMB share. \n\n9) An unspecified error can be exploited to bypass certain security\nrestrictions. \n\nThis vulnerability affects Adobe Reader and Acrobat X 10.x only. \n\n10) An unspecified error can be exploited to corrupt memory. \n\nThis vulnerability affects 8.x versions only. \n\n11) An unspecified error can be exploited to corrupt memory. \n\n12) An unspecified error can be exploited to corrupt memory. \n\n13) An unspecified error can be exploited to corrupt memory. \n\nFor more information:\nSA44590\nSA44846\n\nThe vulnerabilities are reported in the following products:\n* Adobe Reader X (10.0.1) and earlier for Windows. \n* Adobe Reader X (10.0.3) and earlier for Macintosh. \n* Adobe Reader 9.4.4 and earlier for Windows and Macintosh. \n* Adobe Reader 8.2.6 and earlier for Windows and Macintosh. \n* Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. \n* Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. \n* Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh. \n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\n1, 2) An anonymous person via ZDI. \n4) Secunia Research. \n\nThe vendor also credits:\n3, 6) Tarjei Mandt, Norman. \n5) Rodrigo Rubira Branco. \n7) Mila Parkour. \n8) Billy Rios, Google Security Team. \n9) Christian Navarrete, CubilFelino Security Research Lab. \n10) Tavis Ormandy, Google Security Team. \n11) Brett Gervasoni, Sense of Security. \n12) Will Dormann, CERT/CC. \n13) James Quirk, Los Alamos, New Mexico. \n\nORIGINAL ADVISORY:\nAdobe (APSB11-16):\nhttp://www.adobe.com/support/security/bulletins/apsb11-16.html\n\nSecunia Research:\nhttp://secunia.com/secunia_research/2011-41/\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-218/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-219/\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2011-0622" }, { "db": "JVNDB", "id": "JVNDB-2011-001648" }, { "db": "BID", "id": "47809" }, { "db": "VULHUB", "id": "VHN-48567" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-0622", "trust": 3.0 }, { "db": "BID", "id": "47809", "trust": 1.2 }, { "db": "SECUNIA", "id": "43269", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2011-001648", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201105-175", "trust": 0.7 }, { "db": "SECUNIA", "id": "44568", "trust": 0.7 }, { "db": "SECUNIA", "id": "44591", "trust": 0.7 }, { "db": "SECUNIA", "id": "44590", "trust": 0.7 }, { "db": "NSFOCUS", "id": "16829", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-48567", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101520", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101403", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101417", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105802", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-218", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-219", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "102309", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101414", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48567" }, { "db": "BID", "id": "47809" }, { "db": "JVNDB", "id": "JVNDB-2011-001648" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0622" }, { "db": "CNNVD", "id": "CNNVD-201105-175" } ] }, "id": "VAR-201105-0011", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-48567" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T10:58:28.477000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB11-12", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "title": "cpsid_90300", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/903/cpsid_90300.html" }, { "title": "APSB11-12", "trust": 0.8, "url": "http://www.adobe.com/jp/support/security/bulletins/apsb11-12.html" }, { "title": "RHSA-2011:0511", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2011-0511.html" }, { "title": "Multiple vulnerabilities in Adobe Flashplayer", "trust": 0.8, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001648" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48567" }, { "db": "JVNDB", "id": "JVNDB-2011-001648" }, { "db": "NVD", "id": "CVE-2011-0622" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14113" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16241" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0622" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20110513-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2011/at110013.txt" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0622" }, { "trust": 0.8, "url": "http://secunia.com/advisories/43269" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/47809" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44568" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44590" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44591" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/16829" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.4, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.4, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.3, "url": "http://www.adobe.com" }, { "trust": 0.3, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/127e996-10b83-4ab94539ab540/cert_xrx11-003_v1.0.pdf" }, { "trust": 0.3, "url": "http://twitter.com/secunia" }, { "trust": 0.3, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.3, "url": "http://www.facebook.com/secunia" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0624" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0627" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0619" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0626" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0622" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0618" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0625" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0589" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0621" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0623" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0620" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm" }, { "trust": 0.1, "url": "http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm" }, { "trust": 0.1, "url": "http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44568/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44568" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44568/" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-0511.html" }, { "trust": 0.1, "url": "http://feeds.feedburner.com/googlechromereleases" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44591/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44591/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44591" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0579" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0626" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2414" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2417" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0575" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0607" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2135" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0621" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0624" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2425" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2107" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2416" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-02.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2110" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0575" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2424" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0559" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-21.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2426" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0620" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0579" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-13.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0578" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2130" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2134" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0619" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2137" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2138" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2136" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0578" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0623" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0577" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0589" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0627" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2428" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-26.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0607" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2430" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2427" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201110-11.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2140" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0559" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0625" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-01.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0622" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0618" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0577" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43269/" }, { "trust": 0.1, "url": "http://conference.first.org/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43269/#comments" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-16.html" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-218/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-219/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_research/2011-41/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44590/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44590/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44590" } ], "sources": [ { "db": "VULHUB", "id": "VHN-48567" }, { "db": "BID", "id": "47809" }, { "db": "JVNDB", "id": "JVNDB-2011-001648" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0622" }, { "db": "CNNVD", "id": "CNNVD-201105-175" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-48567" }, { "db": "BID", "id": "47809" }, { "db": "JVNDB", "id": "JVNDB-2011-001648" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0622" }, { "db": "CNNVD", "id": "CNNVD-201105-175" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-05-13T00:00:00", "db": "VULHUB", "id": "VHN-48567" }, { "date": "2011-05-12T00:00:00", "db": "BID", "id": "47809" }, { "date": "2011-05-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001648" }, { "date": "2011-05-18T14:23:49", "db": "PACKETSTORM", "id": "101520" }, { "date": "2011-05-13T05:29:19", "db": "PACKETSTORM", "id": "101403" }, { "date": "2011-05-15T11:28:00", "db": "PACKETSTORM", "id": "101417" }, { "date": "2011-10-14T06:16:06", "db": "PACKETSTORM", "id": "105802" }, { "date": "2011-06-16T02:14:44", "db": "PACKETSTORM", "id": "102309" }, { "date": "2011-05-15T11:27:52", "db": "PACKETSTORM", "id": "101414" }, { "date": "2011-05-13T22:55:01.393000", "db": "NVD", "id": "CVE-2011-0622" }, { "date": "2011-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201105-175" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-30T00:00:00", "db": "VULHUB", "id": "VHN-48567" }, { "date": "2015-03-19T08:32:00", "db": "BID", "id": "47809" }, { "date": "2011-08-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001648" }, { "date": "2018-10-30T16:26:24.687000", "db": "NVD", "id": "CVE-2011-0622" }, { "date": "2011-05-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201105-175" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "105802" }, { "db": "CNNVD", "id": "CNNVD-201105-175" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001648" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer overflow", "sources": [ { "db": "CNNVD", "id": "CNNVD-201105-175" } ], "trust": 0.6 } }
var-201011-0235
Vulnerability from variot
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions. NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest stable version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
[ 1 ] APSB10-06 http://www.adobe.com/support/security/bulletins/apsb10-06.html [ 2 ] APSB10-14 http://www.adobe.com/support/security/bulletins/apsb10-14.html [ 3 ] APSB10-16 http://www.adobe.com/support/security/bulletins/apsb10-16.html [ 4 ] APSB10-22 http://www.adobe.com/support/security/bulletins/apsb10-22.html [ 5 ] APSB10-26 http://www.adobe.com/support/security/bulletins/apsb10-26.html [ 6 ] CVE-2008-4546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546 [ 7 ] CVE-2009-3793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793 [ 8 ] CVE-2010-0186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186 [ 9 ] CVE-2010-0187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187 [ 10 ] CVE-2010-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209 [ 11 ] CVE-2010-1297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297 [ 12 ] CVE-2010-2160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160 [ 13 ] CVE-2010-2161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161 [ 14 ] CVE-2010-2162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162 [ 15 ] CVE-2010-2163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163 [ 16 ] CVE-2010-2164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164 [ 17 ] CVE-2010-2165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165 [ 18 ] CVE-2010-2166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166 [ 19 ] CVE-2010-2167 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167 [ 20 ] CVE-2010-2169 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169 [ 21 ] CVE-2010-2170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170 [ 22 ] CVE-2010-2171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171 [ 23 ] CVE-2010-2172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172 [ 24 ] CVE-2010-2173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173 [ 25 ] CVE-2010-2174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174 [ 26 ] CVE-2010-2175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175 [ 27 ] CVE-2010-2176 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176 [ 28 ] CVE-2010-2177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177 [ 29 ] CVE-2010-2178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178 [ 30 ] CVE-2010-2179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179 [ 31 ] CVE-2010-2180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180 [ 32 ] CVE-2010-2181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181 [ 33 ] CVE-2010-2182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182 [ 34 ] CVE-2010-2183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183 [ 35 ] CVE-2010-2184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184 [ 36 ] CVE-2010-2185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185 [ 37 ] CVE-2010-2186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186 [ 38 ] CVE-2010-2187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187 [ 39 ] CVE-2010-2188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188 [ 40 ] CVE-2010-2189 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189 [ 41 ] CVE-2010-2213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213 [ 42 ] CVE-2010-2214 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214 [ 43 ] CVE-2010-2215 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215 [ 44 ] CVE-2010-2216 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216 [ 45 ] CVE-2010-2884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884 [ 46 ] CVE-2010-3636 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636 [ 47 ] CVE-2010-3639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639 [ 48 ] CVE-2010-3640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640 [ 49 ] CVE-2010-3641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641 [ 50 ] CVE-2010-3642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642 [ 51 ] CVE-2010-3643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643 [ 52 ] CVE-2010-3644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644 [ 53 ] CVE-2010-3645 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645 [ 54 ] CVE-2010-3646 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646 [ 55 ] CVE-2010-3647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647 [ 56 ] CVE-2010-3648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648 [ 57 ] CVE-2010-3649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649 [ 58 ] CVE-2010-3650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650 [ 59 ] CVE-2010-3652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652 [ 60 ] CVE-2010-3654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654 [ 61 ] CVE-2010-3976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information: SA38547 SA40026 SA40907 SA41434 SA41917
SOLUTION: Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta: http://secunia.com/products/corporate/vim/
TITLE: Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID: SA41917
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE: 2010-10-29
DISCUSS ADVISORY: http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been discovered in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a fully patched Windows XP Professional SP3. Other versions may also be affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION: Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day.
ORIGINAL ADVISORY: Adobe APSA10-05: http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour: http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
For more information: SA41917
SOLUTION: Updated packages are available via Red Hat Network
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201011-0235", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "flash player", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "air", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "2.0.4" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs3 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs4 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.95.1 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "3" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.8.z extras" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.92.8" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.52.14.1" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.52.15" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.0.45.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "air", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "2.5.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2.12610" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.4" }, { "model": "solaris express", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.01" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.1" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9130" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9120" }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.0" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" } ], "sources": [ { "db": "BID", "id": "44678" }, { "db": "JVNDB", "id": "JVNDB-2010-002326" }, { "db": "CNNVD", "id": "CNNVD-201011-084" }, { "db": "NVD", "id": "CVE-2010-3642" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.289.0", "versionStartIncluding": "9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.1.102.64", "versionStartIncluding": "10.0.12.36", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:sun:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.1.95.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3642" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Will Dormman of CERT", "sources": [ { "db": "BID", "id": "44678" }, { "db": "CNNVD", "id": "CNNVD-201011-084" } ], "trust": 0.9 }, "cve": "CVE-2010-3642", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2010-3642", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-46247", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2010-3642", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201011-084", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-46247", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-46247" }, { "db": "JVNDB", "id": "JVNDB-2010-002326" }, { "db": "CNNVD", "id": "CNNVD-201011-084" }, { "db": "NVD", "id": "CVE-2010-3642" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions. \nNOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. For\nfurther information please consult the CVE entries and the Adobe\nSecurity Bulletins referenced below. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest stable\nversion:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=www-plugins/adobe-flash-10.1.102.64\"\n\nReferences\n==========\n\n [ 1 ] APSB10-06\n http://www.adobe.com/support/security/bulletins/apsb10-06.html\n [ 2 ] APSB10-14\n http://www.adobe.com/support/security/bulletins/apsb10-14.html\n [ 3 ] APSB10-16\n http://www.adobe.com/support/security/bulletins/apsb10-16.html\n [ 4 ] APSB10-22\n http://www.adobe.com/support/security/bulletins/apsb10-22.html\n [ 5 ] APSB10-26\n http://www.adobe.com/support/security/bulletins/apsb10-26.html\n [ 6 ] CVE-2008-4546\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546\n [ 7 ] CVE-2009-3793\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793\n [ 8 ] CVE-2010-0186\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186\n [ 9 ] CVE-2010-0187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187\n [ 10 ] CVE-2010-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209\n [ 11 ] CVE-2010-1297\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297\n [ 12 ] CVE-2010-2160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160\n [ 13 ] CVE-2010-2161\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161\n [ 14 ] CVE-2010-2162\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162\n [ 15 ] CVE-2010-2163\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163\n [ 16 ] CVE-2010-2164\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164\n [ 17 ] CVE-2010-2165\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165\n [ 18 ] CVE-2010-2166\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166\n [ 19 ] CVE-2010-2167\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167\n [ 20 ] CVE-2010-2169\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169\n [ 21 ] CVE-2010-2170\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170\n [ 22 ] CVE-2010-2171\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171\n [ 23 ] CVE-2010-2172\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172\n [ 24 ] CVE-2010-2173\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173\n [ 25 ] CVE-2010-2174\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174\n [ 26 ] CVE-2010-2175\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175\n [ 27 ] CVE-2010-2176\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176\n [ 28 ] CVE-2010-2177\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177\n [ 29 ] CVE-2010-2178\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178\n [ 30 ] CVE-2010-2179\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179\n [ 31 ] CVE-2010-2180\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180\n [ 32 ] CVE-2010-2181\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181\n [ 33 ] CVE-2010-2182\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182\n [ 34 ] CVE-2010-2183\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183\n [ 35 ] CVE-2010-2184\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184\n [ 36 ] CVE-2010-2185\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185\n [ 37 ] CVE-2010-2186\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186\n [ 38 ] CVE-2010-2187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187\n [ 39 ] CVE-2010-2188\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188\n [ 40 ] CVE-2010-2189\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189\n [ 41 ] CVE-2010-2213\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213\n [ 42 ] CVE-2010-2214\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214\n [ 43 ] CVE-2010-2215\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215\n [ 44 ] CVE-2010-2216\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216\n [ 45 ] CVE-2010-2884\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884\n [ 46 ] CVE-2010-3636\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636\n [ 47 ] CVE-2010-3639\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639\n [ 48 ] CVE-2010-3640\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640\n [ 49 ] CVE-2010-3641\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641\n [ 50 ] CVE-2010-3642\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642\n [ 51 ] CVE-2010-3643\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643\n [ 52 ] CVE-2010-3644\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644\n [ 53 ] CVE-2010-3645\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645\n [ 54 ] CVE-2010-3646\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646\n [ 55 ] CVE-2010-3647\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647\n [ 56 ] CVE-2010-3648\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648\n [ 57 ] CVE-2010-3649\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649\n [ 58 ] CVE-2010-3650\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650\n [ 59 ] CVE-2010-3652\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652\n [ 60 ] CVE-2010-3654\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654\n [ 61 ] CVE-2010-3976\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201101-09.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n\n. \n\nFor more information:\nSA38547\nSA40026\nSA40907\nSA41434\nSA41917\n\nSOLUTION:\nUpdate to version \"www-plugins/adobe-flash-10.1.102.64\" or later. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. \n\nJoin the beta: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Flash Player Unspecified Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA41917\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/41917/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nRELEASE DATE:\n2010-10-29\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/41917/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/41917/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in Adobe Flash Player, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is confirmed in version 10.1.85.3 running on a\nfully patched Windows XP Professional SP3. Other versions may also be\naffected. \n\nNOTE: The vulnerability is currently being actively exploited. \n\nSOLUTION:\nAdobe plans to release a fixed version on November 9, 2010. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported as a 0-day. \n\nORIGINAL ADVISORY:\nAdobe APSA10-05:\nhttp://www.adobe.com/support/security/advisories/apsa10-05.html\n\nMila Parkour:\nhttp://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This fixes multiple\nvulnerabilities, which can be exploited by malicious people to\ndisclose sensitive information, bypass certain security restrictions,\nor compromise a user\u0027s system. \n\nFor more information:\nSA41917\n\nSOLUTION:\nUpdated packages are available via Red Hat Network", "sources": [ { "db": "NVD", "id": "CVE-2010-3642" }, { "db": "JVNDB", "id": "JVNDB-2010-002326" }, { "db": "BID", "id": "44678" }, { "db": "VULHUB", "id": "VHN-46247" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-3642", "trust": 2.9 }, { "db": "BID", "id": "44678", "trust": 2.8 }, { "db": "VUPEN", "id": "ADV-2010-2903", "trust": 2.5 }, { "db": "SECUNIA", "id": "42926", "trust": 1.8 }, { "db": "SECUNIA", "id": "42183", "trust": 1.8 }, { "db": "SECUNIA", "id": "43026", "trust": 1.8 }, { "db": "VUPEN", "id": "ADV-2011-0173", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-2918", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-2906", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2011-0192", "trust": 1.7 }, { "db": "SECUNIA", "id": "41917", "trust": 0.9 }, { "db": "JVNDB", "id": "JVNDB-2010-002326", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201011-084", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-46247", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97654", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97735", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97788", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95253", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95657", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-46247" }, { "db": "BID", "id": "44678" }, { "db": "JVNDB", "id": "JVNDB-2010-002326" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-084" }, { "db": "NVD", "id": "CVE-2010-3642" } ] }, "id": "VAR-201011-0235", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-46247" } ], "trust": 0.01 }, "last_update_date": "2024-05-18T20:22:59.549000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB10-26", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "title": "cpsid_87813", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/878/cpsid_87813.html" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435?viewlocale=ja_jp" }, { "title": "RHSA-2010:0829", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0829.html" }, { "title": "RHSA-2010:0834", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0834.html" }, { "title": "RHSA-2010:0867", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0867.html" }, { "title": "multiple_vulnerabilities_in_adobe_flash1", "trust": 0.8, "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" }, { "title": "flash-player-10.1.10 2.64-0.1.1.i586", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35063" }, { "title": "MacOSXUpdCombo10.6.5", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35062" }, { "title": "install_flash_player_10.1.102.64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35061" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002326" }, { "db": "CNNVD", "id": "CNNVD-201011-084" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3642" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://www.securityfocus.com/bid/44678" }, { "trust": 2.5, "url": "http://www.vupen.com/english/advisories/2010/2903" }, { "trust": 2.1, "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" }, { "trust": 2.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html" }, { "trust": 1.7, "url": "http://support.apple.com/kb/ht4435" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12065" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16254" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0829.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0834.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0867.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42183" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42926" }, { "trust": 1.7, "url": "http://secunia.com/advisories/43026" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/2906" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/2918" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2011/0173" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2011/0192" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3642" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20101105-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2010/at100029.txt" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu331391" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3642" }, { "trust": 0.8, "url": "http://secunia.com/advisories/41917" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.4, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.4, "url": "http://secunia.com/products/corporate/vim/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.4, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.4, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.3, "url": "http://www.adobe.com/products/flash/" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=130331642631603\u0026amp;w=2" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42926/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42926" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42926/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3639" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2181" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2161" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2174" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3644" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2215" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2171" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2162" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2181" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4546" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4546" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2180" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2171" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2180" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2164" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2179" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2169" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3648" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2164" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2173" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3654" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3793" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2177" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3645" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2179" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2165" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2172" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3976" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2216" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-16.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3647" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2173" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-06.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2172" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3793" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2160" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2213" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2184" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2167" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3646" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2169" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2175" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2214" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2178" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2165" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2188" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2189" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3643" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2161" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3636" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3641" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2174" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3650" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2183" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2178" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2170" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2177" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3652" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2162" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3640" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2170" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-22.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2175" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3649" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2167" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2884" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/advisories/43026/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43026/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43026" }, { "trust": 0.1, "url": "http://www.gentoo.org/security/en/glsa/glsa-201101-09.xml" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa10-05.html" }, { "trust": 0.1, "url": "http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42183" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42183/#comments" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2010-0829.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42183/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-46247" }, { "db": "BID", "id": "44678" }, { "db": "JVNDB", "id": "JVNDB-2010-002326" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-084" }, { "db": "NVD", "id": "CVE-2010-3642" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-46247" }, { "db": "BID", "id": "44678" }, { "db": "JVNDB", "id": "JVNDB-2010-002326" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-084" }, { "db": "NVD", "id": "CVE-2010-3642" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-11-07T00:00:00", "db": "VULHUB", "id": "VHN-46247" }, { "date": "2010-11-04T00:00:00", "db": "BID", "id": "44678" }, { "date": "2010-11-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002326" }, { "date": "2011-01-19T04:51:35", "db": "PACKETSTORM", "id": "97654" }, { "date": "2011-01-21T21:15:05", "db": "PACKETSTORM", "id": "97735" }, { "date": "2011-01-24T07:05:29", "db": "PACKETSTORM", "id": "97788" }, { "date": "2010-10-29T05:44:30", "db": "PACKETSTORM", "id": "95253" }, { "date": "2010-11-09T02:06:41", "db": "PACKETSTORM", "id": "95657" }, { "date": "2010-11-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-084" }, { "date": "2010-11-07T22:00:02.127000", "db": "NVD", "id": "CVE-2010-3642" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-46247" }, { "date": "2015-03-19T09:34:00", "db": "BID", "id": "44678" }, { "date": "2011-02-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002326" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-084" }, { "date": "2024-05-17T17:10:48.883000", "db": "NVD", "id": "CVE-2010-3642" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "97735" }, { "db": "CNNVD", "id": "CNNVD-201011-084" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002326" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201011-084" } ], "trust": 0.6 } }
var-201105-0012
Vulnerability from variot
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0624, CVE-2011-0625, and CVE-2011-0626. This vulnerability CVE-2011-0624 , CVE-2011-0625 ,and CVE-2011-0626 Is a different vulnerability.An attacker could execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUSE Security Announcement
Package: flash-player
Announcement ID: SUSE-SA:2011:025
Date: Tue, 17 May 2011 12:00:00 +0000
Affected Products: openSUSE 11.3
openSUSE 11.4
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 10 SP4
Vulnerability Type: remote code execution
CVSS v2 Base Score: 6.8
SUSE Default Package: yes
Cross-References: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619
CVE-2011-0620, CVE-2011-0621, CVE-2011-0622
CVE-2011-0623, CVE-2011-0624, CVE-2011-0625
CVE-2011-0626, CVE-2011-0627
Content of This Advisory:
1) Problem Description
flash-player security update to 10.3
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
6) Authenticity Verification and Additional Information
1) Problem Description and Brief Discussion
Flash Player has been updated to version 10.3, fixing bugs and security issues. - CVE-2011-0589: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0618: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Numeric Errors (CWE-189) - CVE-2011-0619: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0620: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0621: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0622: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0623: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0624: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0625: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0626: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0627: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20)
More information can be found on: http://www.adobe.com/support/security/bulletins/apsb11-12.html
2) Solution or Work-Around
If supported by the browser, you can disable the flash plugin.
3) Special Instructions and Notes
After the flash player update has been installed, all programs utilizing the flash plugin should be restarted. In particular web browser sessions should be restarted.a
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST "Online Update" module or the "zypper" commandline tool. The package and patch management stack will detect which updates are required and automatically perform the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing
x86 Platform:
openSUSE 11.4: http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm
openSUSE 11.3: http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm
Sources:
openSUSE 11.4: http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm
openSUSE 11.3: http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm
Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web:
SUSE Linux Enterprise Desktop 10 SP4 http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69
SUSE Linux Enterprise Desktop 11 SP1 http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
-
Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file and run the command
gpg --verify
replacing
with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made
using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team security@suse.de" where
is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
-
Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with.
The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command
rpm -v --checksig
to verify the signature of the package, replacing
with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement.
-
SUSE runs two security mailing lists to which any interested party may subscribe:
opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to opensuse-security+subscribe@opensuse.org.
opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to opensuse-security-announce+subscribe@opensuse.org. The security@suse.de public key is listed below. =====================================================================
The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team security@suse.de pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key build@suse.de
- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux)
iQEVAwUBTdOSuney5gA9JdPZAQITxQf/Y5fPRPXZbk6J7KRCjiGoJ+zIfmIijKeh fF4WiLL02eRbTKbn/gVtb/bmxoRGRO6Np5q1XDjj253EWUc0Zn/oDWiXQzRvmir6 3os2rjBfUGirpfVzAv0qSAiD7XbMUo/ohvcUwhAxb2PaWipRnynMzUANcARSJ924 6YMitvr1IF+i8xDF8yThCFkkyjkDuBPzgomB6zs1/Fd+ku04mMFHLVYpf22DQcGh wYvHo46lMWURt+aLEu0TJ07OEocaARYfzwqUYuY/4FZ4ias+I1GjCjL1WldQxeA9 rQ3AGEZ9YVARnkg4CwRHWcYlyYwobanDykmODfu20DWM0FOofrH6xw== =mivB -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
For more information: SA44590
SOLUTION: Updated packages are available via Red Hat Network.
For more information: SA44590
2) An error within WebKit glue may result in an incorrect type cast.
3) Multiple integer overflow errors exist within the handling of SVG filters.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers and Adobe Security Advisories and Bulletins referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10"
References
[ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201110-11.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/
TITLE: Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA43269
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43269/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43269
RELEASE DATE: 2011-06-16
DISCUSS ADVISORY: http://secunia.com/advisories/43269/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43269/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43269
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Reader / Acrobat, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
1) An error in 3difr.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
2) An error in tesselate.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
3) An unspecified error can be exploited to cause a heap-based buffer overflow.
4) An integer overflow error in ACE.dll when parsing the "desc" ICC chunk can be exploited to corrupt memory via a specially crafted PDF file.
5) An unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to corrupt memory.
7) An error due to the application loading certain unspecified libraries in an insecure manner can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share.
9) An unspecified error can be exploited to bypass certain security restrictions.
This vulnerability affects Adobe Reader and Acrobat X 10.x only.
10) An unspecified error can be exploited to corrupt memory.
This vulnerability affects 8.x versions only.
11) An unspecified error can be exploited to corrupt memory.
12) An unspecified error can be exploited to corrupt memory.
13) An unspecified error can be exploited to corrupt memory.
For more information: SA44590 SA44846
The vulnerabilities are reported in the following products: * Adobe Reader X (10.0.1) and earlier for Windows. * Adobe Reader X (10.0.3) and earlier for Macintosh. * Adobe Reader 9.4.4 and earlier for Windows and Macintosh. * Adobe Reader 8.2.6 and earlier for Windows and Macintosh. * Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. * Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. * Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh.
SOLUTION: Apply updates (please see the vendor's advisory for details).
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: 1, 2) An anonymous person via ZDI. 4) Secunia Research.
The vendor also credits: 3, 6) Tarjei Mandt, Norman. 5) Rodrigo Rubira Branco. 7) Mila Parkour. 8) Billy Rios, Google Security Team. 9) Christian Navarrete, CubilFelino Security Research Lab. 10) Tavis Ormandy, Google Security Team. 11) Brett Gervasoni, Sense of Security. 12) Will Dormann, CERT/CC. 13) James Quirk, Los Alamos, New Mexico.
ORIGINAL ADVISORY: Adobe (APSB11-16): http://www.adobe.com/support/security/bulletins/apsb11-16.html
Secunia Research: http://secunia.com/secunia_research/2011-41/
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-218/ http://www.zerodayinitiative.com/advisories/ZDI-11-219/
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201105-0012", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.154.25" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.156.12" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.154.13" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.106.16" }, { "model": "flash player", "scope": "lte", "trust": 1.8, "vendor": "adobe", "version": "10.2.159.1" }, { "model": "flash player", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "10.1.92.8" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.2.152.33" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.24.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.63" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.35.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.14.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.28" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.1.52.14.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.67.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.33.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.0.584" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.1.52.15" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.2" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.262.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.112.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.2.152" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.69.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.68.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.25" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.21.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.22.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.16" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.61.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.12.10" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.53.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.18d60" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.66.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.155.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.34.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.45.2" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.283.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.24.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.79" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.42.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.39.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.19.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.31" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.73.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.2.152.32" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.70.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.114.0" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.2.157.51" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.60.0" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.2.157.51" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.2.159.1" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs 4professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.2.154.28 for chrome users" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.2.157.51 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary eus", "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "rhel supplementary eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6.z (server)" }, { "model": "rhel supplementary long life", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6 (server)" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "freeflow print server 73.b0.73", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.152.21" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.3.185.21" }, { "model": "hat enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "freeflow print server 73.a3.31", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "flash cs4 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.3.181.14" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "flash cs5 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" }, { "model": "solaris express", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.24" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.4" }, { "model": "hat enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.27" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.18" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.28" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.153.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "hat enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.65" } ], "sources": [ { "db": "BID", "id": "47811" }, { "db": "JVNDB", "id": "JVNDB-2011-001649" }, { "db": "NVD", "id": "CVE-2011-0623" }, { "db": "CNNVD", "id": "CNNVD-201105-176" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.154.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2.159.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.277.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.102.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.283.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.154.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.105.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.106.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.156.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2.157.51", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2011-0623" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Secunia", "sources": [ { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" } ], "trust": 0.4 }, "cve": "CVE-2011-0623", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2011-0623", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-48568", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2011-0623", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201105-176", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-48568", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-48568" }, { "db": "JVNDB", "id": "JVNDB-2011-001649" }, { "db": "NVD", "id": "CVE-2011-0623" }, { "db": "CNNVD", "id": "CNNVD-201105-176" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a \"bounds checking\" issue, a different vulnerability than CVE-2011-0624, CVE-2011-0625, and CVE-2011-0626. This vulnerability CVE-2011-0624 , CVE-2011-0625 ,and CVE-2011-0626 Is a different vulnerability.An attacker could execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n______________________________________________________________________________\n\n SUSE Security Announcement\n\n Package: flash-player\n Announcement ID: SUSE-SA:2011:025\n Date: Tue, 17 May 2011 12:00:00 +0000\n Affected Products: openSUSE 11.3\n openSUSE 11.4\n SUSE Linux Enterprise Desktop 11 SP1\n SUSE Linux Enterprise Desktop 10 SP4\n Vulnerability Type: remote code execution\n CVSS v2 Base Score: 6.8\n SUSE Default Package: yes\n Cross-References: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619\n CVE-2011-0620, CVE-2011-0621, CVE-2011-0622\n CVE-2011-0623, CVE-2011-0624, CVE-2011-0625\n CVE-2011-0626, CVE-2011-0627\n\n Content of This Advisory:\n 1) Problem Description\n flash-player security update to 10.3\n 2) Solution or Work-Around\n 3) Special Instructions and Notes\n 4) Package Location and Checksums\n 5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n 6) Authenticity Verification and Additional Information\n\n______________________________________________________________________________\n\n1) Problem Description and Brief Discussion\n\n Flash Player has been updated to version 10.3, fixing bugs\n and security issues. \n - CVE-2011-0589: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0618: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Numeric Errors (CWE-189)\n - CVE-2011-0619: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0620: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0621: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0622: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0623: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0624: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0625: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0626: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0627: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n \n More information can be found on:\n http://www.adobe.com/support/security/bulletins/apsb11-12.html\n\n2) Solution or Work-Around\n\n If supported by the browser, you can disable the flash plugin. \n\n3) Special Instructions and Notes\n\n After the flash player update has been installed, all programs utilizing\n the flash plugin should be restarted. In particular web browser sessions\n should be restarted.a\n\n4) Package Location and Checksums\n\n The preferred method for installing security updates is to use the YaST\n \"Online Update\" module or the \"zypper\" commandline tool. The package and\n patch management stack will detect which updates are required and\n automatically perform the necessary steps to verify and install them. \n\n Alternatively, download the update packages for your distribution manually\n and verify their integrity by the methods listed in Section 6 of this\n announcement. Then install the packages using the command\n\n rpm -Fhv \u003cfile.rpm\u003e\n\n to apply the update, replacing \u003cfile.rpm\u003e with the filename of the\n downloaded RPM package. \n\n \n x86 Platform:\n \n openSUSE 11.4:\n http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm\n \n openSUSE 11.3:\n http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm\n \n Sources:\n \n openSUSE 11.4:\n http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm\n \n openSUSE 11.3:\n http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm\n \n Our maintenance customers are notified individually. The packages are\n offered for installation from the maintenance web:\n \n SUSE Linux Enterprise Desktop 10 SP4\n http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69\n \n SUSE Linux Enterprise Desktop 11 SP1\n http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad\n\n______________________________________________________________________________\n\n5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n\n See SUSE Security Summary Report. \n\n______________________________________________________________________________\n\n6) Authenticity Verification and Additional Information\n\n - Announcement authenticity verification:\n\n SUSE security announcements are published via mailing lists and on Web\n sites. The authenticity and integrity of a SUSE security announcement is\n guaranteed by a cryptographic signature in each announcement. All SUSE\n security announcements are published with a valid signature. \n\n To verify the signature of the announcement, save it as text into a file\n and run the command\n\n gpg --verify \u003cfile\u003e\n\n replacing \u003cfile\u003e with the name of the file where you saved the\n announcement. The output for a valid signature looks like:\n\n gpg: Signature made \u003cDATE\u003e using RSA key ID 3D25D3D9\n gpg: Good signature from \"SuSE Security Team \u003csecurity@suse.de\u003e\"\n\n where \u003cDATE\u003e is replaced by the date the document was signed. \n\n If the security team\u0027s key is not contained in your key ring, you can\n import it from the first installation CD. To import the key, use the\n command\n\n gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc\n\n - Package authenticity verification:\n\n SUSE update packages are available on many mirror FTP servers all over the\n world. While this service is considered valuable and important to the free\n and open source software community, the authenticity and the integrity of\n a package needs to be verified to ensure that it has not been tampered\n with. \n\n The internal rpm package signatures provide an easy way to verify the\n authenticity of an RPM package. Use the command\n\n rpm -v --checksig \u003cfile.rpm\u003e\n\n to verify the signature of the package, replacing \u003cfile.rpm\u003e with the\n filename of the RPM package downloaded. The package is unmodified if it\n contains a valid signature from build@suse.de with the key ID 9C800ACA. \n\n This key is automatically imported into the RPM database (on\n RPMv4-based distributions) and the gpg key ring of \u0027root\u0027 during\n installation. You can also find it on the first installation CD and at\n the end of this announcement. \n\n - SUSE runs two security mailing lists to which any interested party may\n subscribe:\n\n opensuse-security@opensuse.org\n - General Linux and SUSE security discussion. \n All SUSE security announcements are sent to this list. \n To subscribe, send an e-mail to\n \u003copensuse-security+subscribe@opensuse.org\u003e. \n\n opensuse-security-announce@opensuse.org\n - SUSE\u0027s announce-only mailing list. \n Only SUSE\u0027s security announcements are sent to this list. \n To subscribe, send an e-mail to\n \u003copensuse-security-announce+subscribe@opensuse.org\u003e. \n The \u003csecurity@suse.de\u003e public key is listed below. \n =====================================================================\n______________________________________________________________________________\n\n The information in this advisory may be distributed or reproduced,\n provided that the advisory is not modified in any way. In particular, the\n clear text signature should show proof of the authenticity of the text. \n\n SUSE Linux Products GmbH provides no warranties of any kind whatsoever\n with respect to the information contained in this security advisory. \n\nType Bits/KeyID Date User ID\npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team \u003csecurity@suse.de\u003e\npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key \u003cbuild@suse.de\u003e\n\n- -----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1.4.2 (GNU/Linux)\n\nmQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA\nBqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz\nJR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh\n1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U\nP7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+\ncZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg\nVGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b\nyHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7\ntQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ\nxG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63\nOm8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo\nchoXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI\nBkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u\nv/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+\nx9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0\nIx30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq\nMkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2\nsaqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o\nL0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU\nF7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS\nFQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW\ntp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It\nKlj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF\nAjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+\n3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk\nYS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP\n+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR\n8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U\n8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S\ncZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh\nELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB\nUVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo\nAqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n\nKFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi\nBBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro\nnIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg\nKL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx\nyoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn\nB/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV\nwM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh\nUzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF\n5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3\nD3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu\nzgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd\n9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi\na5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13\nCNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp\n271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE\nt5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG\nB/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw\nrbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt\nIJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL\nrWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H\nRKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa\ng8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA\nCspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO\n=ypVs\n- -----END PGP PUBLIC KEY BLOCK-----\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.9 (GNU/Linux)\n\niQEVAwUBTdOSuney5gA9JdPZAQITxQf/Y5fPRPXZbk6J7KRCjiGoJ+zIfmIijKeh\nfF4WiLL02eRbTKbn/gVtb/bmxoRGRO6Np5q1XDjj253EWUc0Zn/oDWiXQzRvmir6\n3os2rjBfUGirpfVzAv0qSAiD7XbMUo/ohvcUwhAxb2PaWipRnynMzUANcARSJ924\n6YMitvr1IF+i8xDF8yThCFkkyjkDuBPzgomB6zs1/Fd+ku04mMFHLVYpf22DQcGh\nwYvHo46lMWURt+aLEu0TJ07OEocaARYfzwqUYuY/4FZ4ias+I1GjCjL1WldQxeA9\nrQ3AGEZ9YVARnkg4CwRHWcYlyYwobanDykmODfu20DWM0FOofrH6xw==\n=mivB\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\nFor more information:\nSA44590\n\nSOLUTION:\nUpdated packages are available via Red Hat Network. \n\nFor more information:\nSA44590\n\n2) An error within WebKit glue may result in an incorrect type cast. \n\n3) Multiple integer overflow errors exist within the handling of SVG\nfilters. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers and Adobe Security Advisories and\nBulletins referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=www-plugins/adobe-flash-10.3.183.10\"\n\nReferences\n==========\n\n[ 1 ] APSA11-01\n http://www.adobe.com/support/security/advisories/apsa11-01.html\n[ 2 ] APSA11-02\n http://www.adobe.com/support/security/advisories/apsa11-02.html\n[ 3 ] APSB11-02\n http://www.adobe.com/support/security/bulletins/apsb11-02.html\n[ 4 ] APSB11-12\n http://www.adobe.com/support/security/bulletins/apsb11-12.html\n[ 5 ] APSB11-13\n http://www.adobe.com/support/security/bulletins/apsb11-13.html\n[ 6 ] APSB11-21\n https://www.adobe.com/support/security/bulletins/apsb11-21.html\n[ 7 ] APSB11-26\n https://www.adobe.com/support/security/bulletins/apsb11-26.html\n[ 8 ] CVE-2011-0558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558\n[ 9 ] CVE-2011-0559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559\n[ 10 ] CVE-2011-0560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560\n[ 11 ] CVE-2011-0561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561\n[ 12 ] CVE-2011-0571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571\n[ 13 ] CVE-2011-0572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572\n[ 14 ] CVE-2011-0573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573\n[ 15 ] CVE-2011-0574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574\n[ 16 ] CVE-2011-0575\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575\n[ 17 ] CVE-2011-0577\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577\n[ 18 ] CVE-2011-0578\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578\n[ 19 ] CVE-2011-0579\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579\n[ 20 ] CVE-2011-0589\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589\n[ 21 ] CVE-2011-0607\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607\n[ 22 ] CVE-2011-0608\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608\n[ 23 ] CVE-2011-0609\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609\n[ 24 ] CVE-2011-0611\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611\n[ 25 ] CVE-2011-0618\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618\n[ 26 ] CVE-2011-0619\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619\n[ 27 ] CVE-2011-0620\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620\n[ 28 ] CVE-2011-0621\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621\n[ 29 ] CVE-2011-0622\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622\n[ 30 ] CVE-2011-0623\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623\n[ 31 ] CVE-2011-0624\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624\n[ 32 ] CVE-2011-0625\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625\n[ 33 ] CVE-2011-0626\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626\n[ 34 ] CVE-2011-0627\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627\n[ 35 ] CVE-2011-0628\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628\n[ 36 ] CVE-2011-2107\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107\n[ 37 ] CVE-2011-2110\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110\n[ 38 ] CVE-2011-2125\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135\n[ 39 ] CVE-2011-2130\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130\n[ 40 ] CVE-2011-2134\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134\n[ 41 ] CVE-2011-2136\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136\n[ 42 ] CVE-2011-2137\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137\n[ 43 ] CVE-2011-2138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138\n[ 44 ] CVE-2011-2139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139\n[ 45 ] CVE-2011-2140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140\n[ 46 ] CVE-2011-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414\n[ 47 ] CVE-2011-2415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415\n[ 48 ] CVE-2011-2416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416\n[ 49 ] CVE-2011-2417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417\n[ 50 ] CVE-2011-2424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424\n[ 51 ] CVE-2011-2425\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425\n[ 52 ] CVE-2011-2426\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426\n[ 53 ] CVE-2011-2427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427\n[ 54 ] CVE-2011-2428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428\n[ 55 ] CVE-2011-2429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429\n[ 56 ] CVE-2011-2430\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430\n[ 57 ] CVE-2011-2444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201110-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. ----------------------------------------------------------------------\n\n\nJoin Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria\nSee to the presentation \"The Dynamics and Threats of End-Point Software Portfolios\" by Secunia\u0027s Research Analyst Director, Stefan Frei. \nRead more:\nhttp://conference.first.org/ \n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Reader / Acrobat Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA43269\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43269/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269\n\nRELEASE DATE:\n2011-06-16\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43269/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43269/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Adobe Reader /\nAcrobat, which can be exploited by malicious people to conduct\ncross-site scripting attacks, disclose potentially sensitive\ninformation, bypass certain security restrictions, and compromise a\nuser\u0027s system. \n\n1) An error in 3difr.x3d due to the component trusting the provided\nstring length when processing certain files can be exploited to cause\na stack-based buffer overflow. \n\n2) An error in tesselate.x3d due to the component trusting the\nprovided string length when processing certain files can be exploited\nto cause a stack-based buffer overflow. \n\n3) An unspecified error can be exploited to cause a heap-based buffer\noverflow. \n\n4) An integer overflow error in ACE.dll when parsing the \"desc\" ICC\nchunk can be exploited to corrupt memory via a specially crafted PDF\nfile. \n\n5) An unspecified error can be exploited to corrupt memory. \n\n6) An unspecified error can be exploited to corrupt memory. \n\n7) An error due to the application loading certain unspecified\nlibraries in an insecure manner can be exploited to load arbitrary\nlibraries by tricking a user into e.g. opening a file located on a\nremote WebDAV or SMB share. \n\n9) An unspecified error can be exploited to bypass certain security\nrestrictions. \n\nThis vulnerability affects Adobe Reader and Acrobat X 10.x only. \n\n10) An unspecified error can be exploited to corrupt memory. \n\nThis vulnerability affects 8.x versions only. \n\n11) An unspecified error can be exploited to corrupt memory. \n\n12) An unspecified error can be exploited to corrupt memory. \n\n13) An unspecified error can be exploited to corrupt memory. \n\nFor more information:\nSA44590\nSA44846\n\nThe vulnerabilities are reported in the following products:\n* Adobe Reader X (10.0.1) and earlier for Windows. \n* Adobe Reader X (10.0.3) and earlier for Macintosh. \n* Adobe Reader 9.4.4 and earlier for Windows and Macintosh. \n* Adobe Reader 8.2.6 and earlier for Windows and Macintosh. \n* Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. \n* Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. \n* Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh. \n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\n1, 2) An anonymous person via ZDI. \n4) Secunia Research. \n\nThe vendor also credits:\n3, 6) Tarjei Mandt, Norman. \n5) Rodrigo Rubira Branco. \n7) Mila Parkour. \n8) Billy Rios, Google Security Team. \n9) Christian Navarrete, CubilFelino Security Research Lab. \n10) Tavis Ormandy, Google Security Team. \n11) Brett Gervasoni, Sense of Security. \n12) Will Dormann, CERT/CC. \n13) James Quirk, Los Alamos, New Mexico. \n\nORIGINAL ADVISORY:\nAdobe (APSB11-16):\nhttp://www.adobe.com/support/security/bulletins/apsb11-16.html\n\nSecunia Research:\nhttp://secunia.com/secunia_research/2011-41/\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-218/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-219/\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2011-0623" }, { "db": "JVNDB", "id": "JVNDB-2011-001649" }, { "db": "BID", "id": "47811" }, { "db": "VULHUB", "id": "VHN-48568" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-0623", "trust": 3.0 }, { "db": "BID", "id": "47811", "trust": 1.2 }, { "db": "SECUNIA", "id": "43269", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2011-001649", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201105-176", "trust": 0.7 }, { "db": "SECUNIA", "id": "44568", "trust": 0.7 }, { "db": "SECUNIA", "id": "44591", "trust": 0.7 }, { "db": "SECUNIA", "id": "44590", "trust": 0.7 }, { "db": "NSFOCUS", "id": "16830", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-48568", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101520", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101403", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101417", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105802", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-218", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-219", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "102309", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101414", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48568" }, { "db": "BID", "id": "47811" }, { "db": "JVNDB", "id": "JVNDB-2011-001649" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0623" }, { "db": "CNNVD", "id": "CNNVD-201105-176" } ] }, "id": "VAR-201105-0012", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-48568" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:09:03.166000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB11-12", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "title": "cpsid_90300", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/903/cpsid_90300.html" }, { "title": "APSB11-12", "trust": 0.8, "url": "http://www.adobe.com/jp/support/security/bulletins/apsb11-12.html" }, { "title": "RHSA-2011:0511", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2011-0511.html" }, { "title": "Multiple vulnerabilities in Adobe Flashplayer ", "trust": 0.8, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer" }, { "title": "install_flashplayer11x32ax_gtba_chra_dy_aih", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=44945" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001649" }, { "db": "CNNVD", "id": "CNNVD-201105-176" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48568" }, { "db": "JVNDB", "id": "JVNDB-2011-001649" }, { "db": "NVD", "id": "CVE-2011-0623" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a13901" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16134" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0623" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20110513-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2011/at110013.txt" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0623" }, { "trust": 0.8, "url": "http://secunia.com/advisories/43269" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/47811" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44568" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44590" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44591" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/16830" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.4, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.4, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.3, "url": "http://www.adobe.com" }, { "trust": 0.3, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/127e996-10b83-4ab94539ab540/cert_xrx11-003_v1.0.pdf" }, { "trust": 0.3, "url": "http://twitter.com/secunia" }, { "trust": 0.3, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.3, "url": "http://www.facebook.com/secunia" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0624" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0627" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0619" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0626" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0622" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0618" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0625" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0589" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0621" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0623" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0620" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm" }, { "trust": 0.1, "url": "http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm" }, { "trust": 0.1, "url": "http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44568/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44568" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44568/" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-0511.html" }, { "trust": 0.1, "url": "http://feeds.feedburner.com/googlechromereleases" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44591/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44591/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44591" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0579" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0626" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2414" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2417" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0575" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0607" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2135" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0621" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0624" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2425" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2107" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2416" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-02.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2110" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0575" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2424" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0559" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-21.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2426" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0620" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0579" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-13.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0578" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2130" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2134" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0619" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2137" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2138" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2136" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0578" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0623" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0577" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0589" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0627" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2428" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-26.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0607" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2430" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2427" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201110-11.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2140" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0559" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0625" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-01.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0622" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0618" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0577" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43269/" }, { "trust": 0.1, "url": "http://conference.first.org/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43269/#comments" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-16.html" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-218/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-219/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_research/2011-41/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44590/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44590/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44590" } ], "sources": [ { "db": "VULHUB", "id": "VHN-48568" }, { "db": "BID", "id": "47811" }, { "db": "JVNDB", "id": "JVNDB-2011-001649" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0623" }, { "db": "CNNVD", "id": "CNNVD-201105-176" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-48568" }, { "db": "BID", "id": "47811" }, { "db": "JVNDB", "id": "JVNDB-2011-001649" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0623" }, { "db": "CNNVD", "id": "CNNVD-201105-176" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-05-13T00:00:00", "db": "VULHUB", "id": "VHN-48568" }, { "date": "2011-05-12T00:00:00", "db": "BID", "id": "47811" }, { "date": "2011-05-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001649" }, { "date": "2011-05-18T14:23:49", "db": "PACKETSTORM", "id": "101520" }, { "date": "2011-05-13T05:29:19", "db": "PACKETSTORM", "id": "101403" }, { "date": "2011-05-15T11:28:00", "db": "PACKETSTORM", "id": "101417" }, { "date": "2011-10-14T06:16:06", "db": "PACKETSTORM", "id": "105802" }, { "date": "2011-06-16T02:14:44", "db": "PACKETSTORM", "id": "102309" }, { "date": "2011-05-15T11:27:52", "db": "PACKETSTORM", "id": "101414" }, { "date": "2011-05-13T22:55:01.440000", "db": "NVD", "id": "CVE-2011-0623" }, { "date": "2011-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201105-176" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-30T00:00:00", "db": "VULHUB", "id": "VHN-48568" }, { "date": "2015-03-19T08:13:00", "db": "BID", "id": "47811" }, { "date": "2011-08-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001649" }, { "date": "2018-10-30T16:26:24.687000", "db": "NVD", "id": "CVE-2011-0623" }, { "date": "2011-05-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201105-176" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "105802" }, { "db": "CNNVD", "id": "CNNVD-201105-176" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001649" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation", "sources": [ { "db": "CNNVD", "id": "CNNVD-201105-176" } ], "trust": 0.6 } }
var-201105-0016
Vulnerability from variot
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626. Adobe Flash Player Contains a vulnerability that allows arbitrary code execution. This vulnerability CVE-2011-0623 , CVE-2011-0624 and CVE-2011-0626 Is a different vulnerability.An attacker could execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUSE Security Announcement
Package: flash-player
Announcement ID: SUSE-SA:2011:025
Date: Tue, 17 May 2011 12:00:00 +0000
Affected Products: openSUSE 11.3
openSUSE 11.4
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 10 SP4
Vulnerability Type: remote code execution
CVSS v2 Base Score: 6.8
SUSE Default Package: yes
Cross-References: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619
CVE-2011-0620, CVE-2011-0621, CVE-2011-0622
CVE-2011-0623, CVE-2011-0624, CVE-2011-0625
CVE-2011-0626, CVE-2011-0627
Content of This Advisory:
1) Problem Description
flash-player security update to 10.3
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
6) Authenticity Verification and Additional Information
1) Problem Description and Brief Discussion
Flash Player has been updated to version 10.3, fixing bugs and security issues. - CVE-2011-0589: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0618: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Numeric Errors (CWE-189) - CVE-2011-0619: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0620: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0621: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0622: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0623: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0624: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0625: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0626: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0627: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20)
More information can be found on: http://www.adobe.com/support/security/bulletins/apsb11-12.html
2) Solution or Work-Around
If supported by the browser, you can disable the flash plugin.
3) Special Instructions and Notes
After the flash player update has been installed, all programs utilizing the flash plugin should be restarted. In particular web browser sessions should be restarted.a
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST "Online Update" module or the "zypper" commandline tool. The package and patch management stack will detect which updates are required and automatically perform the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing
x86 Platform:
openSUSE 11.4: http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm
openSUSE 11.3: http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm
Sources:
openSUSE 11.4: http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm
openSUSE 11.3: http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm
Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web:
SUSE Linux Enterprise Desktop 10 SP4 http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69
SUSE Linux Enterprise Desktop 11 SP1 http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
-
Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file and run the command
gpg --verify
replacing
with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made
using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team security@suse.de" where
is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
-
Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with.
The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command
rpm -v --checksig
to verify the signature of the package, replacing
with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement.
-
SUSE runs two security mailing lists to which any interested party may subscribe:
opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to opensuse-security+subscribe@opensuse.org.
opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to opensuse-security-announce+subscribe@opensuse.org. The security@suse.de public key is listed below. =====================================================================
The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team security@suse.de pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key build@suse.de
- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux)
iQEVAwUBTdOSuney5gA9JdPZAQITxQf/Y5fPRPXZbk6J7KRCjiGoJ+zIfmIijKeh fF4WiLL02eRbTKbn/gVtb/bmxoRGRO6Np5q1XDjj253EWUc0Zn/oDWiXQzRvmir6 3os2rjBfUGirpfVzAv0qSAiD7XbMUo/ohvcUwhAxb2PaWipRnynMzUANcARSJ924 6YMitvr1IF+i8xDF8yThCFkkyjkDuBPzgomB6zs1/Fd+ku04mMFHLVYpf22DQcGh wYvHo46lMWURt+aLEu0TJ07OEocaARYfzwqUYuY/4FZ4ias+I1GjCjL1WldQxeA9 rQ3AGEZ9YVARnkg4CwRHWcYlyYwobanDykmODfu20DWM0FOofrH6xw== =mivB -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
For more information: SA44590
SOLUTION: Updated packages are available via Red Hat Network.
For more information: SA44590
2) An error within WebKit glue may result in an incorrect type cast.
3) Multiple integer overflow errors exist within the handling of SVG filters.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers and Adobe Security Advisories and Bulletins referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10"
References
[ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201110-11.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/
TITLE: Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA43269
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43269/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43269
RELEASE DATE: 2011-06-16
DISCUSS ADVISORY: http://secunia.com/advisories/43269/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43269/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43269
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Reader / Acrobat, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
1) An error in 3difr.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
2) An error in tesselate.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
3) An unspecified error can be exploited to cause a heap-based buffer overflow.
4) An integer overflow error in ACE.dll when parsing the "desc" ICC chunk can be exploited to corrupt memory via a specially crafted PDF file.
5) An unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to corrupt memory.
7) An error due to the application loading certain unspecified libraries in an insecure manner can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share.
9) An unspecified error can be exploited to bypass certain security restrictions.
This vulnerability affects Adobe Reader and Acrobat X 10.x only.
10) An unspecified error can be exploited to corrupt memory.
This vulnerability affects 8.x versions only.
11) An unspecified error can be exploited to corrupt memory.
12) An unspecified error can be exploited to corrupt memory.
13) An unspecified error can be exploited to corrupt memory.
For more information: SA44590 SA44846
The vulnerabilities are reported in the following products: * Adobe Reader X (10.0.1) and earlier for Windows. * Adobe Reader X (10.0.3) and earlier for Macintosh. * Adobe Reader 9.4.4 and earlier for Windows and Macintosh. * Adobe Reader 8.2.6 and earlier for Windows and Macintosh. * Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. * Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. * Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh.
SOLUTION: Apply updates (please see the vendor's advisory for details).
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: 1, 2) An anonymous person via ZDI. 4) Secunia Research.
The vendor also credits: 3, 6) Tarjei Mandt, Norman. 5) Rodrigo Rubira Branco. 7) Mila Parkour. 8) Billy Rios, Google Security Team. 9) Christian Navarrete, CubilFelino Security Research Lab. 10) Tavis Ormandy, Google Security Team. 11) Brett Gervasoni, Sense of Security. 12) Will Dormann, CERT/CC. 13) James Quirk, Los Alamos, New Mexico.
ORIGINAL ADVISORY: Adobe (APSB11-16): http://www.adobe.com/support/security/bulletins/apsb11-16.html
Secunia Research: http://secunia.com/secunia_research/2011-41/
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-218/ http://www.zerodayinitiative.com/advisories/ZDI-11-219/
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201105-0016", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.154.25" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.156.12" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.154.13" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.106.16" }, { "model": "flash player", "scope": "lte", "trust": 1.8, "vendor": "adobe", "version": "10.2.159.1" }, { "model": "flash player", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "10.1.92.8" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.2.152.33" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.24.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.63" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.35.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.14.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.28" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.1.52.14.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.67.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.33.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.0.584" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.1.52.15" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.2" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.262.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.112.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.2.152" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.69.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.68.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.25" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.21.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.22.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.16" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.61.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.12.10" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.53.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.18d60" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.66.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.155.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.34.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.45.2" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.283.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.24.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.79" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.42.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.39.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.19.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.31" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.73.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.2.152.32" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.70.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.114.0" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.2.157.51" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.60.0" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.2.157.51" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.2.159.1" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs4 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.2.154.28 for chrome users" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.2.157.51 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary eus", "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "rhel supplementary eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6.z (server)" }, { "model": "rhel supplementary long life", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6 (server)" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "freeflow print server 73.b0.73", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.152.21" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.3.185.21" }, { "model": "hat enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "in motion blackberry playbook tablet software", "scope": "ne", "trust": 0.3, "vendor": "research", "version": "1.0.6" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "freeflow print server 73.a3.31", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "in motion blackberry playbook tablet software", "scope": "eq", "trust": 0.3, "vendor": "research", "version": "1.0.5.2342" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "flash cs4 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.3.181.14" }, { "model": "flash cs5 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" }, { "model": "solaris express", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.24" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.4" }, { "model": "hat enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.27" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.18" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.28" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.153.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "hat enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.65" } ], "sources": [ { "db": "BID", "id": "47813" }, { "db": "JVNDB", "id": "JVNDB-2011-001651" }, { "db": "NVD", "id": "CVE-2011-0625" }, { "db": "CNNVD", "id": "CNNVD-201105-178" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2.159.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.102.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.283.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.154.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.154.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.277.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.156.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2.157.51", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.105.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.106.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2011-0625" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Secunia", "sources": [ { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" } ], "trust": 0.4 }, "cve": "CVE-2011-0625", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2011-0625", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-48570", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2011-0625", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201105-178", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-48570", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-48570" }, { "db": "JVNDB", "id": "JVNDB-2011-001651" }, { "db": "NVD", "id": "CVE-2011-0625" }, { "db": "CNNVD", "id": "CNNVD-201105-178" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a \"bounds checking\" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626. Adobe Flash Player Contains a vulnerability that allows arbitrary code execution. This vulnerability CVE-2011-0623 , CVE-2011-0624 and CVE-2011-0626 Is a different vulnerability.An attacker could execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n______________________________________________________________________________\n\n SUSE Security Announcement\n\n Package: flash-player\n Announcement ID: SUSE-SA:2011:025\n Date: Tue, 17 May 2011 12:00:00 +0000\n Affected Products: openSUSE 11.3\n openSUSE 11.4\n SUSE Linux Enterprise Desktop 11 SP1\n SUSE Linux Enterprise Desktop 10 SP4\n Vulnerability Type: remote code execution\n CVSS v2 Base Score: 6.8\n SUSE Default Package: yes\n Cross-References: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619\n CVE-2011-0620, CVE-2011-0621, CVE-2011-0622\n CVE-2011-0623, CVE-2011-0624, CVE-2011-0625\n CVE-2011-0626, CVE-2011-0627\n\n Content of This Advisory:\n 1) Problem Description\n flash-player security update to 10.3\n 2) Solution or Work-Around\n 3) Special Instructions and Notes\n 4) Package Location and Checksums\n 5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n 6) Authenticity Verification and Additional Information\n\n______________________________________________________________________________\n\n1) Problem Description and Brief Discussion\n\n Flash Player has been updated to version 10.3, fixing bugs\n and security issues. \n - CVE-2011-0589: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0618: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Numeric Errors (CWE-189)\n - CVE-2011-0619: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0620: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0621: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0622: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0623: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0624: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0625: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0626: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0627: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n \n More information can be found on:\n http://www.adobe.com/support/security/bulletins/apsb11-12.html\n\n2) Solution or Work-Around\n\n If supported by the browser, you can disable the flash plugin. \n\n3) Special Instructions and Notes\n\n After the flash player update has been installed, all programs utilizing\n the flash plugin should be restarted. In particular web browser sessions\n should be restarted.a\n\n4) Package Location and Checksums\n\n The preferred method for installing security updates is to use the YaST\n \"Online Update\" module or the \"zypper\" commandline tool. The package and\n patch management stack will detect which updates are required and\n automatically perform the necessary steps to verify and install them. \n\n Alternatively, download the update packages for your distribution manually\n and verify their integrity by the methods listed in Section 6 of this\n announcement. Then install the packages using the command\n\n rpm -Fhv \u003cfile.rpm\u003e\n\n to apply the update, replacing \u003cfile.rpm\u003e with the filename of the\n downloaded RPM package. \n\n \n x86 Platform:\n \n openSUSE 11.4:\n http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm\n \n openSUSE 11.3:\n http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm\n \n Sources:\n \n openSUSE 11.4:\n http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm\n \n openSUSE 11.3:\n http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm\n \n Our maintenance customers are notified individually. The packages are\n offered for installation from the maintenance web:\n \n SUSE Linux Enterprise Desktop 10 SP4\n http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69\n \n SUSE Linux Enterprise Desktop 11 SP1\n http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad\n\n______________________________________________________________________________\n\n5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n\n See SUSE Security Summary Report. \n\n______________________________________________________________________________\n\n6) Authenticity Verification and Additional Information\n\n - Announcement authenticity verification:\n\n SUSE security announcements are published via mailing lists and on Web\n sites. The authenticity and integrity of a SUSE security announcement is\n guaranteed by a cryptographic signature in each announcement. All SUSE\n security announcements are published with a valid signature. \n\n To verify the signature of the announcement, save it as text into a file\n and run the command\n\n gpg --verify \u003cfile\u003e\n\n replacing \u003cfile\u003e with the name of the file where you saved the\n announcement. The output for a valid signature looks like:\n\n gpg: Signature made \u003cDATE\u003e using RSA key ID 3D25D3D9\n gpg: Good signature from \"SuSE Security Team \u003csecurity@suse.de\u003e\"\n\n where \u003cDATE\u003e is replaced by the date the document was signed. \n\n If the security team\u0027s key is not contained in your key ring, you can\n import it from the first installation CD. To import the key, use the\n command\n\n gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc\n\n - Package authenticity verification:\n\n SUSE update packages are available on many mirror FTP servers all over the\n world. While this service is considered valuable and important to the free\n and open source software community, the authenticity and the integrity of\n a package needs to be verified to ensure that it has not been tampered\n with. \n\n The internal rpm package signatures provide an easy way to verify the\n authenticity of an RPM package. Use the command\n\n rpm -v --checksig \u003cfile.rpm\u003e\n\n to verify the signature of the package, replacing \u003cfile.rpm\u003e with the\n filename of the RPM package downloaded. The package is unmodified if it\n contains a valid signature from build@suse.de with the key ID 9C800ACA. \n\n This key is automatically imported into the RPM database (on\n RPMv4-based distributions) and the gpg key ring of \u0027root\u0027 during\n installation. You can also find it on the first installation CD and at\n the end of this announcement. \n\n - SUSE runs two security mailing lists to which any interested party may\n subscribe:\n\n opensuse-security@opensuse.org\n - General Linux and SUSE security discussion. \n All SUSE security announcements are sent to this list. \n To subscribe, send an e-mail to\n \u003copensuse-security+subscribe@opensuse.org\u003e. \n\n opensuse-security-announce@opensuse.org\n - SUSE\u0027s announce-only mailing list. \n Only SUSE\u0027s security announcements are sent to this list. \n To subscribe, send an e-mail to\n \u003copensuse-security-announce+subscribe@opensuse.org\u003e. \n The \u003csecurity@suse.de\u003e public key is listed below. \n =====================================================================\n______________________________________________________________________________\n\n The information in this advisory may be distributed or reproduced,\n provided that the advisory is not modified in any way. In particular, the\n clear text signature should show proof of the authenticity of the text. \n\n SUSE Linux Products GmbH provides no warranties of any kind whatsoever\n with respect to the information contained in this security advisory. \n\nType Bits/KeyID Date User ID\npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team \u003csecurity@suse.de\u003e\npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key \u003cbuild@suse.de\u003e\n\n- -----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1.4.2 (GNU/Linux)\n\nmQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA\nBqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz\nJR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh\n1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U\nP7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+\ncZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg\nVGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b\nyHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7\ntQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ\nxG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63\nOm8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo\nchoXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI\nBkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u\nv/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+\nx9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0\nIx30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq\nMkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2\nsaqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o\nL0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU\nF7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS\nFQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW\ntp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It\nKlj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF\nAjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+\n3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk\nYS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP\n+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR\n8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U\n8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S\ncZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh\nELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB\nUVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo\nAqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n\nKFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi\nBBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro\nnIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg\nKL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx\nyoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn\nB/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV\nwM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh\nUzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF\n5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3\nD3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu\nzgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd\n9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi\na5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13\nCNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp\n271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE\nt5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG\nB/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw\nrbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt\nIJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL\nrWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H\nRKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa\ng8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA\nCspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO\n=ypVs\n- -----END PGP PUBLIC KEY BLOCK-----\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.9 (GNU/Linux)\n\niQEVAwUBTdOSuney5gA9JdPZAQITxQf/Y5fPRPXZbk6J7KRCjiGoJ+zIfmIijKeh\nfF4WiLL02eRbTKbn/gVtb/bmxoRGRO6Np5q1XDjj253EWUc0Zn/oDWiXQzRvmir6\n3os2rjBfUGirpfVzAv0qSAiD7XbMUo/ohvcUwhAxb2PaWipRnynMzUANcARSJ924\n6YMitvr1IF+i8xDF8yThCFkkyjkDuBPzgomB6zs1/Fd+ku04mMFHLVYpf22DQcGh\nwYvHo46lMWURt+aLEu0TJ07OEocaARYfzwqUYuY/4FZ4ias+I1GjCjL1WldQxeA9\nrQ3AGEZ9YVARnkg4CwRHWcYlyYwobanDykmODfu20DWM0FOofrH6xw==\n=mivB\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\nFor more information:\nSA44590\n\nSOLUTION:\nUpdated packages are available via Red Hat Network. \n\nFor more information:\nSA44590\n\n2) An error within WebKit glue may result in an incorrect type cast. \n\n3) Multiple integer overflow errors exist within the handling of SVG\nfilters. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers and Adobe Security Advisories and\nBulletins referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=www-plugins/adobe-flash-10.3.183.10\"\n\nReferences\n==========\n\n[ 1 ] APSA11-01\n http://www.adobe.com/support/security/advisories/apsa11-01.html\n[ 2 ] APSA11-02\n http://www.adobe.com/support/security/advisories/apsa11-02.html\n[ 3 ] APSB11-02\n http://www.adobe.com/support/security/bulletins/apsb11-02.html\n[ 4 ] APSB11-12\n http://www.adobe.com/support/security/bulletins/apsb11-12.html\n[ 5 ] APSB11-13\n http://www.adobe.com/support/security/bulletins/apsb11-13.html\n[ 6 ] APSB11-21\n https://www.adobe.com/support/security/bulletins/apsb11-21.html\n[ 7 ] APSB11-26\n https://www.adobe.com/support/security/bulletins/apsb11-26.html\n[ 8 ] CVE-2011-0558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558\n[ 9 ] CVE-2011-0559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559\n[ 10 ] CVE-2011-0560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560\n[ 11 ] CVE-2011-0561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561\n[ 12 ] CVE-2011-0571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571\n[ 13 ] CVE-2011-0572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572\n[ 14 ] CVE-2011-0573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573\n[ 15 ] CVE-2011-0574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574\n[ 16 ] CVE-2011-0575\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575\n[ 17 ] CVE-2011-0577\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577\n[ 18 ] CVE-2011-0578\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578\n[ 19 ] CVE-2011-0579\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579\n[ 20 ] CVE-2011-0589\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589\n[ 21 ] CVE-2011-0607\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607\n[ 22 ] CVE-2011-0608\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608\n[ 23 ] CVE-2011-0609\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609\n[ 24 ] CVE-2011-0611\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611\n[ 25 ] CVE-2011-0618\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618\n[ 26 ] CVE-2011-0619\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619\n[ 27 ] CVE-2011-0620\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620\n[ 28 ] CVE-2011-0621\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621\n[ 29 ] CVE-2011-0622\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622\n[ 30 ] CVE-2011-0623\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623\n[ 31 ] CVE-2011-0624\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624\n[ 32 ] CVE-2011-0625\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625\n[ 33 ] CVE-2011-0626\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626\n[ 34 ] CVE-2011-0627\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627\n[ 35 ] CVE-2011-0628\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628\n[ 36 ] CVE-2011-2107\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107\n[ 37 ] CVE-2011-2110\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110\n[ 38 ] CVE-2011-2125\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135\n[ 39 ] CVE-2011-2130\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130\n[ 40 ] CVE-2011-2134\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134\n[ 41 ] CVE-2011-2136\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136\n[ 42 ] CVE-2011-2137\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137\n[ 43 ] CVE-2011-2138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138\n[ 44 ] CVE-2011-2139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139\n[ 45 ] CVE-2011-2140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140\n[ 46 ] CVE-2011-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414\n[ 47 ] CVE-2011-2415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415\n[ 48 ] CVE-2011-2416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416\n[ 49 ] CVE-2011-2417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417\n[ 50 ] CVE-2011-2424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424\n[ 51 ] CVE-2011-2425\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425\n[ 52 ] CVE-2011-2426\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426\n[ 53 ] CVE-2011-2427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427\n[ 54 ] CVE-2011-2428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428\n[ 55 ] CVE-2011-2429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429\n[ 56 ] CVE-2011-2430\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430\n[ 57 ] CVE-2011-2444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201110-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. ----------------------------------------------------------------------\n\n\nJoin Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria\nSee to the presentation \"The Dynamics and Threats of End-Point Software Portfolios\" by Secunia\u0027s Research Analyst Director, Stefan Frei. \nRead more:\nhttp://conference.first.org/ \n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Reader / Acrobat Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA43269\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43269/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269\n\nRELEASE DATE:\n2011-06-16\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43269/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43269/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Adobe Reader /\nAcrobat, which can be exploited by malicious people to conduct\ncross-site scripting attacks, disclose potentially sensitive\ninformation, bypass certain security restrictions, and compromise a\nuser\u0027s system. \n\n1) An error in 3difr.x3d due to the component trusting the provided\nstring length when processing certain files can be exploited to cause\na stack-based buffer overflow. \n\n2) An error in tesselate.x3d due to the component trusting the\nprovided string length when processing certain files can be exploited\nto cause a stack-based buffer overflow. \n\n3) An unspecified error can be exploited to cause a heap-based buffer\noverflow. \n\n4) An integer overflow error in ACE.dll when parsing the \"desc\" ICC\nchunk can be exploited to corrupt memory via a specially crafted PDF\nfile. \n\n5) An unspecified error can be exploited to corrupt memory. \n\n6) An unspecified error can be exploited to corrupt memory. \n\n7) An error due to the application loading certain unspecified\nlibraries in an insecure manner can be exploited to load arbitrary\nlibraries by tricking a user into e.g. opening a file located on a\nremote WebDAV or SMB share. \n\n9) An unspecified error can be exploited to bypass certain security\nrestrictions. \n\nThis vulnerability affects Adobe Reader and Acrobat X 10.x only. \n\n10) An unspecified error can be exploited to corrupt memory. \n\nThis vulnerability affects 8.x versions only. \n\n11) An unspecified error can be exploited to corrupt memory. \n\n12) An unspecified error can be exploited to corrupt memory. \n\n13) An unspecified error can be exploited to corrupt memory. \n\nFor more information:\nSA44590\nSA44846\n\nThe vulnerabilities are reported in the following products:\n* Adobe Reader X (10.0.1) and earlier for Windows. \n* Adobe Reader X (10.0.3) and earlier for Macintosh. \n* Adobe Reader 9.4.4 and earlier for Windows and Macintosh. \n* Adobe Reader 8.2.6 and earlier for Windows and Macintosh. \n* Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. \n* Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. \n* Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh. \n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\n1, 2) An anonymous person via ZDI. \n4) Secunia Research. \n\nThe vendor also credits:\n3, 6) Tarjei Mandt, Norman. \n5) Rodrigo Rubira Branco. \n7) Mila Parkour. \n8) Billy Rios, Google Security Team. \n9) Christian Navarrete, CubilFelino Security Research Lab. \n10) Tavis Ormandy, Google Security Team. \n11) Brett Gervasoni, Sense of Security. \n12) Will Dormann, CERT/CC. \n13) James Quirk, Los Alamos, New Mexico. \n\nORIGINAL ADVISORY:\nAdobe (APSB11-16):\nhttp://www.adobe.com/support/security/bulletins/apsb11-16.html\n\nSecunia Research:\nhttp://secunia.com/secunia_research/2011-41/\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-218/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-219/\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2011-0625" }, { "db": "JVNDB", "id": "JVNDB-2011-001651" }, { "db": "BID", "id": "47813" }, { "db": "VULHUB", "id": "VHN-48570" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-0625", "trust": 3.0 }, { "db": "BID", "id": "47813", "trust": 1.2 }, { "db": "SECUNIA", "id": "43269", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2011-001651", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201105-178", "trust": 0.7 }, { "db": "SECUNIA", "id": "44568", "trust": 0.7 }, { "db": "SECUNIA", "id": "44591", "trust": 0.7 }, { "db": "SECUNIA", "id": "44590", "trust": 0.7 }, { "db": "NSFOCUS", "id": "16830", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-48570", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101520", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101403", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101417", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105802", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-218", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-219", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "102309", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101414", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48570" }, { "db": "BID", "id": "47813" }, { "db": "JVNDB", "id": "JVNDB-2011-001651" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0625" }, { "db": "CNNVD", "id": "CNNVD-201105-178" } ] }, "id": "VAR-201105-0016", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-48570" } ], "trust": 0.24074074 }, "last_update_date": "2023-12-18T11:38:41.389000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB11-12", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "title": "cpsid_90300", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/903/cpsid_90300.html" }, { "title": "APSB11-12", "trust": 0.8, "url": "http://www.adobe.com/jp/support/security/bulletins/apsb11-12.html" }, { "title": "RHSA-2011:0511", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2011-0511.html" }, { "title": "Multiple vulnerabilities in Adobe Flashplayer", "trust": 0.8, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001651" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48570" }, { "db": "JVNDB", "id": "JVNDB-2011-001651" }, { "db": "NVD", "id": "CVE-2011-0625" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14077" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16076" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0625" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20110513-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2011/at110013.txt" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0625" }, { "trust": 0.8, "url": "http://secunia.com/advisories/43269" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/47813" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44568" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44590" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44591" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/16830" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.4, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.4, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.3, "url": "http://www.adobe.com" }, { "trust": 0.3, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer" }, { "trust": 0.3, "url": "http://www.blackberry.com/btsc/kb27365" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/127e996-10b83-4ab94539ab540/cert_xrx11-003_v1.0.pdf" }, { "trust": 0.3, "url": "http://twitter.com/secunia" }, { "trust": 0.3, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.3, "url": "http://www.facebook.com/secunia" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0624" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0627" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0619" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0626" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0622" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0618" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0625" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0589" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0621" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0623" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0620" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm" }, { "trust": 0.1, "url": "http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm" }, { "trust": 0.1, "url": "http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44568/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44568" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44568/" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-0511.html" }, { "trust": 0.1, "url": "http://feeds.feedburner.com/googlechromereleases" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44591/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44591/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44591" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0579" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0626" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2414" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2417" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0575" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0607" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2135" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0621" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0624" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2425" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2107" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2416" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-02.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2110" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0575" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2424" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0559" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-21.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2426" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0620" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0579" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-13.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0578" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2130" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2134" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0619" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2137" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2138" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2136" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0578" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0623" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0577" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0589" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0627" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2428" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-26.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0607" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2430" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2427" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201110-11.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2140" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0559" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0625" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-01.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0622" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0618" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0577" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43269/" }, { "trust": 0.1, "url": "http://conference.first.org/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43269/#comments" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-16.html" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-218/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-219/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_research/2011-41/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44590/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44590/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44590" } ], "sources": [ { "db": "VULHUB", "id": "VHN-48570" }, { "db": "BID", "id": "47813" }, { "db": "JVNDB", "id": "JVNDB-2011-001651" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0625" }, { "db": "CNNVD", "id": "CNNVD-201105-178" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-48570" }, { "db": "BID", "id": "47813" }, { "db": "JVNDB", "id": "JVNDB-2011-001651" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0625" }, { "db": "CNNVD", "id": "CNNVD-201105-178" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-05-13T00:00:00", "db": "VULHUB", "id": "VHN-48570" }, { "date": "2011-05-12T00:00:00", "db": "BID", "id": "47813" }, { "date": "2011-05-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001651" }, { "date": "2011-05-18T14:23:49", "db": "PACKETSTORM", "id": "101520" }, { "date": "2011-05-13T05:29:19", "db": "PACKETSTORM", "id": "101403" }, { "date": "2011-05-15T11:28:00", "db": "PACKETSTORM", "id": "101417" }, { "date": "2011-10-14T06:16:06", "db": "PACKETSTORM", "id": "105802" }, { "date": "2011-06-16T02:14:44", "db": "PACKETSTORM", "id": "102309" }, { "date": "2011-05-15T11:27:52", "db": "PACKETSTORM", "id": "101414" }, { "date": "2011-05-13T22:55:01.517000", "db": "NVD", "id": "CVE-2011-0625" }, { "date": "2011-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201105-178" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-30T00:00:00", "db": "VULHUB", "id": "VHN-48570" }, { "date": "2013-06-20T09:39:00", "db": "BID", "id": "47813" }, { "date": "2011-08-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001651" }, { "date": "2018-10-30T16:26:24.687000", "db": "NVD", "id": "CVE-2011-0625" }, { "date": "2011-05-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201105-178" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "105802" }, { "db": "CNNVD", "id": "CNNVD-201105-178" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001651" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation", "sources": [ { "db": "CNNVD", "id": "CNNVD-201105-178" } ], "trust": 0.6 } }
var-201011-0244
Vulnerability from variot
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3650. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions. NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest stable version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
[ 1 ] APSB10-06 http://www.adobe.com/support/security/bulletins/apsb10-06.html [ 2 ] APSB10-14 http://www.adobe.com/support/security/bulletins/apsb10-14.html [ 3 ] APSB10-16 http://www.adobe.com/support/security/bulletins/apsb10-16.html [ 4 ] APSB10-22 http://www.adobe.com/support/security/bulletins/apsb10-22.html [ 5 ] APSB10-26 http://www.adobe.com/support/security/bulletins/apsb10-26.html [ 6 ] CVE-2008-4546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546 [ 7 ] CVE-2009-3793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793 [ 8 ] CVE-2010-0186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186 [ 9 ] CVE-2010-0187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187 [ 10 ] CVE-2010-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209 [ 11 ] CVE-2010-1297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297 [ 12 ] CVE-2010-2160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160 [ 13 ] CVE-2010-2161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161 [ 14 ] CVE-2010-2162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162 [ 15 ] CVE-2010-2163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163 [ 16 ] CVE-2010-2164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164 [ 17 ] CVE-2010-2165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165 [ 18 ] CVE-2010-2166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166 [ 19 ] CVE-2010-2167 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167 [ 20 ] CVE-2010-2169 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169 [ 21 ] CVE-2010-2170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170 [ 22 ] CVE-2010-2171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171 [ 23 ] CVE-2010-2172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172 [ 24 ] CVE-2010-2173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173 [ 25 ] CVE-2010-2174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174 [ 26 ] CVE-2010-2175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175 [ 27 ] CVE-2010-2176 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176 [ 28 ] CVE-2010-2177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177 [ 29 ] CVE-2010-2178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178 [ 30 ] CVE-2010-2179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179 [ 31 ] CVE-2010-2180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180 [ 32 ] CVE-2010-2181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181 [ 33 ] CVE-2010-2182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182 [ 34 ] CVE-2010-2183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183 [ 35 ] CVE-2010-2184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184 [ 36 ] CVE-2010-2185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185 [ 37 ] CVE-2010-2186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186 [ 38 ] CVE-2010-2187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187 [ 39 ] CVE-2010-2188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188 [ 40 ] CVE-2010-2189 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189 [ 41 ] CVE-2010-2213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213 [ 42 ] CVE-2010-2214 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214 [ 43 ] CVE-2010-2215 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215 [ 44 ] CVE-2010-2216 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216 [ 45 ] CVE-2010-2884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884 [ 46 ] CVE-2010-3636 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636 [ 47 ] CVE-2010-3639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639 [ 48 ] CVE-2010-3640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640 [ 49 ] CVE-2010-3641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641 [ 50 ] CVE-2010-3642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642 [ 51 ] CVE-2010-3643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643 [ 52 ] CVE-2010-3644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644 [ 53 ] CVE-2010-3645 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645 [ 54 ] CVE-2010-3646 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646 [ 55 ] CVE-2010-3647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647 [ 56 ] CVE-2010-3648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648 [ 57 ] CVE-2010-3649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649 [ 58 ] CVE-2010-3650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650 [ 59 ] CVE-2010-3652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652 [ 60 ] CVE-2010-3654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654 [ 61 ] CVE-2010-3976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information: SA38547 SA40026 SA40907 SA41434 SA41917
SOLUTION: Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta: http://secunia.com/products/corporate/vim/
TITLE: Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID: SA41917
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE: 2010-10-29
DISCUSS ADVISORY: http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been discovered in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a fully patched Windows XP Professional SP3. Other versions may also be affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION: Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day.
ORIGINAL ADVISORY: Adobe APSA10-05: http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour: http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
For more information: SA41917
SOLUTION: Updated packages are available via Red Hat Network
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201011-0244", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "10.0" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "flash player", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "air", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "2.0.4" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs3 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs4 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.95.1 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "3" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.8.z extras" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.92.8" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.52.14.1" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.52.15" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.0.45.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "air", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "2.5.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.2" }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.3" }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2.12610" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "solaris express", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.01" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9130" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9120" }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.0" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" } ], "sources": [ { "db": "BID", "id": "44687" }, { "db": "JVNDB", "id": "JVNDB-2010-002336" }, { "db": "CNNVD", "id": "CNNVD-201011-075" }, { "db": "NVD", "id": "CVE-2010-3652" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.289.0", "versionStartIncluding": "9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.1.102.64", "versionStartIncluding": "10.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:sun:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.1.95.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3652" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Will Dormman of CERT", "sources": [ { "db": "BID", "id": "44687" }, { "db": "CNNVD", "id": "CNNVD-201011-075" } ], "trust": 0.9 }, "cve": "CVE-2010-3652", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2010-3652", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-46257", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2010-3652", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201011-075", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-46257", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-46257" }, { "db": "JVNDB", "id": "JVNDB-2010-002336" }, { "db": "CNNVD", "id": "CNNVD-201011-075" }, { "db": "NVD", "id": "CVE-2010-3652" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3650. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions. \nNOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. For\nfurther information please consult the CVE entries and the Adobe\nSecurity Bulletins referenced below. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest stable\nversion:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=www-plugins/adobe-flash-10.1.102.64\"\n\nReferences\n==========\n\n [ 1 ] APSB10-06\n http://www.adobe.com/support/security/bulletins/apsb10-06.html\n [ 2 ] APSB10-14\n http://www.adobe.com/support/security/bulletins/apsb10-14.html\n [ 3 ] APSB10-16\n http://www.adobe.com/support/security/bulletins/apsb10-16.html\n [ 4 ] APSB10-22\n http://www.adobe.com/support/security/bulletins/apsb10-22.html\n [ 5 ] APSB10-26\n http://www.adobe.com/support/security/bulletins/apsb10-26.html\n [ 6 ] CVE-2008-4546\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546\n [ 7 ] CVE-2009-3793\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793\n [ 8 ] CVE-2010-0186\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186\n [ 9 ] CVE-2010-0187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187\n [ 10 ] CVE-2010-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209\n [ 11 ] CVE-2010-1297\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297\n [ 12 ] CVE-2010-2160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160\n [ 13 ] CVE-2010-2161\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161\n [ 14 ] CVE-2010-2162\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162\n [ 15 ] CVE-2010-2163\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163\n [ 16 ] CVE-2010-2164\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164\n [ 17 ] CVE-2010-2165\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165\n [ 18 ] CVE-2010-2166\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166\n [ 19 ] CVE-2010-2167\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167\n [ 20 ] CVE-2010-2169\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169\n [ 21 ] CVE-2010-2170\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170\n [ 22 ] CVE-2010-2171\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171\n [ 23 ] CVE-2010-2172\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172\n [ 24 ] CVE-2010-2173\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173\n [ 25 ] CVE-2010-2174\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174\n [ 26 ] CVE-2010-2175\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175\n [ 27 ] CVE-2010-2176\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176\n [ 28 ] CVE-2010-2177\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177\n [ 29 ] CVE-2010-2178\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178\n [ 30 ] CVE-2010-2179\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179\n [ 31 ] CVE-2010-2180\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180\n [ 32 ] CVE-2010-2181\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181\n [ 33 ] CVE-2010-2182\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182\n [ 34 ] CVE-2010-2183\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183\n [ 35 ] CVE-2010-2184\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184\n [ 36 ] CVE-2010-2185\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185\n [ 37 ] CVE-2010-2186\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186\n [ 38 ] CVE-2010-2187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187\n [ 39 ] CVE-2010-2188\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188\n [ 40 ] CVE-2010-2189\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189\n [ 41 ] CVE-2010-2213\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213\n [ 42 ] CVE-2010-2214\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214\n [ 43 ] CVE-2010-2215\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215\n [ 44 ] CVE-2010-2216\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216\n [ 45 ] CVE-2010-2884\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884\n [ 46 ] CVE-2010-3636\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636\n [ 47 ] CVE-2010-3639\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639\n [ 48 ] CVE-2010-3640\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640\n [ 49 ] CVE-2010-3641\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641\n [ 50 ] CVE-2010-3642\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642\n [ 51 ] CVE-2010-3643\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643\n [ 52 ] CVE-2010-3644\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644\n [ 53 ] CVE-2010-3645\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645\n [ 54 ] CVE-2010-3646\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646\n [ 55 ] CVE-2010-3647\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647\n [ 56 ] CVE-2010-3648\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648\n [ 57 ] CVE-2010-3649\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649\n [ 58 ] CVE-2010-3650\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650\n [ 59 ] CVE-2010-3652\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652\n [ 60 ] CVE-2010-3654\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654\n [ 61 ] CVE-2010-3976\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201101-09.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n\n. \n\nFor more information:\nSA38547\nSA40026\nSA40907\nSA41434\nSA41917\n\nSOLUTION:\nUpdate to version \"www-plugins/adobe-flash-10.1.102.64\" or later. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. \n\nJoin the beta: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Flash Player Unspecified Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA41917\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/41917/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nRELEASE DATE:\n2010-10-29\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/41917/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/41917/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in Adobe Flash Player, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is confirmed in version 10.1.85.3 running on a\nfully patched Windows XP Professional SP3. Other versions may also be\naffected. \n\nNOTE: The vulnerability is currently being actively exploited. \n\nSOLUTION:\nAdobe plans to release a fixed version on November 9, 2010. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported as a 0-day. \n\nORIGINAL ADVISORY:\nAdobe APSA10-05:\nhttp://www.adobe.com/support/security/advisories/apsa10-05.html\n\nMila Parkour:\nhttp://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This fixes multiple\nvulnerabilities, which can be exploited by malicious people to\ndisclose sensitive information, bypass certain security restrictions,\nor compromise a user\u0027s system. \n\nFor more information:\nSA41917\n\nSOLUTION:\nUpdated packages are available via Red Hat Network", "sources": [ { "db": "NVD", "id": "CVE-2010-3652" }, { "db": "JVNDB", "id": "JVNDB-2010-002336" }, { "db": "BID", "id": "44687" }, { "db": "VULHUB", "id": "VHN-46257" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-3652", "trust": 2.9 }, { "db": "BID", "id": "44687", "trust": 2.8 }, { "db": "VUPEN", "id": "ADV-2010-2903", "trust": 2.5 }, { "db": "SECUNIA", "id": "42926", "trust": 1.8 }, { "db": "SECUNIA", "id": "42183", "trust": 1.8 }, { "db": "SECUNIA", "id": "43026", "trust": 1.8 }, { "db": "VUPEN", "id": "ADV-2011-0173", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-2918", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-2906", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2011-0192", "trust": 1.7 }, { "db": "SECUNIA", "id": "41917", "trust": 0.9 }, { "db": "JVNDB", "id": "JVNDB-2010-002336", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201011-075", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-46257", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97654", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97735", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97788", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95253", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95657", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-46257" }, { "db": "BID", "id": "44687" }, { "db": "JVNDB", "id": "JVNDB-2010-002336" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-075" }, { "db": "NVD", "id": "CVE-2010-3652" } ] }, "id": "VAR-201011-0244", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-46257" } ], "trust": 0.01 }, "last_update_date": "2024-05-18T21:39:00.410000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB10-26", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "title": "cpsid_87813", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/878/cpsid_87813.html" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435?viewlocale=ja_jp" }, { "title": "RHSA-2010:0829", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0829.html" }, { "title": "RHSA-2010:0834", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0834.html" }, { "title": "RHSA-2010:0867", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0867.html" }, { "title": "multiple_vulnerabilities_in_adobe_flash1", "trust": 0.8, "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" }, { "title": "flash-player-10.1.10 2.64-0.1.1.i586", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35063" }, { "title": "MacOSXUpdCombo10.6.5", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35062" }, { "title": "install_flash_player_10.1.102.64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35061" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002336" }, { "db": "CNNVD", "id": "CNNVD-201011-075" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3652" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://www.securityfocus.com/bid/44687" }, { "trust": 2.5, "url": "http://www.vupen.com/english/advisories/2010/2903" }, { "trust": 2.1, "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" }, { "trust": 2.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html" }, { "trust": 1.7, "url": "http://support.apple.com/kb/ht4435" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11965" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15284" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0829.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0834.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0867.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42183" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42926" }, { "trust": 1.7, "url": "http://secunia.com/advisories/43026" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/2906" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/2918" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2011/0173" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2011/0192" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3652" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20101105-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2010/at100029.txt" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu331391" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3652" }, { "trust": 0.8, "url": "http://secunia.com/advisories/41917" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.4, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.4, "url": "http://secunia.com/products/corporate/vim/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.4, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.4, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.3, "url": "http://www.adobe.com/products/flash/" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=130331642631603\u0026amp;w=2" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42926/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42926" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42926/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3639" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2181" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2161" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2174" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3644" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2215" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2171" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2162" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2181" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4546" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4546" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2180" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2171" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2180" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2164" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2179" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2169" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3648" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2164" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2173" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3654" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3793" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2177" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3645" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2179" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2165" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2172" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3976" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2216" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-16.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3647" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2173" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-06.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2172" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3793" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2160" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2213" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2184" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2167" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3646" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2169" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2175" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2214" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2178" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2165" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2188" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2189" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3643" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2161" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3636" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3641" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2174" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3650" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2183" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2178" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2170" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2177" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2162" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3640" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2170" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-22.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2175" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3649" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2167" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2884" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3642" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/advisories/43026/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43026/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43026" }, { "trust": 0.1, "url": "http://www.gentoo.org/security/en/glsa/glsa-201101-09.xml" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa10-05.html" }, { "trust": 0.1, "url": "http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42183" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42183/#comments" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2010-0829.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42183/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-46257" }, { "db": "BID", "id": "44687" }, { "db": "JVNDB", "id": "JVNDB-2010-002336" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-075" }, { "db": "NVD", "id": "CVE-2010-3652" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-46257" }, { "db": "BID", "id": "44687" }, { "db": "JVNDB", "id": "JVNDB-2010-002336" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-075" }, { "db": "NVD", "id": "CVE-2010-3652" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-11-07T00:00:00", "db": "VULHUB", "id": "VHN-46257" }, { "date": "2010-11-04T00:00:00", "db": "BID", "id": "44687" }, { "date": "2010-11-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002336" }, { "date": "2011-01-19T04:51:35", "db": "PACKETSTORM", "id": "97654" }, { "date": "2011-01-21T21:15:05", "db": "PACKETSTORM", "id": "97735" }, { "date": "2011-01-24T07:05:29", "db": "PACKETSTORM", "id": "97788" }, { "date": "2010-10-29T05:44:30", "db": "PACKETSTORM", "id": "95253" }, { "date": "2010-11-09T02:06:41", "db": "PACKETSTORM", "id": "95657" }, { "date": "2010-11-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-075" }, { "date": "2010-11-07T22:00:02.503000", "db": "NVD", "id": "CVE-2010-3652" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-46257" }, { "date": "2015-03-19T08:33:00", "db": "BID", "id": "44687" }, { "date": "2011-02-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002336" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-075" }, { "date": "2024-05-17T16:54:47.760000", "db": "NVD", "id": "CVE-2010-3652" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "97735" }, { "db": "CNNVD", "id": "CNNVD-201011-075" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002336" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201011-075" } ], "trust": 0.6 } }
var-201011-0231
Vulnerability from variot
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Mac OS X, when Safari is used, allows attackers to obtain sensitive information via unknown vectors. Adobe Flash Player is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. NOTE: This issue only affects Apple Safari running on Mac OS X. NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
For more information: SA41917
SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta: http://secunia.com/products/corporate/vim/
TITLE: Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID: SA41917
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE: 2010-10-29
DISCUSS ADVISORY: http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been discovered in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an unspecified error and can be exploited to execute arbitrary code.
The vulnerability is confirmed in version 10.1.85.3 running on a fully patched Windows XP Professional SP3. Other versions may also be affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION: Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day.
ORIGINAL ADVISORY: Adobe APSA10-05: http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour: http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201011-0231", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "flash player", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "10.1.52.14.1" }, { "model": "flash player", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "10.0.45.2" }, { "model": "flash player", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "10.1.92.8" }, { "model": "flash player", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "10.1.52.15" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.16" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.12.10" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.28" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.18d60" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.155.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.0.584" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.31" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.112.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.262.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.114.0" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "air", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "2.0.4" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs3 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs4 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.95.1 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "3" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "air", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "2.5.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2.12610" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.01" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9130" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9120" }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.0" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" } ], "sources": [ { "db": "BID", "id": "44693" }, { "db": "JVNDB", "id": "JVNDB-2010-002322" }, { "db": "NVD", "id": "CVE-2010-3638" }, { "db": "CNNVD", "id": "CNNVD-201011-088" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.0.277.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3638" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Erik Osterholm of Texas A\u0026amp;M University", "sources": [ { "db": "CNNVD", "id": "CNNVD-201011-088" } ], "trust": 0.6 }, "cve": "CVE-2010-3638", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2010-3638", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-46243", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2010-3638", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201011-088", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-46243", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-46243" }, { "db": "JVNDB", "id": "JVNDB-2010-002322" }, { "db": "NVD", "id": "CVE-2010-3638" }, { "db": "CNNVD", "id": "CNNVD-201011-088" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Mac OS X, when Safari is used, allows attackers to obtain sensitive information via unknown vectors. Adobe Flash Player is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. \nNOTE: This issue only affects Apple Safari running on Mac OS X. \nNOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers. This fixes multiple\nvulnerabilities, which can be exploited by malicious people to\ndisclose sensitive information, bypass certain security restrictions,\nor compromise a user\u0027s system. \n\nFor more information:\nSA41917\n\nSOLUTION:\nApply updated packages via YaST Online Update or the SUSE FTP server. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. \n\nJoin the beta: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Flash Player Unspecified Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA41917\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/41917/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nRELEASE DATE:\n2010-10-29\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/41917/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/41917/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in Adobe Flash Player, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an unspecified error and can be\nexploited to execute arbitrary code. \n\nThe vulnerability is confirmed in version 10.1.85.3 running on a\nfully patched Windows XP Professional SP3. Other versions may also be\naffected. \n\nNOTE: The vulnerability is currently being actively exploited. \n\nSOLUTION:\nAdobe plans to release a fixed version on November 9, 2010. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported as a 0-day. \n\nORIGINAL ADVISORY:\nAdobe APSA10-05:\nhttp://www.adobe.com/support/security/advisories/apsa10-05.html\n\nMila Parkour:\nhttp://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2010-3638" }, { "db": "JVNDB", "id": "JVNDB-2010-002322" }, { "db": "BID", "id": "44693" }, { "db": "VULHUB", "id": "VHN-46243" }, { "db": "PACKETSTORM", "id": "95570" }, { "db": "PACKETSTORM", "id": "95253" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-3638", "trust": 2.8 }, { "db": "BID", "id": "44693", "trust": 2.2 }, { "db": "VUPEN", "id": "ADV-2010-2903", "trust": 1.9 }, { "db": "SECUNIA", "id": "41917", "trust": 0.9 }, { "db": "JVNDB", "id": "JVNDB-2010-002322", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201011-088", "trust": 0.7 }, { "db": "SECUNIA", "id": "42127", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-46243", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95570", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95253", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-46243" }, { "db": "BID", "id": "44693" }, { "db": "JVNDB", "id": "JVNDB-2010-002322" }, { "db": "PACKETSTORM", "id": "95570" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "NVD", "id": "CVE-2010-3638" }, { "db": "CNNVD", "id": "CNNVD-201011-088" } ] }, "id": "VAR-201011-0231", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-46243" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:14:46.879000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB10-26", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "title": "cpsid_87813", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/878/cpsid_87813.html" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435?viewlocale=ja_jp" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002322" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-200", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002322" }, { "db": "NVD", "id": "CVE-2010-3638" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "trust": 1.9, "url": "http://www.securityfocus.com/bid/44693" }, { "trust": 1.9, "url": "http://www.vupen.com/english/advisories/2010/2903" }, { "trust": 1.2, "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html" }, { "trust": 1.1, "url": "http://support.apple.com/kb/ht4435" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11979" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16140" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3638" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20101105-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2010/at100029.txt" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu331391" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3638" }, { "trust": 0.8, "url": "http://secunia.com/advisories/41917" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.6, "url": "http://secunia.com/advisories/42127" }, { "trust": 0.3, "url": "http://www.adobe.com/products/flash/" }, { "trust": 0.2, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.2, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.2, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.2, "url": "http://secunia.com/products/corporate/vim/" }, { "trust": 0.2, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.2, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.2, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=130331642631603\u0026amp;w=2" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42127/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42127/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42127" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa10-05.html" }, { "trust": 0.1, "url": "http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html" } ], "sources": [ { "db": "VULHUB", "id": "VHN-46243" }, { "db": "BID", "id": "44693" }, { "db": "JVNDB", "id": "JVNDB-2010-002322" }, { "db": "PACKETSTORM", "id": "95570" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "NVD", "id": "CVE-2010-3638" }, { "db": "CNNVD", "id": "CNNVD-201011-088" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-46243" }, { "db": "BID", "id": "44693" }, { "db": "JVNDB", "id": "JVNDB-2010-002322" }, { "db": "PACKETSTORM", "id": "95570" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "NVD", "id": "CVE-2010-3638" }, { "db": "CNNVD", "id": "CNNVD-201011-088" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-11-07T00:00:00", "db": "VULHUB", "id": "VHN-46243" }, { "date": "2010-11-04T00:00:00", "db": "BID", "id": "44693" }, { "date": "2010-11-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002322" }, { "date": "2010-11-08T10:43:58", "db": "PACKETSTORM", "id": "95570" }, { "date": "2010-10-29T05:44:30", "db": "PACKETSTORM", "id": "95253" }, { "date": "2010-11-07T22:00:01.957000", "db": "NVD", "id": "CVE-2010-3638" }, { "date": "2010-11-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-088" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-09-19T00:00:00", "db": "VULHUB", "id": "VHN-46243" }, { "date": "2013-06-20T09:39:00", "db": "BID", "id": "44693" }, { "date": "2010-11-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002322" }, { "date": "2017-09-19T01:31:29.627000", "db": "NVD", "id": "CVE-2010-3638" }, { "date": "2010-11-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-088" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201011-088" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mac OS X Run on Adobe Flash Player Vulnerability in which important information is obtained", "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002322" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201011-088" } ], "trust": 0.6 } }
var-201011-0238
Vulnerability from variot
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions. NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest stable version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
[ 1 ] APSB10-06 http://www.adobe.com/support/security/bulletins/apsb10-06.html [ 2 ] APSB10-14 http://www.adobe.com/support/security/bulletins/apsb10-14.html [ 3 ] APSB10-16 http://www.adobe.com/support/security/bulletins/apsb10-16.html [ 4 ] APSB10-22 http://www.adobe.com/support/security/bulletins/apsb10-22.html [ 5 ] APSB10-26 http://www.adobe.com/support/security/bulletins/apsb10-26.html [ 6 ] CVE-2008-4546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546 [ 7 ] CVE-2009-3793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793 [ 8 ] CVE-2010-0186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186 [ 9 ] CVE-2010-0187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187 [ 10 ] CVE-2010-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209 [ 11 ] CVE-2010-1297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297 [ 12 ] CVE-2010-2160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160 [ 13 ] CVE-2010-2161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161 [ 14 ] CVE-2010-2162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162 [ 15 ] CVE-2010-2163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163 [ 16 ] CVE-2010-2164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164 [ 17 ] CVE-2010-2165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165 [ 18 ] CVE-2010-2166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166 [ 19 ] CVE-2010-2167 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167 [ 20 ] CVE-2010-2169 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169 [ 21 ] CVE-2010-2170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170 [ 22 ] CVE-2010-2171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171 [ 23 ] CVE-2010-2172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172 [ 24 ] CVE-2010-2173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173 [ 25 ] CVE-2010-2174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174 [ 26 ] CVE-2010-2175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175 [ 27 ] CVE-2010-2176 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176 [ 28 ] CVE-2010-2177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177 [ 29 ] CVE-2010-2178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178 [ 30 ] CVE-2010-2179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179 [ 31 ] CVE-2010-2180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180 [ 32 ] CVE-2010-2181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181 [ 33 ] CVE-2010-2182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182 [ 34 ] CVE-2010-2183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183 [ 35 ] CVE-2010-2184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184 [ 36 ] CVE-2010-2185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185 [ 37 ] CVE-2010-2186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186 [ 38 ] CVE-2010-2187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187 [ 39 ] CVE-2010-2188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188 [ 40 ] CVE-2010-2189 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189 [ 41 ] CVE-2010-2213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213 [ 42 ] CVE-2010-2214 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214 [ 43 ] CVE-2010-2215 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215 [ 44 ] CVE-2010-2216 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216 [ 45 ] CVE-2010-2884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884 [ 46 ] CVE-2010-3636 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636 [ 47 ] CVE-2010-3639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639 [ 48 ] CVE-2010-3640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640 [ 49 ] CVE-2010-3641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641 [ 50 ] CVE-2010-3642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642 [ 51 ] CVE-2010-3643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643 [ 52 ] CVE-2010-3644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644 [ 53 ] CVE-2010-3645 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645 [ 54 ] CVE-2010-3646 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646 [ 55 ] CVE-2010-3647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647 [ 56 ] CVE-2010-3648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648 [ 57 ] CVE-2010-3649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649 [ 58 ] CVE-2010-3650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650 [ 59 ] CVE-2010-3652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652 [ 60 ] CVE-2010-3654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654 [ 61 ] CVE-2010-3976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information: SA38547 SA40026 SA40907 SA41434 SA41917
SOLUTION: Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta: http://secunia.com/products/corporate/vim/
TITLE: Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID: SA41917
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE: 2010-10-29
DISCUSS ADVISORY: http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been discovered in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a fully patched Windows XP Professional SP3. Other versions may also be affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION: Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day.
ORIGINAL ADVISORY: Adobe APSA10-05: http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour: http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
For more information: SA41917
SOLUTION: Updated packages are available via Red Hat Network
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201011-0238", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "10.0" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "flash player", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "air", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "2.0.4" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs3 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs4 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.95.1 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "3" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.8.z extras" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "9.0.262.0" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "9.0.31" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "9.0.155.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "air", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "2.5.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2.12610" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.4" }, { "model": "solaris express", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.01" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9130" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9120" }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.0" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" } ], "sources": [ { "db": "BID", "id": "44681" }, { "db": "JVNDB", "id": "JVNDB-2010-002329" }, { "db": "CNNVD", "id": "CNNVD-201011-081" }, { "db": "NVD", "id": "CVE-2010-3645" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.289.0", "versionStartIncluding": "9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.1.102.64", "versionStartIncluding": "10.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:sun:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.1.95.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3645" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Will Dormman of CERT", "sources": [ { "db": "BID", "id": "44681" }, { "db": "CNNVD", "id": "CNNVD-201011-081" } ], "trust": 0.9 }, "cve": "CVE-2010-3645", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2010-3645", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-46250", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2010-3645", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201011-081", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-46250", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-46250" }, { "db": "JVNDB", "id": "JVNDB-2010-002329" }, { "db": "CNNVD", "id": "CNNVD-201011-081" }, { "db": "NVD", "id": "CVE-2010-3645" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions. \nNOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. For\nfurther information please consult the CVE entries and the Adobe\nSecurity Bulletins referenced below. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest stable\nversion:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=www-plugins/adobe-flash-10.1.102.64\"\n\nReferences\n==========\n\n [ 1 ] APSB10-06\n http://www.adobe.com/support/security/bulletins/apsb10-06.html\n [ 2 ] APSB10-14\n http://www.adobe.com/support/security/bulletins/apsb10-14.html\n [ 3 ] APSB10-16\n http://www.adobe.com/support/security/bulletins/apsb10-16.html\n [ 4 ] APSB10-22\n http://www.adobe.com/support/security/bulletins/apsb10-22.html\n [ 5 ] APSB10-26\n http://www.adobe.com/support/security/bulletins/apsb10-26.html\n [ 6 ] CVE-2008-4546\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546\n [ 7 ] CVE-2009-3793\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793\n [ 8 ] CVE-2010-0186\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186\n [ 9 ] CVE-2010-0187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187\n [ 10 ] CVE-2010-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209\n [ 11 ] CVE-2010-1297\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297\n [ 12 ] CVE-2010-2160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160\n [ 13 ] CVE-2010-2161\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161\n [ 14 ] CVE-2010-2162\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162\n [ 15 ] CVE-2010-2163\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163\n [ 16 ] CVE-2010-2164\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164\n [ 17 ] CVE-2010-2165\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165\n [ 18 ] CVE-2010-2166\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166\n [ 19 ] CVE-2010-2167\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167\n [ 20 ] CVE-2010-2169\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169\n [ 21 ] CVE-2010-2170\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170\n [ 22 ] CVE-2010-2171\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171\n [ 23 ] CVE-2010-2172\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172\n [ 24 ] CVE-2010-2173\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173\n [ 25 ] CVE-2010-2174\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174\n [ 26 ] CVE-2010-2175\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175\n [ 27 ] CVE-2010-2176\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176\n [ 28 ] CVE-2010-2177\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177\n [ 29 ] CVE-2010-2178\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178\n [ 30 ] CVE-2010-2179\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179\n [ 31 ] CVE-2010-2180\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180\n [ 32 ] CVE-2010-2181\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181\n [ 33 ] CVE-2010-2182\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182\n [ 34 ] CVE-2010-2183\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183\n [ 35 ] CVE-2010-2184\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184\n [ 36 ] CVE-2010-2185\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185\n [ 37 ] CVE-2010-2186\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186\n [ 38 ] CVE-2010-2187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187\n [ 39 ] CVE-2010-2188\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188\n [ 40 ] CVE-2010-2189\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189\n [ 41 ] CVE-2010-2213\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213\n [ 42 ] CVE-2010-2214\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214\n [ 43 ] CVE-2010-2215\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215\n [ 44 ] CVE-2010-2216\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216\n [ 45 ] CVE-2010-2884\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884\n [ 46 ] CVE-2010-3636\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636\n [ 47 ] CVE-2010-3639\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639\n [ 48 ] CVE-2010-3640\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640\n [ 49 ] CVE-2010-3641\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641\n [ 50 ] CVE-2010-3642\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642\n [ 51 ] CVE-2010-3643\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643\n [ 52 ] CVE-2010-3644\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644\n [ 53 ] CVE-2010-3645\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645\n [ 54 ] CVE-2010-3646\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646\n [ 55 ] CVE-2010-3647\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647\n [ 56 ] CVE-2010-3648\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648\n [ 57 ] CVE-2010-3649\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649\n [ 58 ] CVE-2010-3650\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650\n [ 59 ] CVE-2010-3652\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652\n [ 60 ] CVE-2010-3654\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654\n [ 61 ] CVE-2010-3976\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201101-09.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n\n. \n\nFor more information:\nSA38547\nSA40026\nSA40907\nSA41434\nSA41917\n\nSOLUTION:\nUpdate to version \"www-plugins/adobe-flash-10.1.102.64\" or later. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. \n\nJoin the beta: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Flash Player Unspecified Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA41917\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/41917/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nRELEASE DATE:\n2010-10-29\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/41917/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/41917/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in Adobe Flash Player, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is confirmed in version 10.1.85.3 running on a\nfully patched Windows XP Professional SP3. Other versions may also be\naffected. \n\nNOTE: The vulnerability is currently being actively exploited. \n\nSOLUTION:\nAdobe plans to release a fixed version on November 9, 2010. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported as a 0-day. \n\nORIGINAL ADVISORY:\nAdobe APSA10-05:\nhttp://www.adobe.com/support/security/advisories/apsa10-05.html\n\nMila Parkour:\nhttp://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This fixes multiple\nvulnerabilities, which can be exploited by malicious people to\ndisclose sensitive information, bypass certain security restrictions,\nor compromise a user\u0027s system. \n\nFor more information:\nSA41917\n\nSOLUTION:\nUpdated packages are available via Red Hat Network", "sources": [ { "db": "NVD", "id": "CVE-2010-3645" }, { "db": "JVNDB", "id": "JVNDB-2010-002329" }, { "db": "BID", "id": "44681" }, { "db": "VULHUB", "id": "VHN-46250" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-3645", "trust": 2.9 }, { "db": "BID", "id": "44681", "trust": 2.8 }, { "db": "VUPEN", "id": "ADV-2010-2903", "trust": 2.5 }, { "db": "SECUNIA", "id": "42926", "trust": 1.8 }, { "db": "SECUNIA", "id": "42183", "trust": 1.8 }, { "db": "SECUNIA", "id": "43026", "trust": 1.8 }, { "db": "VUPEN", "id": "ADV-2011-0173", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-2918", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-2906", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2011-0192", "trust": 1.7 }, { "db": "SECUNIA", "id": "41917", "trust": 0.9 }, { "db": "JVNDB", "id": "JVNDB-2010-002329", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201011-081", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-46250", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97654", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97735", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97788", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95253", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95657", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-46250" }, { "db": "BID", "id": "44681" }, { "db": "JVNDB", "id": "JVNDB-2010-002329" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-081" }, { "db": "NVD", "id": "CVE-2010-3645" } ] }, "id": "VAR-201011-0238", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-46250" } ], "trust": 0.01 }, "last_update_date": "2024-05-18T22:59:25.935000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB10-26", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "title": "cpsid_87813", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/878/cpsid_87813.html" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435?viewlocale=ja_jp" }, { "title": "RHSA-2010:0829", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0829.html" }, { "title": "RHSA-2010:0834", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0834.html" }, { "title": "RHSA-2010:0867", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0867.html" }, { "title": "multiple_vulnerabilities_in_adobe_flash1", "trust": 0.8, "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" }, { "title": "flash-player-10.1.10 2.64-0.1.1.i586", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35063" }, { "title": "MacOSXUpdCombo10.6.5", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35062" }, { "title": "install_flash_player_10.1.102.64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35061" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002329" }, { "db": "CNNVD", "id": "CNNVD-201011-081" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3645" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://www.securityfocus.com/bid/44681" }, { "trust": 2.5, "url": "http://www.vupen.com/english/advisories/2010/2903" }, { "trust": 2.1, "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" }, { "trust": 2.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html" }, { "trust": 1.7, "url": "http://support.apple.com/kb/ht4435" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11905" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15961" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0829.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0834.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0867.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42183" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42926" }, { "trust": 1.7, "url": "http://secunia.com/advisories/43026" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/2906" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/2918" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2011/0173" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2011/0192" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3645" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20101105-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2010/at100029.txt" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu331391" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3645" }, { "trust": 0.8, "url": "http://secunia.com/advisories/41917" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.4, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.4, "url": "http://secunia.com/products/corporate/vim/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.4, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.4, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.3, "url": "http://www.adobe.com/products/flash/" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=130331642631603\u0026amp;w=2" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42926/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42926" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42926/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3639" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2181" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2161" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2174" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3644" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2215" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2171" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2162" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2181" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4546" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4546" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2180" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2171" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2180" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2164" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2179" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2169" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3648" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2164" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2173" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3654" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3793" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2177" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2179" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2165" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2172" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3976" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2216" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-16.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3647" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2173" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-06.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2172" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3793" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2160" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2213" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2184" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2167" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3646" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2169" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2175" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2214" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2178" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2165" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2188" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2189" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3643" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2161" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3636" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3641" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2174" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3650" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2183" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2178" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2170" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2177" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3652" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2162" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3640" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2170" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-22.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2175" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3649" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2167" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2884" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3642" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/advisories/43026/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43026/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43026" }, { "trust": 0.1, "url": "http://www.gentoo.org/security/en/glsa/glsa-201101-09.xml" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa10-05.html" }, { "trust": 0.1, "url": "http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42183" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42183/#comments" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2010-0829.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42183/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-46250" }, { "db": "BID", "id": "44681" }, { "db": "JVNDB", "id": "JVNDB-2010-002329" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-081" }, { "db": "NVD", "id": "CVE-2010-3645" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-46250" }, { "db": "BID", "id": "44681" }, { "db": "JVNDB", "id": "JVNDB-2010-002329" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-081" }, { "db": "NVD", "id": "CVE-2010-3645" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-11-07T00:00:00", "db": "VULHUB", "id": "VHN-46250" }, { "date": "2010-11-04T00:00:00", "db": "BID", "id": "44681" }, { "date": "2010-11-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002329" }, { "date": "2011-01-19T04:51:35", "db": "PACKETSTORM", "id": "97654" }, { "date": "2011-01-21T21:15:05", "db": "PACKETSTORM", "id": "97735" }, { "date": "2011-01-24T07:05:29", "db": "PACKETSTORM", "id": "97788" }, { "date": "2010-10-29T05:44:30", "db": "PACKETSTORM", "id": "95253" }, { "date": "2010-11-09T02:06:41", "db": "PACKETSTORM", "id": "95657" }, { "date": "2010-11-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-081" }, { "date": "2010-11-07T22:00:02.253000", "db": "NVD", "id": "CVE-2010-3645" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-46250" }, { "date": "2013-06-20T09:39:00", "db": "BID", "id": "44681" }, { "date": "2011-02-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002329" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-081" }, { "date": "2024-05-17T17:11:30.827000", "db": "NVD", "id": "CVE-2010-3645" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "97735" }, { "db": "CNNVD", "id": "CNNVD-201011-081" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002329" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201011-081" } ], "trust": 0.6 } }
var-201011-0239
Vulnerability from variot
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions. NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest stable version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
[ 1 ] APSB10-06 http://www.adobe.com/support/security/bulletins/apsb10-06.html [ 2 ] APSB10-14 http://www.adobe.com/support/security/bulletins/apsb10-14.html [ 3 ] APSB10-16 http://www.adobe.com/support/security/bulletins/apsb10-16.html [ 4 ] APSB10-22 http://www.adobe.com/support/security/bulletins/apsb10-22.html [ 5 ] APSB10-26 http://www.adobe.com/support/security/bulletins/apsb10-26.html [ 6 ] CVE-2008-4546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546 [ 7 ] CVE-2009-3793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793 [ 8 ] CVE-2010-0186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186 [ 9 ] CVE-2010-0187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187 [ 10 ] CVE-2010-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209 [ 11 ] CVE-2010-1297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297 [ 12 ] CVE-2010-2160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160 [ 13 ] CVE-2010-2161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161 [ 14 ] CVE-2010-2162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162 [ 15 ] CVE-2010-2163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163 [ 16 ] CVE-2010-2164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164 [ 17 ] CVE-2010-2165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165 [ 18 ] CVE-2010-2166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166 [ 19 ] CVE-2010-2167 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167 [ 20 ] CVE-2010-2169 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169 [ 21 ] CVE-2010-2170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170 [ 22 ] CVE-2010-2171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171 [ 23 ] CVE-2010-2172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172 [ 24 ] CVE-2010-2173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173 [ 25 ] CVE-2010-2174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174 [ 26 ] CVE-2010-2175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175 [ 27 ] CVE-2010-2176 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176 [ 28 ] CVE-2010-2177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177 [ 29 ] CVE-2010-2178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178 [ 30 ] CVE-2010-2179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179 [ 31 ] CVE-2010-2180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180 [ 32 ] CVE-2010-2181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181 [ 33 ] CVE-2010-2182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182 [ 34 ] CVE-2010-2183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183 [ 35 ] CVE-2010-2184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184 [ 36 ] CVE-2010-2185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185 [ 37 ] CVE-2010-2186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186 [ 38 ] CVE-2010-2187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187 [ 39 ] CVE-2010-2188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188 [ 40 ] CVE-2010-2189 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189 [ 41 ] CVE-2010-2213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213 [ 42 ] CVE-2010-2214 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214 [ 43 ] CVE-2010-2215 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215 [ 44 ] CVE-2010-2216 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216 [ 45 ] CVE-2010-2884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884 [ 46 ] CVE-2010-3636 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636 [ 47 ] CVE-2010-3639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639 [ 48 ] CVE-2010-3640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640 [ 49 ] CVE-2010-3641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641 [ 50 ] CVE-2010-3642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642 [ 51 ] CVE-2010-3643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643 [ 52 ] CVE-2010-3644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644 [ 53 ] CVE-2010-3645 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645 [ 54 ] CVE-2010-3646 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646 [ 55 ] CVE-2010-3647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647 [ 56 ] CVE-2010-3648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648 [ 57 ] CVE-2010-3649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649 [ 58 ] CVE-2010-3650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650 [ 59 ] CVE-2010-3652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652 [ 60 ] CVE-2010-3654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654 [ 61 ] CVE-2010-3976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information: SA38547 SA40026 SA40907 SA41434 SA41917
SOLUTION: Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta: http://secunia.com/products/corporate/vim/
TITLE: Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID: SA41917
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE: 2010-10-29
DISCUSS ADVISORY: http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been discovered in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a fully patched Windows XP Professional SP3. Other versions may also be affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION: Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day.
ORIGINAL ADVISORY: Adobe APSA10-05: http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour: http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
For more information: SA41917
SOLUTION: Updated packages are available via Red Hat Network
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201011-0239", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "10.0" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "flash player", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "air", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "2.0.4" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs3 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs4 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.95.1 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "3" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.8.z extras" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.92.8" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.52.14.1" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.52.15" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.0.45.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "air", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "2.5.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.2" }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.3" }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2.12610" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "solaris express", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.01" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9130" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9120" }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.0" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" } ], "sources": [ { "db": "BID", "id": "44682" }, { "db": "JVNDB", "id": "JVNDB-2010-002330" }, { "db": "CNNVD", "id": "CNNVD-201011-080" }, { "db": "NVD", "id": "CVE-2010-3646" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.289.0", "versionStartIncluding": "9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.1.102.64", "versionStartIncluding": "10.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:sun:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.1.95.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3646" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Will Dormman of CERT", "sources": [ { "db": "BID", "id": "44682" }, { "db": "CNNVD", "id": "CNNVD-201011-080" } ], "trust": 0.9 }, "cve": "CVE-2010-3646", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2010-3646", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-46251", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2010-3646", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201011-080", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-46251", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-46251" }, { "db": "JVNDB", "id": "JVNDB-2010-002330" }, { "db": "CNNVD", "id": "CNNVD-201011-080" }, { "db": "NVD", "id": "CVE-2010-3646" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions. \nNOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. For\nfurther information please consult the CVE entries and the Adobe\nSecurity Bulletins referenced below. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest stable\nversion:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=www-plugins/adobe-flash-10.1.102.64\"\n\nReferences\n==========\n\n [ 1 ] APSB10-06\n http://www.adobe.com/support/security/bulletins/apsb10-06.html\n [ 2 ] APSB10-14\n http://www.adobe.com/support/security/bulletins/apsb10-14.html\n [ 3 ] APSB10-16\n http://www.adobe.com/support/security/bulletins/apsb10-16.html\n [ 4 ] APSB10-22\n http://www.adobe.com/support/security/bulletins/apsb10-22.html\n [ 5 ] APSB10-26\n http://www.adobe.com/support/security/bulletins/apsb10-26.html\n [ 6 ] CVE-2008-4546\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546\n [ 7 ] CVE-2009-3793\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793\n [ 8 ] CVE-2010-0186\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186\n [ 9 ] CVE-2010-0187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187\n [ 10 ] CVE-2010-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209\n [ 11 ] CVE-2010-1297\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297\n [ 12 ] CVE-2010-2160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160\n [ 13 ] CVE-2010-2161\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161\n [ 14 ] CVE-2010-2162\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162\n [ 15 ] CVE-2010-2163\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163\n [ 16 ] CVE-2010-2164\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164\n [ 17 ] CVE-2010-2165\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165\n [ 18 ] CVE-2010-2166\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166\n [ 19 ] CVE-2010-2167\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167\n [ 20 ] CVE-2010-2169\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169\n [ 21 ] CVE-2010-2170\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170\n [ 22 ] CVE-2010-2171\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171\n [ 23 ] CVE-2010-2172\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172\n [ 24 ] CVE-2010-2173\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173\n [ 25 ] CVE-2010-2174\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174\n [ 26 ] CVE-2010-2175\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175\n [ 27 ] CVE-2010-2176\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176\n [ 28 ] CVE-2010-2177\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177\n [ 29 ] CVE-2010-2178\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178\n [ 30 ] CVE-2010-2179\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179\n [ 31 ] CVE-2010-2180\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180\n [ 32 ] CVE-2010-2181\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181\n [ 33 ] CVE-2010-2182\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182\n [ 34 ] CVE-2010-2183\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183\n [ 35 ] CVE-2010-2184\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184\n [ 36 ] CVE-2010-2185\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185\n [ 37 ] CVE-2010-2186\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186\n [ 38 ] CVE-2010-2187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187\n [ 39 ] CVE-2010-2188\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188\n [ 40 ] CVE-2010-2189\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189\n [ 41 ] CVE-2010-2213\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213\n [ 42 ] CVE-2010-2214\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214\n [ 43 ] CVE-2010-2215\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215\n [ 44 ] CVE-2010-2216\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216\n [ 45 ] CVE-2010-2884\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884\n [ 46 ] CVE-2010-3636\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636\n [ 47 ] CVE-2010-3639\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639\n [ 48 ] CVE-2010-3640\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640\n [ 49 ] CVE-2010-3641\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641\n [ 50 ] CVE-2010-3642\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642\n [ 51 ] CVE-2010-3643\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643\n [ 52 ] CVE-2010-3644\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644\n [ 53 ] CVE-2010-3645\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645\n [ 54 ] CVE-2010-3646\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646\n [ 55 ] CVE-2010-3647\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647\n [ 56 ] CVE-2010-3648\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648\n [ 57 ] CVE-2010-3649\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649\n [ 58 ] CVE-2010-3650\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650\n [ 59 ] CVE-2010-3652\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652\n [ 60 ] CVE-2010-3654\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654\n [ 61 ] CVE-2010-3976\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201101-09.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n\n. \n\nFor more information:\nSA38547\nSA40026\nSA40907\nSA41434\nSA41917\n\nSOLUTION:\nUpdate to version \"www-plugins/adobe-flash-10.1.102.64\" or later. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. \n\nJoin the beta: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Flash Player Unspecified Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA41917\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/41917/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nRELEASE DATE:\n2010-10-29\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/41917/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/41917/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in Adobe Flash Player, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is confirmed in version 10.1.85.3 running on a\nfully patched Windows XP Professional SP3. Other versions may also be\naffected. \n\nNOTE: The vulnerability is currently being actively exploited. \n\nSOLUTION:\nAdobe plans to release a fixed version on November 9, 2010. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported as a 0-day. \n\nORIGINAL ADVISORY:\nAdobe APSA10-05:\nhttp://www.adobe.com/support/security/advisories/apsa10-05.html\n\nMila Parkour:\nhttp://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This fixes multiple\nvulnerabilities, which can be exploited by malicious people to\ndisclose sensitive information, bypass certain security restrictions,\nor compromise a user\u0027s system. \n\nFor more information:\nSA41917\n\nSOLUTION:\nUpdated packages are available via Red Hat Network", "sources": [ { "db": "NVD", "id": "CVE-2010-3646" }, { "db": "JVNDB", "id": "JVNDB-2010-002330" }, { "db": "BID", "id": "44682" }, { "db": "VULHUB", "id": "VHN-46251" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-3646", "trust": 2.9 }, { "db": "BID", "id": "44682", "trust": 2.8 }, { "db": "VUPEN", "id": "ADV-2010-2903", "trust": 2.5 }, { "db": "SECUNIA", "id": "42926", "trust": 1.8 }, { "db": "SECUNIA", "id": "42183", "trust": 1.8 }, { "db": "SECUNIA", "id": "43026", "trust": 1.8 }, { "db": "VUPEN", "id": "ADV-2011-0173", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-2918", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-2906", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2011-0192", "trust": 1.7 }, { "db": "SECUNIA", "id": "41917", "trust": 0.9 }, { "db": "JVNDB", "id": "JVNDB-2010-002330", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201011-080", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-46251", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97654", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97735", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97788", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95253", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95657", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-46251" }, { "db": "BID", "id": "44682" }, { "db": "JVNDB", "id": "JVNDB-2010-002330" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-080" }, { "db": "NVD", "id": "CVE-2010-3646" } ] }, "id": "VAR-201011-0239", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-46251" } ], "trust": 0.01 }, "last_update_date": "2024-05-18T22:05:36.666000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB10-26", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "title": "cpsid_87813", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/878/cpsid_87813.html" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435?viewlocale=ja_jp" }, { "title": "RHSA-2010:0829", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0829.html" }, { "title": "RHSA-2010:0834", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0834.html" }, { "title": "RHSA-2010:0867", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0867.html" }, { "title": "multiple_vulnerabilities_in_adobe_flash1", "trust": 0.8, "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002330" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3646" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://www.securityfocus.com/bid/44682" }, { "trust": 2.5, "url": "http://www.vupen.com/english/advisories/2010/2903" }, { "trust": 2.1, "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" }, { "trust": 2.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html" }, { "trust": 1.7, "url": "http://support.apple.com/kb/ht4435" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11922" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16183" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0829.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0834.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0867.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42183" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42926" }, { "trust": 1.7, "url": "http://secunia.com/advisories/43026" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/2906" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/2918" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2011/0173" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2011/0192" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3646" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20101105-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2010/at100029.txt" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu331391" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3646" }, { "trust": 0.8, "url": "http://secunia.com/advisories/41917" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.4, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.4, "url": "http://secunia.com/products/corporate/vim/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.4, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.4, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.3, "url": "http://www.adobe.com/products/flash/" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=130331642631603\u0026amp;w=2" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42926/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42926" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42926/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3639" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2181" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2161" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2174" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3644" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2215" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2171" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2162" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2181" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4546" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4546" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2180" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2171" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2180" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2164" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2179" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2169" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3648" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2164" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2173" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3654" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3793" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2177" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3645" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2179" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2165" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2172" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3976" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2216" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-16.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3647" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2173" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-06.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2172" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3793" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2160" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2213" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2184" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2167" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2169" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2175" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2214" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2178" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2165" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2188" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2189" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3643" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2161" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3636" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3641" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2174" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3650" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2183" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2178" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2170" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2177" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3652" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2162" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3640" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2170" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-22.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2175" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3649" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2167" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2884" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3642" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/advisories/43026/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43026/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43026" }, { "trust": 0.1, "url": "http://www.gentoo.org/security/en/glsa/glsa-201101-09.xml" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa10-05.html" }, { "trust": 0.1, "url": "http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42183" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42183/#comments" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2010-0829.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42183/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-46251" }, { "db": "BID", "id": "44682" }, { "db": "JVNDB", "id": "JVNDB-2010-002330" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-080" }, { "db": "NVD", "id": "CVE-2010-3646" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-46251" }, { "db": "BID", "id": "44682" }, { "db": "JVNDB", "id": "JVNDB-2010-002330" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-080" }, { "db": "NVD", "id": "CVE-2010-3646" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-11-07T00:00:00", "db": "VULHUB", "id": "VHN-46251" }, { "date": "2010-11-04T00:00:00", "db": "BID", "id": "44682" }, { "date": "2010-11-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002330" }, { "date": "2011-01-19T04:51:35", "db": "PACKETSTORM", "id": "97654" }, { "date": "2011-01-21T21:15:05", "db": "PACKETSTORM", "id": "97735" }, { "date": "2011-01-24T07:05:29", "db": "PACKETSTORM", "id": "97788" }, { "date": "2010-10-29T05:44:30", "db": "PACKETSTORM", "id": "95253" }, { "date": "2010-11-09T02:06:41", "db": "PACKETSTORM", "id": "95657" }, { "date": "2010-11-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-080" }, { "date": "2010-11-07T22:00:02.287000", "db": "NVD", "id": "CVE-2010-3646" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-46251" }, { "date": "2015-03-19T08:30:00", "db": "BID", "id": "44682" }, { "date": "2011-02-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002330" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-080" }, { "date": "2024-05-17T17:12:39.123000", "db": "NVD", "id": "CVE-2010-3646" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "97735" }, { "db": "CNNVD", "id": "CNNVD-201011-080" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002330" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201011-080" } ], "trust": 0.6 } }
var-201105-0010
Vulnerability from variot
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0622. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Malware can exploit this vulnerability via .swf files embedded in .doc files or .xls file attachments in emails to attack the Windows platform. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUSE Security Announcement
Package: flash-player
Announcement ID: SUSE-SA:2011:025
Date: Tue, 17 May 2011 12:00:00 +0000
Affected Products: openSUSE 11.3
openSUSE 11.4
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 10 SP4
Vulnerability Type: remote code execution
CVSS v2 Base Score: 6.8
SUSE Default Package: yes
Cross-References: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619
CVE-2011-0620, CVE-2011-0621, CVE-2011-0622
CVE-2011-0623, CVE-2011-0624, CVE-2011-0625
CVE-2011-0626, CVE-2011-0627
Content of This Advisory:
1) Problem Description
flash-player security update to 10.3
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
6) Authenticity Verification and Additional Information
1) Problem Description and Brief Discussion
Flash Player has been updated to version 10.3, fixing bugs and security issues. - CVE-2011-0589: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0618: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Numeric Errors (CWE-189) - CVE-2011-0619: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0620: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0621: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0622: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0623: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0624: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0625: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0626: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0627: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20)
More information can be found on: http://www.adobe.com/support/security/bulletins/apsb11-12.html
2) Solution or Work-Around
If supported by the browser, you can disable the flash plugin.
3) Special Instructions and Notes
After the flash player update has been installed, all programs utilizing the flash plugin should be restarted. In particular web browser sessions should be restarted.a
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST "Online Update" module or the "zypper" commandline tool. The package and patch management stack will detect which updates are required and automatically perform the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing
x86 Platform:
openSUSE 11.4: http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm
openSUSE 11.3: http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm
Sources:
openSUSE 11.4: http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm
openSUSE 11.3: http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm
Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web:
SUSE Linux Enterprise Desktop 10 SP4 http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69
SUSE Linux Enterprise Desktop 11 SP1 http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
-
Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file and run the command
gpg --verify
replacing
with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made
using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team security@suse.de" where
is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
-
Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with.
The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command
rpm -v --checksig
to verify the signature of the package, replacing
with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement.
-
SUSE runs two security mailing lists to which any interested party may subscribe:
opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to opensuse-security+subscribe@opensuse.org.
opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to opensuse-security-announce+subscribe@opensuse.org. The security@suse.de public key is listed below. =====================================================================
The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team security@suse.de pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key build@suse.de
- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux)
iQEVAwUBTdOSuney5gA9JdPZAQITxQf/Y5fPRPXZbk6J7KRCjiGoJ+zIfmIijKeh fF4WiLL02eRbTKbn/gVtb/bmxoRGRO6Np5q1XDjj253EWUc0Zn/oDWiXQzRvmir6 3os2rjBfUGirpfVzAv0qSAiD7XbMUo/ohvcUwhAxb2PaWipRnynMzUANcARSJ924 6YMitvr1IF+i8xDF8yThCFkkyjkDuBPzgomB6zs1/Fd+ku04mMFHLVYpf22DQcGh wYvHo46lMWURt+aLEu0TJ07OEocaARYfzwqUYuY/4FZ4ias+I1GjCjL1WldQxeA9 rQ3AGEZ9YVARnkg4CwRHWcYlyYwobanDykmODfu20DWM0FOofrH6xw== =mivB -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
For more information: SA44590
SOLUTION: Updated packages are available via Red Hat Network.
For more information: SA44590
2) An error within WebKit glue may result in an incorrect type cast.
3) Multiple integer overflow errors exist within the handling of SVG filters.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers and Adobe Security Advisories and Bulletins referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10"
References
[ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201110-11.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/
TITLE: Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA43269
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43269/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43269
RELEASE DATE: 2011-06-16
DISCUSS ADVISORY: http://secunia.com/advisories/43269/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43269/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43269
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Reader / Acrobat, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
1) An error in 3difr.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
2) An error in tesselate.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
3) An unspecified error can be exploited to cause a heap-based buffer overflow.
4) An integer overflow error in ACE.dll when parsing the "desc" ICC chunk can be exploited to corrupt memory via a specially crafted PDF file.
5) An unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to corrupt memory.
7) An error due to the application loading certain unspecified libraries in an insecure manner can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share.
9) An unspecified error can be exploited to bypass certain security restrictions.
This vulnerability affects Adobe Reader and Acrobat X 10.x only.
10) An unspecified error can be exploited to corrupt memory.
This vulnerability affects 8.x versions only.
11) An unspecified error can be exploited to corrupt memory.
12) An unspecified error can be exploited to corrupt memory.
13) An unspecified error can be exploited to corrupt memory.
For more information: SA44590 SA44846
The vulnerabilities are reported in the following products: * Adobe Reader X (10.0.1) and earlier for Windows. * Adobe Reader X (10.0.3) and earlier for Macintosh. * Adobe Reader 9.4.4 and earlier for Windows and Macintosh. * Adobe Reader 8.2.6 and earlier for Windows and Macintosh. * Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. * Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. * Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh.
SOLUTION: Apply updates (please see the vendor's advisory for details).
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: 1, 2) An anonymous person via ZDI. 4) Secunia Research.
The vendor also credits: 3, 6) Tarjei Mandt, Norman. 5) Rodrigo Rubira Branco. 7) Mila Parkour. 8) Billy Rios, Google Security Team. 9) Christian Navarrete, CubilFelino Security Research Lab. 10) Tavis Ormandy, Google Security Team. 11) Brett Gervasoni, Sense of Security. 12) Will Dormann, CERT/CC. 13) James Quirk, Los Alamos, New Mexico.
ORIGINAL ADVISORY: Adobe (APSB11-16): http://www.adobe.com/support/security/bulletins/apsb11-16.html
Secunia Research: http://secunia.com/secunia_research/2011-41/
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-218/ http://www.zerodayinitiative.com/advisories/ZDI-11-219/
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201105-0010", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.154.25" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.156.12" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.106.16" }, { "model": "flash player", "scope": "lte", "trust": 1.8, "vendor": "adobe", "version": "10.2.159.1" }, { "model": "flash player", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "10.1.92.8" }, { "model": "flash player", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "7.0.1" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.2.152.33" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.2.154.13" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.24.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.63" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.35.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.14.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.28" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.1.52.14.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.67.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.33.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.0.584" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.1.52.15" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.2" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.262.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.112.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.2.152" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.69.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.68.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.25" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.21.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.22.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.16" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.61.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.12.10" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.53.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.18d60" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.66.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.155.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.34.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.45.2" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.283.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.24.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.79" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.42.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.39.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.19.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.31" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.73.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.2.152.32" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.70.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.114.0" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.2.157.51" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.60.0" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.2.157.51" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.2.159.1" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs4 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.2.154.28 for chrome users" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.2.157.51 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary eus", "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "rhel supplementary eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6.z (server)" }, { "model": "rhel supplementary long life", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6 (server)" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "freeflow print server 73.b0.73", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.152.21" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.3.185.21" }, { "model": "hat enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "in motion blackberry playbook tablet software", "scope": "ne", "trust": 0.3, "vendor": "research", "version": "1.0.6" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "freeflow print server 73.a3.31", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "in motion blackberry playbook tablet software", "scope": "eq", "trust": 0.3, "vendor": "research", "version": "1.0.5.2342" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "flash cs4 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.3.181.14" }, { "model": "flash cs5 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" }, { "model": "solaris express", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.24" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.4" }, { "model": "hat enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.27" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.18" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.28" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.153.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "hat enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.65" } ], "sources": [ { "db": "BID", "id": "47808" }, { "db": "JVNDB", "id": "JVNDB-2011-001647" }, { "db": "NVD", "id": "CVE-2011-0621" }, { "db": "CNNVD", "id": "CNNVD-201105-174" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.277.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.102.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.283.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.154.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2.159.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.154.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.105.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.106.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.156.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2.157.51", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2011-0621" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Secunia", "sources": [ { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" } ], "trust": 0.4 }, "cve": "CVE-2011-0621", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2011-0621", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-48566", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2011-0621", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201105-174", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-48566", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-48566" }, { "db": "JVNDB", "id": "JVNDB-2011-001647" }, { "db": "NVD", "id": "CVE-2011-0621" }, { "db": "CNNVD", "id": "CNNVD-201105-174" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0622. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Malware can exploit this vulnerability via .swf files embedded in .doc files or .xls file attachments in emails to attack the Windows platform. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n______________________________________________________________________________\n\n SUSE Security Announcement\n\n Package: flash-player\n Announcement ID: SUSE-SA:2011:025\n Date: Tue, 17 May 2011 12:00:00 +0000\n Affected Products: openSUSE 11.3\n openSUSE 11.4\n SUSE Linux Enterprise Desktop 11 SP1\n SUSE Linux Enterprise Desktop 10 SP4\n Vulnerability Type: remote code execution\n CVSS v2 Base Score: 6.8\n SUSE Default Package: yes\n Cross-References: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619\n CVE-2011-0620, CVE-2011-0621, CVE-2011-0622\n CVE-2011-0623, CVE-2011-0624, CVE-2011-0625\n CVE-2011-0626, CVE-2011-0627\n\n Content of This Advisory:\n 1) Problem Description\n flash-player security update to 10.3\n 2) Solution or Work-Around\n 3) Special Instructions and Notes\n 4) Package Location and Checksums\n 5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n 6) Authenticity Verification and Additional Information\n\n______________________________________________________________________________\n\n1) Problem Description and Brief Discussion\n\n Flash Player has been updated to version 10.3, fixing bugs\n and security issues. \n - CVE-2011-0589: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0618: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Numeric Errors (CWE-189)\n - CVE-2011-0619: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0620: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0621: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0622: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0623: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0624: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0625: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0626: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0627: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n \n More information can be found on:\n http://www.adobe.com/support/security/bulletins/apsb11-12.html\n\n2) Solution or Work-Around\n\n If supported by the browser, you can disable the flash plugin. \n\n3) Special Instructions and Notes\n\n After the flash player update has been installed, all programs utilizing\n the flash plugin should be restarted. In particular web browser sessions\n should be restarted.a\n\n4) Package Location and Checksums\n\n The preferred method for installing security updates is to use the YaST\n \"Online Update\" module or the \"zypper\" commandline tool. The package and\n patch management stack will detect which updates are required and\n automatically perform the necessary steps to verify and install them. \n\n Alternatively, download the update packages for your distribution manually\n and verify their integrity by the methods listed in Section 6 of this\n announcement. Then install the packages using the command\n\n rpm -Fhv \u003cfile.rpm\u003e\n\n to apply the update, replacing \u003cfile.rpm\u003e with the filename of the\n downloaded RPM package. \n\n \n x86 Platform:\n \n openSUSE 11.4:\n http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm\n \n openSUSE 11.3:\n http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm\n \n Sources:\n \n openSUSE 11.4:\n http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm\n \n openSUSE 11.3:\n http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm\n \n Our maintenance customers are notified individually. The packages are\n offered for installation from the maintenance web:\n \n SUSE Linux Enterprise Desktop 10 SP4\n http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69\n \n SUSE Linux Enterprise Desktop 11 SP1\n http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad\n\n______________________________________________________________________________\n\n5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n\n See SUSE Security Summary Report. \n\n______________________________________________________________________________\n\n6) Authenticity Verification and Additional Information\n\n - Announcement authenticity verification:\n\n SUSE security announcements are published via mailing lists and on Web\n sites. The authenticity and integrity of a SUSE security announcement is\n guaranteed by a cryptographic signature in each announcement. All SUSE\n security announcements are published with a valid signature. \n\n To verify the signature of the announcement, save it as text into a file\n and run the command\n\n gpg --verify \u003cfile\u003e\n\n replacing \u003cfile\u003e with the name of the file where you saved the\n announcement. The output for a valid signature looks like:\n\n gpg: Signature made \u003cDATE\u003e using RSA key ID 3D25D3D9\n gpg: Good signature from \"SuSE Security Team \u003csecurity@suse.de\u003e\"\n\n where \u003cDATE\u003e is replaced by the date the document was signed. \n\n If the security team\u0027s key is not contained in your key ring, you can\n import it from the first installation CD. To import the key, use the\n command\n\n gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc\n\n - Package authenticity verification:\n\n SUSE update packages are available on many mirror FTP servers all over the\n world. While this service is considered valuable and important to the free\n and open source software community, the authenticity and the integrity of\n a package needs to be verified to ensure that it has not been tampered\n with. \n\n The internal rpm package signatures provide an easy way to verify the\n authenticity of an RPM package. Use the command\n\n rpm -v --checksig \u003cfile.rpm\u003e\n\n to verify the signature of the package, replacing \u003cfile.rpm\u003e with the\n filename of the RPM package downloaded. The package is unmodified if it\n contains a valid signature from build@suse.de with the key ID 9C800ACA. \n\n This key is automatically imported into the RPM database (on\n RPMv4-based distributions) and the gpg key ring of \u0027root\u0027 during\n installation. You can also find it on the first installation CD and at\n the end of this announcement. \n\n - SUSE runs two security mailing lists to which any interested party may\n subscribe:\n\n opensuse-security@opensuse.org\n - General Linux and SUSE security discussion. \n All SUSE security announcements are sent to this list. \n To subscribe, send an e-mail to\n \u003copensuse-security+subscribe@opensuse.org\u003e. \n\n opensuse-security-announce@opensuse.org\n - SUSE\u0027s announce-only mailing list. \n Only SUSE\u0027s security announcements are sent to this list. \n To subscribe, send an e-mail to\n \u003copensuse-security-announce+subscribe@opensuse.org\u003e. \n The \u003csecurity@suse.de\u003e public key is listed below. \n =====================================================================\n______________________________________________________________________________\n\n The information in this advisory may be distributed or reproduced,\n provided that the advisory is not modified in any way. In particular, the\n clear text signature should show proof of the authenticity of the text. \n\n SUSE Linux Products GmbH provides no warranties of any kind whatsoever\n with respect to the information contained in this security advisory. \n\nType Bits/KeyID Date User ID\npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team \u003csecurity@suse.de\u003e\npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key \u003cbuild@suse.de\u003e\n\n- -----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1.4.2 (GNU/Linux)\n\nmQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA\nBqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz\nJR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh\n1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U\nP7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+\ncZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg\nVGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b\nyHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7\ntQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ\nxG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63\nOm8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo\nchoXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI\nBkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u\nv/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+\nx9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0\nIx30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq\nMkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2\nsaqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o\nL0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU\nF7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS\nFQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW\ntp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It\nKlj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF\nAjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+\n3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk\nYS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP\n+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR\n8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U\n8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S\ncZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh\nELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB\nUVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo\nAqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n\nKFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi\nBBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro\nnIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg\nKL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx\nyoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn\nB/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV\nwM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh\nUzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF\n5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3\nD3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu\nzgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd\n9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi\na5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13\nCNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp\n271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE\nt5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG\nB/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw\nrbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt\nIJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL\nrWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H\nRKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa\ng8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA\nCspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO\n=ypVs\n- -----END PGP PUBLIC KEY BLOCK-----\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.9 (GNU/Linux)\n\niQEVAwUBTdOSuney5gA9JdPZAQITxQf/Y5fPRPXZbk6J7KRCjiGoJ+zIfmIijKeh\nfF4WiLL02eRbTKbn/gVtb/bmxoRGRO6Np5q1XDjj253EWUc0Zn/oDWiXQzRvmir6\n3os2rjBfUGirpfVzAv0qSAiD7XbMUo/ohvcUwhAxb2PaWipRnynMzUANcARSJ924\n6YMitvr1IF+i8xDF8yThCFkkyjkDuBPzgomB6zs1/Fd+ku04mMFHLVYpf22DQcGh\nwYvHo46lMWURt+aLEu0TJ07OEocaARYfzwqUYuY/4FZ4ias+I1GjCjL1WldQxeA9\nrQ3AGEZ9YVARnkg4CwRHWcYlyYwobanDykmODfu20DWM0FOofrH6xw==\n=mivB\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\nFor more information:\nSA44590\n\nSOLUTION:\nUpdated packages are available via Red Hat Network. \n\nFor more information:\nSA44590\n\n2) An error within WebKit glue may result in an incorrect type cast. \n\n3) Multiple integer overflow errors exist within the handling of SVG\nfilters. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers and Adobe Security Advisories and\nBulletins referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=www-plugins/adobe-flash-10.3.183.10\"\n\nReferences\n==========\n\n[ 1 ] APSA11-01\n http://www.adobe.com/support/security/advisories/apsa11-01.html\n[ 2 ] APSA11-02\n http://www.adobe.com/support/security/advisories/apsa11-02.html\n[ 3 ] APSB11-02\n http://www.adobe.com/support/security/bulletins/apsb11-02.html\n[ 4 ] APSB11-12\n http://www.adobe.com/support/security/bulletins/apsb11-12.html\n[ 5 ] APSB11-13\n http://www.adobe.com/support/security/bulletins/apsb11-13.html\n[ 6 ] APSB11-21\n https://www.adobe.com/support/security/bulletins/apsb11-21.html\n[ 7 ] APSB11-26\n https://www.adobe.com/support/security/bulletins/apsb11-26.html\n[ 8 ] CVE-2011-0558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558\n[ 9 ] CVE-2011-0559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559\n[ 10 ] CVE-2011-0560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560\n[ 11 ] CVE-2011-0561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561\n[ 12 ] CVE-2011-0571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571\n[ 13 ] CVE-2011-0572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572\n[ 14 ] CVE-2011-0573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573\n[ 15 ] CVE-2011-0574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574\n[ 16 ] CVE-2011-0575\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575\n[ 17 ] CVE-2011-0577\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577\n[ 18 ] CVE-2011-0578\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578\n[ 19 ] CVE-2011-0579\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579\n[ 20 ] CVE-2011-0589\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589\n[ 21 ] CVE-2011-0607\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607\n[ 22 ] CVE-2011-0608\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608\n[ 23 ] CVE-2011-0609\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609\n[ 24 ] CVE-2011-0611\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611\n[ 25 ] CVE-2011-0618\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618\n[ 26 ] CVE-2011-0619\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619\n[ 27 ] CVE-2011-0620\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620\n[ 28 ] CVE-2011-0621\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621\n[ 29 ] CVE-2011-0622\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622\n[ 30 ] CVE-2011-0623\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623\n[ 31 ] CVE-2011-0624\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624\n[ 32 ] CVE-2011-0625\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625\n[ 33 ] CVE-2011-0626\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626\n[ 34 ] CVE-2011-0627\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627\n[ 35 ] CVE-2011-0628\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628\n[ 36 ] CVE-2011-2107\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107\n[ 37 ] CVE-2011-2110\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110\n[ 38 ] CVE-2011-2125\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135\n[ 39 ] CVE-2011-2130\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130\n[ 40 ] CVE-2011-2134\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134\n[ 41 ] CVE-2011-2136\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136\n[ 42 ] CVE-2011-2137\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137\n[ 43 ] CVE-2011-2138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138\n[ 44 ] CVE-2011-2139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139\n[ 45 ] CVE-2011-2140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140\n[ 46 ] CVE-2011-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414\n[ 47 ] CVE-2011-2415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415\n[ 48 ] CVE-2011-2416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416\n[ 49 ] CVE-2011-2417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417\n[ 50 ] CVE-2011-2424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424\n[ 51 ] CVE-2011-2425\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425\n[ 52 ] CVE-2011-2426\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426\n[ 53 ] CVE-2011-2427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427\n[ 54 ] CVE-2011-2428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428\n[ 55 ] CVE-2011-2429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429\n[ 56 ] CVE-2011-2430\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430\n[ 57 ] CVE-2011-2444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201110-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. ----------------------------------------------------------------------\n\n\nJoin Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria\nSee to the presentation \"The Dynamics and Threats of End-Point Software Portfolios\" by Secunia\u0027s Research Analyst Director, Stefan Frei. \nRead more:\nhttp://conference.first.org/ \n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Reader / Acrobat Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA43269\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43269/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269\n\nRELEASE DATE:\n2011-06-16\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43269/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43269/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Adobe Reader /\nAcrobat, which can be exploited by malicious people to conduct\ncross-site scripting attacks, disclose potentially sensitive\ninformation, bypass certain security restrictions, and compromise a\nuser\u0027s system. \n\n1) An error in 3difr.x3d due to the component trusting the provided\nstring length when processing certain files can be exploited to cause\na stack-based buffer overflow. \n\n2) An error in tesselate.x3d due to the component trusting the\nprovided string length when processing certain files can be exploited\nto cause a stack-based buffer overflow. \n\n3) An unspecified error can be exploited to cause a heap-based buffer\noverflow. \n\n4) An integer overflow error in ACE.dll when parsing the \"desc\" ICC\nchunk can be exploited to corrupt memory via a specially crafted PDF\nfile. \n\n5) An unspecified error can be exploited to corrupt memory. \n\n6) An unspecified error can be exploited to corrupt memory. \n\n7) An error due to the application loading certain unspecified\nlibraries in an insecure manner can be exploited to load arbitrary\nlibraries by tricking a user into e.g. opening a file located on a\nremote WebDAV or SMB share. \n\n9) An unspecified error can be exploited to bypass certain security\nrestrictions. \n\nThis vulnerability affects Adobe Reader and Acrobat X 10.x only. \n\n10) An unspecified error can be exploited to corrupt memory. \n\nThis vulnerability affects 8.x versions only. \n\n11) An unspecified error can be exploited to corrupt memory. \n\n12) An unspecified error can be exploited to corrupt memory. \n\n13) An unspecified error can be exploited to corrupt memory. \n\nFor more information:\nSA44590\nSA44846\n\nThe vulnerabilities are reported in the following products:\n* Adobe Reader X (10.0.1) and earlier for Windows. \n* Adobe Reader X (10.0.3) and earlier for Macintosh. \n* Adobe Reader 9.4.4 and earlier for Windows and Macintosh. \n* Adobe Reader 8.2.6 and earlier for Windows and Macintosh. \n* Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. \n* Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. \n* Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh. \n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\n1, 2) An anonymous person via ZDI. \n4) Secunia Research. \n\nThe vendor also credits:\n3, 6) Tarjei Mandt, Norman. \n5) Rodrigo Rubira Branco. \n7) Mila Parkour. \n8) Billy Rios, Google Security Team. \n9) Christian Navarrete, CubilFelino Security Research Lab. \n10) Tavis Ormandy, Google Security Team. \n11) Brett Gervasoni, Sense of Security. \n12) Will Dormann, CERT/CC. \n13) James Quirk, Los Alamos, New Mexico. \n\nORIGINAL ADVISORY:\nAdobe (APSB11-16):\nhttp://www.adobe.com/support/security/bulletins/apsb11-16.html\n\nSecunia Research:\nhttp://secunia.com/secunia_research/2011-41/\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-218/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-219/\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2011-0621" }, { "db": "JVNDB", "id": "JVNDB-2011-001647" }, { "db": "BID", "id": "47808" }, { "db": "VULHUB", "id": "VHN-48566" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-0621", "trust": 3.0 }, { "db": "BID", "id": "47808", "trust": 1.2 }, { "db": "SECUNIA", "id": "43269", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2011-001647", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201105-174", "trust": 0.7 }, { "db": "SECUNIA", "id": "44568", "trust": 0.7 }, { "db": "SECUNIA", "id": "44591", "trust": 0.7 }, { "db": "SECUNIA", "id": "44590", "trust": 0.7 }, { "db": "NSFOCUS", "id": "16829", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-48566", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101520", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101403", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101417", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105802", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-218", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-219", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "102309", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101414", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48566" }, { "db": "BID", "id": "47808" }, { "db": "JVNDB", "id": "JVNDB-2011-001647" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0621" }, { "db": "CNNVD", "id": "CNNVD-201105-174" } ] }, "id": "VAR-201105-0010", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-48566" } ], "trust": 0.24074074 }, "last_update_date": "2023-12-18T11:07:43.655000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB11-12", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "title": "cpsid_90300", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/903/cpsid_90300.html" }, { "title": "APSB11-12", "trust": 0.8, "url": "http://www.adobe.com/jp/support/security/bulletins/apsb11-12.html" }, { "title": "RHSA-2011:0511", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2011-0511.html" }, { "title": "Multiple vulnerabilities in Adobe Flashplayer", "trust": 0.8, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001647" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48566" }, { "db": "JVNDB", "id": "JVNDB-2011-001647" }, { "db": "NVD", "id": "CVE-2011-0621" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14160" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15739" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0621" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20110513-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2011/at110013.txt" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0621" }, { "trust": 0.8, "url": "http://secunia.com/advisories/43269" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/47808" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44568" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44590" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44591" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/16829" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.4, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.4, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.3, "url": "http://www.adobe.com" }, { "trust": 0.3, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer" }, { "trust": 0.3, "url": "http://www.blackberry.com/btsc/kb27365" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/127e996-10b83-4ab94539ab540/cert_xrx11-003_v1.0.pdf" }, { "trust": 0.3, "url": "http://twitter.com/secunia" }, { "trust": 0.3, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.3, "url": "http://www.facebook.com/secunia" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0624" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0627" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0619" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0626" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0622" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0618" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0625" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0589" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0621" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0623" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0620" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm" }, { "trust": 0.1, "url": "http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm" }, { "trust": 0.1, "url": "http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44568/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44568" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44568/" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-0511.html" }, { "trust": 0.1, "url": "http://feeds.feedburner.com/googlechromereleases" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44591/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44591/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44591" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0579" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0626" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2414" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2417" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0575" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0607" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2135" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0621" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0624" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2425" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2107" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2416" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-02.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2110" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0575" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2424" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0559" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-21.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2426" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0620" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0579" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-13.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0578" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2130" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2134" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0619" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2137" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2138" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2136" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0578" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0623" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0577" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0589" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0627" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2428" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-26.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0607" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2430" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2427" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201110-11.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2140" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0559" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0625" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-01.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0622" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0618" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0577" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43269/" }, { "trust": 0.1, "url": "http://conference.first.org/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43269/#comments" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-16.html" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-218/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-219/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_research/2011-41/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44590/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44590/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44590" } ], "sources": [ { "db": "VULHUB", "id": "VHN-48566" }, { "db": "BID", "id": "47808" }, { "db": "JVNDB", "id": "JVNDB-2011-001647" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0621" }, { "db": "CNNVD", "id": "CNNVD-201105-174" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-48566" }, { "db": "BID", "id": "47808" }, { "db": "JVNDB", "id": "JVNDB-2011-001647" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0621" }, { "db": "CNNVD", "id": "CNNVD-201105-174" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-05-13T00:00:00", "db": "VULHUB", "id": "VHN-48566" }, { "date": "2011-05-12T00:00:00", "db": "BID", "id": "47808" }, { "date": "2011-05-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001647" }, { "date": "2011-05-18T14:23:49", "db": "PACKETSTORM", "id": "101520" }, { "date": "2011-05-13T05:29:19", "db": "PACKETSTORM", "id": "101403" }, { "date": "2011-05-15T11:28:00", "db": "PACKETSTORM", "id": "101417" }, { "date": "2011-10-14T06:16:06", "db": "PACKETSTORM", "id": "105802" }, { "date": "2011-06-16T02:14:44", "db": "PACKETSTORM", "id": "102309" }, { "date": "2011-05-15T11:27:52", "db": "PACKETSTORM", "id": "101414" }, { "date": "2011-05-13T22:55:01.360000", "db": "NVD", "id": "CVE-2011-0621" }, { "date": "2011-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201105-174" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-30T00:00:00", "db": "VULHUB", "id": "VHN-48566" }, { "date": "2013-06-20T09:40:00", "db": "BID", "id": "47808" }, { "date": "2011-08-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001647" }, { "date": "2018-10-30T16:26:24.687000", "db": "NVD", "id": "CVE-2011-0621" }, { "date": "2011-05-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201105-174" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "105802" }, { "db": "CNNVD", "id": "CNNVD-201105-174" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001647" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer overflow", "sources": [ { "db": "CNNVD", "id": "CNNVD-201105-174" } ], "trust": 0.6 } }
var-200710-0644
Vulnerability from variot
Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors. Adobe Flash Player may load arbitrary, malformed cross-domain policy files. This could allow an attacker to control cross-domain data loading, potentially allowing the attacker to gain access to sensitive information or to manipulate content in other domains. Very few technical details are currently available. We will update this BID as more information emerges.
I.
The update addresses vulnerabilities in other vendors' products that ship with Apple OS X or OS X Server. These products include: * Adobe Flash * Adobe Shockwave * GNU Tar
II. Impact
The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, surreptitious video conference initiation, and denial of service.
III. This and other updates are available via Software Update or via Apple Downloads.
IV. Please send email to cert@cert.org with "TA07-352A Feedback VU#905292" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
December 18, 2007: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR2hR0fRFkHkM87XOAQL7Egf+NvQEwnN2IGDdDwMEb9C2RDw58FXq0EMZ 7SRO8qbrM0c+G3apLFlmCCivWpGHqms2hzrSeon/Ym1YstHQOQeoJANmsHA3SyKz Wx8TIG10jEiAgytMuyrYjf0w3alXBEsDgXcu8FRc5Z4dg7osMPe7Lco7vVfMvoZG IpEEQu98zxh2p+Vhf1XKr9UfUnkD4O88rRAs+M1oDZd46GH+JvkYLgLCmkMSwIcs Vi4M7J+KHUBBkaMZYjnp+YqRwNDq9sGskVEOVDMk9OXw7VhAR7Kf8/zo9Tt1h3P0 h9JeMBHHb0M0MEtYHx/7JxpleXS3LtyiL0kDb9cbMjxU0kKK9SKb/Q== =Y1jd -----END PGP SIGNATURE----- .
3) An error exists when pinning a hostname to an IP address. This can be exploited to bypass certain security restrictions on web servers hosting cross-domain policy files.
5) Input passed to unspecified parameters when handling the "asfunction:" protocol is not properly sanitised before being returned to the user. This can be exploited to inject arbitrary HTML and script code in a user's browser session in context of an affected site.
6) Input passed to unspecified parameters when calling the "navigateToURL" function is not properly sanitised before being returned to the user. This can be exploited to inject arbitrary HTML and script code in a user's browser session in context of an affected site.
7) An unspecified error can be exploited to modify HTTP headers and conduct HTTP request splitting attacks.
8) An error within the implementation of the Socket or XMLSocket ActionScript classes can be exploited to determine if a port on a remote host is opened or closed.
9) An error within the setting of memory permissions in Adobe Flash Player for Linux can be exploited by malicious, local users to gain escalated privileges.
For more information see vulnerability #3 in: SA27277
The vulnerabilities are reported in versions prior to 9.0.115.0. 3) The vendor credits Dan Boneh, Adam Barth, Andrew Bortz, Collin Jackson, and Weidong Shao of Stanford University. and JPCERT/CC. 6) The vendor credits Collin Jackson and Adam Barth of Stanford University. 9) The vendor credits Jesse Michael and Thomas Biege of SUSE.
-- SPARC Platform --
Solaris 10: Apply patch 125332-03 or later.
OpenSolaris: Fixed in build snv_89 or later.
-- x86 Platform --
Solaris 10: Apply patch 125333-03 or later.
OpenSolaris: Fixed in build snv_89 or later.
2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA28136
VERIFY ADVISORY: http://secunia.com/advisories/28136/
CRITICAL: Highly critical
IMPACT: Hijacking, Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access
WHERE:
From remote
OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/
DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) A format string error in the URL handler of Address Book can be exploited to execute arbitrary code when a user views a specially crafted web page.
2) An error in the handling of downloaded files in CFNetwork can be exploited via directory traversal attacks to automatically download files to arbitrary folders when a user is enticed to visit a specially crafted web page.
3) An unspecified error exists in ColorSync when processing images with an embedded ColorSync profile, which can be exploited to cause a memory corruption.
Successful exploitation may allow execution of arbitrary code.
4) A race condition exists in the "CFURLWriteDataAndPropertiesToResource" API, which can lead to files being created with insecure permissions.
5) A boundary error exists in the printer driver for CUPS. This can be exploited to cause a buffer overflow and allows an admin user to execute arbitrary code with system privileges by passing a specially crafted URI to the CUPS service.
6) A boundary error in CUPS can be exploited by malicious people to compromise a vulnerable system.
For more information: SA27233
7) An integer underflow error in the CUPS backend in the handling of SNMP responses can be exploited to cause a stack-based buffer overflow by sending a specially crafted SNMP response.
Successful exploitation allows execution of arbitrary code, but requires that SNMP is enabled.
8) A boundary error in Desktop Services can be exploited to cause a heap-based buffer overflow when a user opens a directory containing a specially crafted .DS_Store file.
Successful exploitation may allow execution of arbitrary code.
9) An input validation error in tar can be exploited by malicious people to compromise a user's system.
For more information: SA26573
10) An unspecified error in iChat can be exploited by malicious people on the local network to initiate a video connection without the user's approval.
11) An unspecified error exists within IO Storage Family when handling GUID partition maps within a disk image. This can be exploited to execute arbitrary code when a user is enticed to open a specially crafted disk image.
12) Launch Services does not handle HTML files as potentially unsafe content. This can be exploited to disclose sensitive information or conduct cross-site scripting attacks by enticing a user to open a specially crafted HTML file.
13) A vulnerability in Mail in the handling of unsafe file types can be exploited to compromise a user's system.
For more information: SA27785
14) An error in Mail can cause the application to default to SMTP plaintext authentication if the server supports only MD5 Challenge-Response authentication and plaintext authentication.
15) Some vulnerabilities in perl can be exploited by malicious people to compromise a vulnerable system.
For more information: SA27546
16) A security issue in python can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
For more information: SA26837
17) Plug-ins in Quick Look are not restricted from making network requests. This may lead to the disclosure of sensitive information when previewing an HTML file.
18) URLs contained in movie files may be accessed when creating an icon for a movie file or previewing a movie file using QuickLook.
19) Some security issues in ruby can be exploited by malicious people to conduct spoofing attacks.
For more information: SA26985
20) Some vulnerabilities and a security issue in Ruby on Rails can be exploited by malicious people to disclose sensitive information or to conduct session fixation attacks.
For more information: SA25699 SA27781
21) An error in Safari allows a page to navigate the subframes of any other page. This can be exploited to conduct cross-site scripting attacks and to disclose sensitive information when a user visits a specially crafted web page.
22) An unspecified error in Safari in the handling of RSS feeds can be exploited to cause a memory corruption and may allow execution of arbitrary code when a user accesses a specially crafted URL.
23) Some boundary errors in Samba can be exploited by malicious people to compromise a vulnerable system.
For more information: SA27450
24) Some boundary errors in the Shockwave Plug-in can be exploited by malicious people to compromise a user's system.
For more information: SA19218
25) A boundary error in the processing of command line arguments to "mount_smbfs" and "smbutil" can be exploited to cause a stack-based buffer overflow and execute arbitrary code with system privileges.
26) The distribution definition file used in Software Update is received by using HTTP without any authentication and allows execution of arbitrary commands.
Successful exploitation requires a MitM (Man-in-the-Middle) attack.
27) An error due to an insecure file operation exists in the handling of output files in SpinTracer. This may allow a malicious, local user to execute arbitrary code with system privileges.
28) An unspecified error exists in the Microsoft Office Spotlight Importer, which can be exploited to cause a memory corruption when a user downloads a specially crafted .xls file.
Successful exploitation may allow execution of arbitrary code.
29) Some vulnerabilities in tcpdump can be exploited by malicious people to cause a DoS or to compromise a user's system.
For more information: SA24318 SA26135
30) Some vulnerabilities exist the Perl Compatible Regular Expressions (PCRE) library used by XQuery, which can potentially be exploited to compromise a vulnerable system.
Security Update 2007-009 (10.4.11 Universal): http://www.apple.com/support/downloads/securityupdate200700910411universal.html
Security Update 2007-009 (10.4.11 PPC): http://www.apple.com/support/downloads/securityupdate200700910411ppc.html
Security Update 2007-009 (10.5.1): http://www.apple.com/support/downloads/securityupdate20070091051.html
PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Sean Harding. 3) The vendor credits Tom Ferris, Adobe Secure Software Engineering Team (ASSET). 5) The vendor credits Dave Camp, Critical Path Software. 7) The vendor credits Wei Wang, McAfee Avert Labs. 12) The vendor credits Michal Zalewski, Google Inc. 13) The vendor credits Xeno Kovah, originally reported in Mac OS X 10.5 by heise Security. 15) The vendor credits Tavis Ormandy and Will Drewry, Google Security Team. 18) The vendor credits Lukhnos D. Liu, Lithoglyph Inc. 26) Moritz Jodeit. 27) The vendor credits Kevin Finisterre, DigitalMunition
ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307179
OTHER REFERENCES: SA19218: http://secunia.com/advisories/19218/
SA24318: http://secunia.com/advisories/24318/
SA25699: http://secunia.com/advisories/25699/
SA26135: http://secunia.com/advisories/26135/
SA26573: http://secunia.com/advisories/26573/
SA26837: http://secunia.com/advisories/26837/
SA26985: http://secunia.com/advisories/26985/
SA27233: http://secunia.com/advisories/27233/
SA27450: http://secunia.com/advisories/27450/
SA27543: http://secunia.com/advisories/27543/
SA27546: http://secunia.com/advisories/27546/
SA27781: http://secunia.com/advisories/27781/
SA27785: http://secunia.com/advisories/27785/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200710-0644", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "6.01" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "3.00" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "3.62" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "6.04" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "8.50" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "8.54" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "7.60" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "4.02" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "9.20" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "4.01" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "6.06" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "6.11" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "7.02" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "3.61" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "5.12" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "3.10" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "5.10" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "6.02" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "3.60" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "6.12" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "8.52" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "9.21" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "7.10" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "9.02" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "3.51" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "7.23" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "8.01" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "9.12" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "9.0" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "6.05" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "1.00" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "8.0" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "6.1" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "7.54" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "7.52" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "6.0" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "9.01" }, { "model": "browser", "scope": "lte", "trust": 1.0, "vendor": "opera", "version": "9.23" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "7.51" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "2.10" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "3.21" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "5.02" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "4.00" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "5.11" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "7.03" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "9.10" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "2.00" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "7.11" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "7.21" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "8.02" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "7.50" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "6.03" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "7.01" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "5.0" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "7.20" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "8.51" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "2.12" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "7.53" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "3.50" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "8.53" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "7.22" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "9.22" }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": "7.0" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "adobe", "version": null }, { "model": "opera", "scope": "lt", "trust": 0.8, "vendor": "opera asa", "version": "version" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.1" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "7.0.70.0 and earlier" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "9.0.48.0 and earlier" }, { "model": "opera", "scope": "eq", "trust": 0.8, "vendor": "opera asa", "version": "for mac os version 9.24" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.4.11" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "8.0.35.0 and earlier" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.1" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.4.11" }, { "model": "mac os x", "scope": null, "trust": 0.6, "vendor": "apple", "version": null }, { "model": "solaris 10.0 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "10.0" }, { "model": "opensolaris build snv 88", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "networks self-service peri workstation", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "0" }, { "model": "networks self-service peri application", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "0" }, { "model": "networks self-service mps", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "10000" }, { "model": "networks self-service media processing server", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "0" }, { "model": "networks self-service ccss7", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "-0" }, { "model": "networks self-service", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.11" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.11" }, { "model": "flex", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.0.34.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "7.0.69.0" }, { "model": "flash cs3 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" } ], "sources": [ { "db": "CERT/CC", "id": "VU#935737" }, { "db": "BID", "id": "26274" }, { "db": "JVNDB", "id": "JVNDB-2007-001049" }, { "db": "NVD", "id": "CVE-2007-5476" }, { "db": "CNNVD", "id": "CNNVD-200710-314" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.23", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:9.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:9.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:9.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:8.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:8.53:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:7.52:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:7.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:7.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:7.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:7.01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:7.60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:6.1:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:6.06:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:6.0:tp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:6.0:tp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:5.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:4.00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:4.02:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:3.62:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:3.62:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:3.00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:3.00:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:9.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:9.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:8.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:8.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:8.52:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:7.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:7.50:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:7.20:beta7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:7.11:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:7.10:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:6.03:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:6.02:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:5.0:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:5.0:beta6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:5.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:4.00:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:4.00:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:3.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:3.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:2.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:2.10:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:2.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.0.47.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:9.02:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:9.01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:8.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:8.01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:7.54:update2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:7.54:update1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:7.53:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:7.03:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:7.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:7.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:6.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:6.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:6.01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:6.0:tp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:5.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:5.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:5.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:5.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:5.02:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:4.00:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:4.00:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:3.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:3.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:2.00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:1.00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:9.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:9.20:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:9.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:8.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:8.02:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:8.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:7.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:7.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:7.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:7.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:7.02:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:7.0:beta1_v2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:6.05:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:6.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:6.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:6.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:5.0:beta8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:5.0:beta7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:4.00:beta6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:4.01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:3.60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:3.61:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:2.10:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opera:opera_browser:2.10:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2007-5476" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Opera Software is credited with the discovery of this issue.", "sources": [ { "db": "BID", "id": "26274" }, { "db": "CNNVD", "id": "CNNVD-200710-314" } ], "trust": 0.9 }, "cve": "CVE-2007-5476", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 10.0, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2007-5476", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "VHN-28838", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2007-5476", "trust": 1.8, "value": "HIGH" }, { "author": "CARNEGIE MELLON", "id": "VU#935737", "trust": 0.8, "value": "23.29" }, { "author": "CNNVD", "id": "CNNVD-200710-314", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-28838", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#935737" }, { "db": "VULHUB", "id": "VHN-28838" }, { "db": "JVNDB", "id": "JVNDB-2007-001049" }, { "db": "NVD", "id": "CVE-2007-5476" }, { "db": "CNNVD", "id": "CNNVD-200710-314" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown \"Highly Severe\" impact and unknown attack vectors. Adobe Flash Player may load arbitrary, malformed cross-domain policy files. This could allow an attacker to control cross-domain data loading, potentially allowing the attacker to gain access to sensitive information or to manipulate content in other domains. \nVery few technical details are currently available. We will update this BID as more information emerges. \n\nI. \n\n The update addresses vulnerabilities in other vendors\u0027 products that\n ship with Apple OS X or OS X Server. These products include:\n * Adobe Flash\n * Adobe Shockwave\n * GNU Tar\n\nII. Impact\n\n The impacts of these vulnerabilities vary. Potential consequences\n include arbitrary code execution, sensitive information disclosure,\n surreptitious video conference initiation, and denial of service. \n\nIII. This and other updates are\n available via Software Update or via Apple Downloads. \n\nIV. Please send\n email to \u003ccert@cert.org\u003e with \"TA07-352A Feedback VU#905292\" in the\n subject. \n _________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n _________________________________________________________________\n\n Produced 2007 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n _________________________________________________________________\n\nRevision History\n\n December 18, 2007: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBR2hR0fRFkHkM87XOAQL7Egf+NvQEwnN2IGDdDwMEb9C2RDw58FXq0EMZ\n7SRO8qbrM0c+G3apLFlmCCivWpGHqms2hzrSeon/Ym1YstHQOQeoJANmsHA3SyKz\nWx8TIG10jEiAgytMuyrYjf0w3alXBEsDgXcu8FRc5Z4dg7osMPe7Lco7vVfMvoZG\nIpEEQu98zxh2p+Vhf1XKr9UfUnkD4O88rRAs+M1oDZd46GH+JvkYLgLCmkMSwIcs\nVi4M7J+KHUBBkaMZYjnp+YqRwNDq9sGskVEOVDMk9OXw7VhAR7Kf8/zo9Tt1h3P0\nh9JeMBHHb0M0MEtYHx/7JxpleXS3LtyiL0kDb9cbMjxU0kKK9SKb/Q==\n=Y1jd\n-----END PGP SIGNATURE-----\n. \n\n3) An error exists when pinning a hostname to an IP address. \nThis can be exploited to bypass certain security restrictions on web\nservers hosting cross-domain policy files. \n\n5) Input passed to unspecified parameters when handling the\n\"asfunction:\" protocol is not properly sanitised before being\nreturned to the user. This can be exploited to inject arbitrary HTML\nand script code in a user\u0027s browser session in context of an affected\nsite. \n\n6) Input passed to unspecified parameters when calling the\n\"navigateToURL\" function is not properly sanitised before being\nreturned to the user. This can be exploited to inject arbitrary HTML\nand script code in a user\u0027s browser session in context of an affected\nsite. \n\n7) An unspecified error can be exploited to modify HTTP headers and\nconduct HTTP request splitting attacks. \n\n8) An error within the implementation of the Socket or XMLSocket\nActionScript classes can be exploited to determine if a port on a\nremote host is opened or closed. \n\n9) An error within the setting of memory permissions in Adobe Flash\nPlayer for Linux can be exploited by malicious, local users to gain\nescalated privileges. \n\nFor more information see vulnerability #3 in:\nSA27277 \n\nThe vulnerabilities are reported in versions prior to 9.0.115.0. \n3) The vendor credits Dan Boneh, Adam Barth, Andrew Bortz, Collin\nJackson, and Weidong Shao of Stanford University. and\nJPCERT/CC. \n6) The vendor credits Collin Jackson and Adam Barth of Stanford\nUniversity. \n9) The vendor credits Jesse Michael and Thomas Biege of SUSE. \n\n-- SPARC Platform --\n\nSolaris 10:\nApply patch 125332-03 or later. \n\nOpenSolaris:\nFixed in build snv_89 or later. \n\n-- x86 Platform --\n\nSolaris 10:\nApply patch 125333-03 or later. \n\nOpenSolaris:\nFixed in build snv_89 or later. \n----------------------------------------------------------------------\n\n2003: 2,700 advisories published\n2004: 3,100 advisories published\n2005: 4,600 advisories published\n2006: 5,300 advisories published\n\nHow do you know which Secunia advisories are important to you?\n\nThe Secunia Vulnerability Intelligence Solutions allows you to filter\nand structure all the information you need, so you can address issues\neffectively. \n\nGet a free trial of the Secunia Vulnerability Intelligence Solutions:\nhttp://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv\n\n----------------------------------------------------------------------\n\nTITLE:\nApple Mac OS X Security Update Fixes Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA28136\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28136/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nHijacking, Security Bypass, Cross Site Scripting, Exposure of system\ninformation, Exposure of sensitive information, Privilege escalation,\nDoS, System access\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nApple Macintosh OS X\nhttp://secunia.com/product/96/\n\nDESCRIPTION:\nApple has issued a security update for Mac OS X, which fixes multiple\nvulnerabilities. \n\n1) A format string error in the URL handler of Address Book can be\nexploited to execute arbitrary code when a user views a specially\ncrafted web page. \n\n2) An error in the handling of downloaded files in CFNetwork can be\nexploited via directory traversal attacks to automatically download\nfiles to arbitrary folders when a user is enticed to visit a\nspecially crafted web page. \n\n3) An unspecified error exists in ColorSync when processing images\nwith an embedded ColorSync profile, which can be exploited to cause a\nmemory corruption. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\n4) A race condition exists in the\n\"CFURLWriteDataAndPropertiesToResource\" API, which can lead to files\nbeing created with insecure permissions. \n\n5) A boundary error exists in the printer driver for CUPS. This can\nbe exploited to cause a buffer overflow and allows an admin user to\nexecute arbitrary code with system privileges by passing a specially\ncrafted URI to the CUPS service. \n\n6) A boundary error in CUPS can be exploited by malicious people to\ncompromise a vulnerable system. \n\nFor more information:\nSA27233\n\n7) An integer underflow error in the CUPS backend in the handling of\nSNMP responses can be exploited to cause a stack-based buffer\noverflow by sending a specially crafted SNMP response. \n\nSuccessful exploitation allows execution of arbitrary code, but\nrequires that SNMP is enabled. \n\n8) A boundary error in Desktop Services can be exploited to cause a\nheap-based buffer overflow when a user opens a directory containing a\nspecially crafted .DS_Store file. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\n9) An input validation error in tar can be exploited by malicious\npeople to compromise a user\u0027s system. \n\nFor more information:\nSA26573\n\n10) An unspecified error in iChat can be exploited by malicious\npeople on the local network to initiate a video connection without\nthe user\u0027s approval. \n\n11) An unspecified error exists within IO Storage Family when\nhandling GUID partition maps within a disk image. This can be\nexploited to execute arbitrary code when a user is enticed to open a\nspecially crafted disk image. \n\n12) Launch Services does not handle HTML files as potentially unsafe\ncontent. This can be exploited to disclose sensitive information or\nconduct cross-site scripting attacks by enticing a user to open a\nspecially crafted HTML file. \n\n13) A vulnerability in Mail in the handling of unsafe file types can\nbe exploited to compromise a user\u0027s system. \n\nFor more information:\nSA27785\n\n14) An error in Mail can cause the application to default to SMTP\nplaintext authentication if the server supports only MD5\nChallenge-Response authentication and plaintext authentication. \n\n15) Some vulnerabilities in perl can be exploited by malicious people\nto compromise a vulnerable system. \n\nFor more information:\nSA27546\n\n16) A security issue in python can be exploited by malicious people\nto cause a DoS (Denial of Service) and potentially compromise a\nvulnerable system. \n\nFor more information:\nSA26837\n\n17) Plug-ins in Quick Look are not restricted from making network\nrequests. This may lead to the disclosure of sensitive information\nwhen previewing an HTML file. \n\n18) URLs contained in movie files may be accessed when creating an\nicon for a movie file or previewing a movie file using QuickLook. \n\n19) Some security issues in ruby can be exploited by malicious people\nto conduct spoofing attacks. \n\nFor more information:\nSA26985\n\n20) Some vulnerabilities and a security issue in Ruby on Rails can be\nexploited by malicious people to disclose sensitive information or to\nconduct session fixation attacks. \n\nFor more information:\nSA25699\nSA27781\n\n21) An error in Safari allows a page to navigate the subframes of any\nother page. This can be exploited to conduct cross-site scripting\nattacks and to disclose sensitive information when a user visits a\nspecially crafted web page. \n\n22) An unspecified error in Safari in the handling of RSS feeds can\nbe exploited to cause a memory corruption and may allow execution of\narbitrary code when a user accesses a specially crafted URL. \n\n23) Some boundary errors in Samba can be exploited by malicious\npeople to compromise a vulnerable system. \n\nFor more information:\nSA27450\n\n24) Some boundary errors in the Shockwave Plug-in can be exploited by\nmalicious people to compromise a user\u0027s system. \n\nFor more information:\nSA19218\n\n25) A boundary error in the processing of command line arguments to\n\"mount_smbfs\" and \"smbutil\" can be exploited to cause a stack-based\nbuffer overflow and execute arbitrary code with system privileges. \n\n26) The distribution definition file used in Software Update is\nreceived by using HTTP without any authentication and allows\nexecution of arbitrary commands. \n\nSuccessful exploitation requires a MitM (Man-in-the-Middle) attack. \n\n27) An error due to an insecure file operation exists in the handling\nof output files in SpinTracer. This may allow a malicious, local user\nto execute arbitrary code with system privileges. \n\n28) An unspecified error exists in the Microsoft Office Spotlight\nImporter, which can be exploited to cause a memory corruption when a\nuser downloads a specially crafted .xls file. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\n29) Some vulnerabilities in tcpdump can be exploited by malicious\npeople to cause a DoS or to compromise a user\u0027s system. \n\nFor more information:\nSA24318\nSA26135\n\n30) Some vulnerabilities exist the Perl Compatible Regular\nExpressions (PCRE) library used by XQuery, which can potentially be\nexploited to compromise a vulnerable system. \n\nSecurity Update 2007-009 (10.4.11 Universal):\nhttp://www.apple.com/support/downloads/securityupdate200700910411universal.html\n\nSecurity Update 2007-009 (10.4.11 PPC):\nhttp://www.apple.com/support/downloads/securityupdate200700910411ppc.html\n\nSecurity Update 2007-009 (10.5.1):\nhttp://www.apple.com/support/downloads/securityupdate20070091051.html\n\nPROVIDED AND/OR DISCOVERED BY:\n2) The vendor credits Sean Harding. \n3) The vendor credits Tom Ferris, Adobe Secure Software Engineering\nTeam (ASSET). \n5) The vendor credits Dave Camp, Critical Path Software. \n7) The vendor credits Wei Wang, McAfee Avert Labs. \n12) The vendor credits Michal Zalewski, Google Inc. \n13) The vendor credits Xeno Kovah, originally reported in Mac OS X\n10.5 by heise Security. \n15) The vendor credits Tavis Ormandy and Will Drewry, Google Security\nTeam. \n18) The vendor credits Lukhnos D. Liu, Lithoglyph Inc. \n26) Moritz Jodeit. \n27) The vendor credits Kevin Finisterre, DigitalMunition\n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=307179\n\nOTHER REFERENCES:\nSA19218:\nhttp://secunia.com/advisories/19218/\n\nSA24318:\nhttp://secunia.com/advisories/24318/\n\nSA25699:\nhttp://secunia.com/advisories/25699/\n\nSA26135:\nhttp://secunia.com/advisories/26135/\n\nSA26573:\nhttp://secunia.com/advisories/26573/\n\nSA26837:\nhttp://secunia.com/advisories/26837/\n\nSA26985:\nhttp://secunia.com/advisories/26985/\n\nSA27233:\nhttp://secunia.com/advisories/27233/\n\nSA27450:\nhttp://secunia.com/advisories/27450/\n\nSA27543:\nhttp://secunia.com/advisories/27543/\n\nSA27546:\nhttp://secunia.com/advisories/27546/\n\nSA27781:\nhttp://secunia.com/advisories/27781/\n\nSA27785:\nhttp://secunia.com/advisories/27785/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n", "sources": [ { "db": "NVD", "id": "CVE-2007-5476" }, { "db": "CERT/CC", "id": "VU#935737" }, { "db": "JVNDB", "id": "JVNDB-2007-001049" }, { "db": "BID", "id": "26274" }, { "db": "VULHUB", "id": "VHN-28838" }, { "db": "PACKETSTORM", "id": "61950" }, { "db": "PACKETSTORM", "id": "61957" }, { "db": "PACKETSTORM", "id": "66949" }, { "db": "PACKETSTORM", "id": "61915" } ], "trust": 3.06 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SECUNIA", "id": "28161", "trust": 3.4 }, { "db": "BID", "id": "26274", "trust": 2.8 }, { "db": "NVD", "id": "CVE-2007-5476", "trust": 2.8 }, { "db": "USCERT", "id": "TA07-352A", "trust": 2.6 }, { "db": "SECUNIA", "id": "28136", "trust": 2.6 }, { "db": "USCERT", "id": "TA07-355A", "trust": 2.5 }, { "db": "SECTRACK", "id": "1018830", "trust": 2.5 }, { "db": "SECUNIA", "id": "30507", "trust": 1.8 }, { "db": "VUPEN", "id": "ADV-2007-4258", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2007-4238", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-1724", "trust": 1.7 }, { "db": "XF", "id": "37250", "trust": 1.4 }, { "db": "CERT/CC", "id": "VU#935737", "trust": 0.8 }, { "db": "USCERT", "id": "SA07-352A", "trust": 0.8 }, { "db": "USCERT", "id": "SA07-355A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2007-001049", "trust": 0.8 }, { "db": "CERT/CC", "id": "TA07-355A", "trust": 0.6 }, { "db": "CERT/CC", "id": "TA07-352A", "trust": 0.6 }, { "db": "SUNALERT", "id": "238305", "trust": 0.6 }, { "db": "APPLE", "id": "APPLE-SA-2007-12-17", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-200710-314", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-28838", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "61950", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "61957", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "66949", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "61915", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#935737" }, { "db": "VULHUB", "id": "VHN-28838" }, { "db": "BID", "id": "26274" }, { "db": "JVNDB", "id": "JVNDB-2007-001049" }, { "db": "PACKETSTORM", "id": "61950" }, { "db": "PACKETSTORM", "id": "61957" }, { "db": "PACKETSTORM", "id": "66949" }, { "db": "PACKETSTORM", "id": "61915" }, { "db": "NVD", "id": "CVE-2007-5476" }, { "db": "CNNVD", "id": "CNNVD-200710-314" } ] }, "id": "VAR-200710-0644", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-28838" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:50:08.270000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB07-20", "trust": 1.6, "url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html" }, { "title": "APSA07-05", "trust": 0.8, "url": "http://www.adobe.com/support/security/advisories/apsa07-05.html" }, { "title": "APSA07-05", "trust": 0.8, "url": "http://www.adobe.com/jp/support/security/advisories/apsa07-05.html" }, { "title": "Security Update 2007-009", "trust": 0.8, "url": "http://docs.info.apple.com/article.html?artnum=307179-en" }, { "title": "Security Update 2007-009", "trust": 0.8, "url": "http://docs.info.apple.com/article.html?artnum=307179-ja" }, { "title": "868", "trust": 0.8, "url": "http://www.opera.com/support/search/view/868/" }, { "title": "TA07-355A", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta07-355a.html" }, { "title": "TA07-352A", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta07-352a.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-001049" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2007-5476" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.9, "url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html" }, { "trust": 2.5, "url": "http://www.securityfocus.com/bid/26274" }, { "trust": 2.5, "url": "http://www.us-cert.gov/cas/techalerts/ta07-352a.html" }, { "trust": 2.5, "url": "http://www.us-cert.gov/cas/techalerts/ta07-355a.html" }, { "trust": 2.5, "url": "http://secunia.com/advisories/28136" }, { "trust": 2.5, "url": "http://secunia.com/advisories/28161" }, { "trust": 2.0, "url": "http://www.adobe.com/support/security/advisories/apsa07-05.html" }, { "trust": 2.0, "url": "http://www.opera.com/support/search/view/868/" }, { "trust": 1.8, "url": "http://docs.info.apple.com/article.html?artnum=307179" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2007/dec/msg00002.html" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id?1018830" }, { "trust": 1.7, "url": "http://secunia.com/advisories/30507" }, { "trust": 1.7, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1" }, { "trust": 1.4, "url": "http://www.frsirt.com/english/advisories/2007/4238" }, { "trust": 1.4, "url": "http://www.frsirt.com/english/advisories/2007/4258" }, { "trust": 1.4, "url": "http://xforce.iss.net/xforce/xfdb/37250" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2007/4238" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2007/4258" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2008/1724/references" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37250" }, { "trust": 1.0, "url": "http://secunia.com/advisories/28161/" }, { "trust": 0.8, "url": "http://www.adobe.com/devnet/flash/articles/fplayer_security.html" }, { "trust": 0.8, "url": "http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html" }, { "trust": 0.8, "url": "http://www.adobe.com/devnet/flashplayer/articles/cross_domain_policy.html" }, { "trust": 0.8, "url": "http://jvn.jp/jp/jvn%2345675516/index.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5476" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnta07-352a/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnta07-355a/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/tr/trta07-352a/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/tr/trta07-355a/index.html" }, { "trust": 0.8, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5476" }, { "trust": 0.8, "url": "http://securitytracker.com/id?1018830" }, { "trust": 0.8, "url": "http://www.us-cert.gov/cas/alerts/sa07-352a.html" }, { "trust": 0.8, "url": "http://www.us-cert.gov/cas/alerts/sa07-355a.html" }, { "trust": 0.8, "url": "http://www.cyberpolice.go.jp/important/2007/20071219_160713.html" }, { "trust": 0.6, "url": "http://www.frsirt.com/english/advisories/2008/1724/references" }, { "trust": 0.4, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238305-1" }, { "trust": 0.3, "url": "http://www.adobe.com" }, { "trust": 0.3, "url": "http://www.opera.com/download/index.dml?custom=yes" }, { "trust": 0.3, "url": "http://support.nortel.com/go/main.jsp?cscat=bltndetail\u0026id=745016" }, { "trust": 0.3, "url": "http://secunia.com/secunia_security_advisories/" }, { "trust": 0.3, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.3, "url": "http://secunia.com/about_secunia_advisories/" }, { "trust": 0.2, "url": "http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv" }, { "trust": 0.2, "url": "http://secunia.com/advisories/27543/" }, { "trust": 0.1, "url": "http://docs.info.apple.com/article.html?artnum=307179\u003e" }, { "trust": 0.1, "url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=apple-2007-009\u003e" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/\u003e" }, { "trust": 0.1, "url": "http://docs.info.apple.com/article.html?artnum=106704\u003e" }, { "trust": 0.1, "url": "http://www.us-cert.gov/cas/signup.html\u003e." }, { "trust": 0.1, "url": "http://www.us-cert.gov/legal.html\u003e" }, { "trust": 0.1, "url": "http://www.us-cert.gov/cas/techalerts/ta07-352a.html\u003e" }, { "trust": 0.1, "url": "http://secunia.com/product/11901/" }, { "trust": 0.1, "url": "http://secunia.com/product/6153/" }, { "trust": 0.1, "url": "http://www.stage.adobe.com/go/getflash" }, { "trust": 0.1, "url": "http://secunia.com/advisories/27277/" }, { "trust": 0.1, "url": "http://secunia.com/product/14760/" }, { "trust": 0.1, "url": "http://www.adobe.com/support/flash/downloads.html" }, { "trust": 0.1, "url": "http://www.stage.adobe.com/support/flashplayer/downloads.html#fp9" }, { "trust": 0.1, "url": "http://www.stage.adobe.com/licensing/distribution" }, { "trust": 0.1, "url": "http://secunia.com/product/2634/" }, { "trust": 0.1, "url": "http://secunia.com/product/14231/" }, { "trust": 0.1, "url": "http://secunia.com/product/7024/" }, { "trust": 0.1, "url": "http://secunia.com/product/4813/" }, { "trust": 0.1, "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_security_specialist/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/28083/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/30507/" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/securityupdate200700910411universal.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/28136/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/26837/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/24318/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/27785/" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/securityupdate20070091051.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/26135/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/26985/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/27450/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/27546/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/27233/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/27781/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/25699/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/26573/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/19218/" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/securityupdate200700910411ppc.html" }, { "trust": 0.1, "url": "http://secunia.com/product/96/" } ], "sources": [ { "db": "CERT/CC", "id": "VU#935737" }, { "db": "VULHUB", "id": "VHN-28838" }, { "db": "BID", "id": "26274" }, { "db": "JVNDB", "id": "JVNDB-2007-001049" }, { "db": "PACKETSTORM", "id": "61950" }, { "db": "PACKETSTORM", "id": "61957" }, { "db": "PACKETSTORM", "id": "66949" }, { "db": "PACKETSTORM", "id": "61915" }, { "db": "NVD", "id": "CVE-2007-5476" }, { "db": "CNNVD", "id": "CNNVD-200710-314" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#935737" }, { "db": "VULHUB", "id": "VHN-28838" }, { "db": "BID", "id": "26274" }, { "db": "JVNDB", "id": "JVNDB-2007-001049" }, { "db": "PACKETSTORM", "id": "61950" }, { "db": "PACKETSTORM", "id": "61957" }, { "db": "PACKETSTORM", "id": "66949" }, { "db": "PACKETSTORM", "id": "61915" }, { "db": "NVD", "id": "CVE-2007-5476" }, { "db": "CNNVD", "id": "CNNVD-200710-314" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2008-03-25T00:00:00", "db": "CERT/CC", "id": "VU#935737" }, { "date": "2007-10-18T00:00:00", "db": "VULHUB", "id": "VHN-28838" }, { "date": "2007-10-31T00:00:00", "db": "BID", "id": "26274" }, { "date": "2008-01-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2007-001049" }, { "date": "2007-12-20T00:43:04", "db": "PACKETSTORM", "id": "61950" }, { "date": "2007-12-20T01:37:58", "db": "PACKETSTORM", "id": "61957" }, { "date": "2008-06-04T00:32:02", "db": "PACKETSTORM", "id": "66949" }, { "date": "2007-12-19T00:48:29", "db": "PACKETSTORM", "id": "61915" }, { "date": "2007-10-18T00:17:00", "db": "NVD", "id": "CVE-2007-5476" }, { "date": "2007-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-200710-314" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2008-03-25T00:00:00", "db": "CERT/CC", "id": "VU#935737" }, { "date": "2017-07-29T00:00:00", "db": "VULHUB", "id": "VHN-28838" }, { "date": "2008-07-15T23:09:00", "db": "BID", "id": "26274" }, { "date": "2008-01-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2007-001049" }, { "date": "2017-07-29T01:33:41.867000", "db": "NVD", "id": "CVE-2007-5476" }, { "date": "2007-10-24T00:00:00", "db": "CNNVD", "id": "CNNVD-200710-314" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200710-314" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player may load arbitrary, malformed cross-domain policy files", "sources": [ { "db": "CERT/CC", "id": "VU#935737" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-200710-314" } ], "trust": 0.6 } }
var-201011-0240
Vulnerability from variot
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions. NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest stable version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
[ 1 ] APSB10-06 http://www.adobe.com/support/security/bulletins/apsb10-06.html [ 2 ] APSB10-14 http://www.adobe.com/support/security/bulletins/apsb10-14.html [ 3 ] APSB10-16 http://www.adobe.com/support/security/bulletins/apsb10-16.html [ 4 ] APSB10-22 http://www.adobe.com/support/security/bulletins/apsb10-22.html [ 5 ] APSB10-26 http://www.adobe.com/support/security/bulletins/apsb10-26.html [ 6 ] CVE-2008-4546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546 [ 7 ] CVE-2009-3793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793 [ 8 ] CVE-2010-0186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186 [ 9 ] CVE-2010-0187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187 [ 10 ] CVE-2010-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209 [ 11 ] CVE-2010-1297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297 [ 12 ] CVE-2010-2160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160 [ 13 ] CVE-2010-2161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161 [ 14 ] CVE-2010-2162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162 [ 15 ] CVE-2010-2163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163 [ 16 ] CVE-2010-2164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164 [ 17 ] CVE-2010-2165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165 [ 18 ] CVE-2010-2166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166 [ 19 ] CVE-2010-2167 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167 [ 20 ] CVE-2010-2169 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169 [ 21 ] CVE-2010-2170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170 [ 22 ] CVE-2010-2171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171 [ 23 ] CVE-2010-2172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172 [ 24 ] CVE-2010-2173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173 [ 25 ] CVE-2010-2174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174 [ 26 ] CVE-2010-2175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175 [ 27 ] CVE-2010-2176 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176 [ 28 ] CVE-2010-2177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177 [ 29 ] CVE-2010-2178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178 [ 30 ] CVE-2010-2179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179 [ 31 ] CVE-2010-2180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180 [ 32 ] CVE-2010-2181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181 [ 33 ] CVE-2010-2182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182 [ 34 ] CVE-2010-2183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183 [ 35 ] CVE-2010-2184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184 [ 36 ] CVE-2010-2185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185 [ 37 ] CVE-2010-2186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186 [ 38 ] CVE-2010-2187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187 [ 39 ] CVE-2010-2188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188 [ 40 ] CVE-2010-2189 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189 [ 41 ] CVE-2010-2213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213 [ 42 ] CVE-2010-2214 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214 [ 43 ] CVE-2010-2215 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215 [ 44 ] CVE-2010-2216 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216 [ 45 ] CVE-2010-2884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884 [ 46 ] CVE-2010-3636 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636 [ 47 ] CVE-2010-3639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639 [ 48 ] CVE-2010-3640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640 [ 49 ] CVE-2010-3641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641 [ 50 ] CVE-2010-3642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642 [ 51 ] CVE-2010-3643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643 [ 52 ] CVE-2010-3644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644 [ 53 ] CVE-2010-3645 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645 [ 54 ] CVE-2010-3646 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646 [ 55 ] CVE-2010-3647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647 [ 56 ] CVE-2010-3648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648 [ 57 ] CVE-2010-3649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649 [ 58 ] CVE-2010-3650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650 [ 59 ] CVE-2010-3652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652 [ 60 ] CVE-2010-3654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654 [ 61 ] CVE-2010-3976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information: SA38547 SA40026 SA40907 SA41434 SA41917
SOLUTION: Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta: http://secunia.com/products/corporate/vim/
TITLE: Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID: SA41917
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE: 2010-10-29
DISCUSS ADVISORY: http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been discovered in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a fully patched Windows XP Professional SP3. Other versions may also be affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION: Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day.
ORIGINAL ADVISORY: Adobe APSA10-05: http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour: http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
For more information: SA41917
SOLUTION: Updated packages are available via Red Hat Network
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201011-0240", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "10.0" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "flash player", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "air", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "2.0.4" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs3 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs4 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.95.1 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "3" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.8.z extras" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.52.14.1" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.52.15" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.0.45.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "air", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "2.5.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2.12610" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.4" }, { "model": "solaris express", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.01" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.1" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9130" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9120" }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.0" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" } ], "sources": [ { "db": "BID", "id": "44683" }, { "db": "JVNDB", "id": "JVNDB-2010-002331" }, { "db": "CNNVD", "id": "CNNVD-201011-079" }, { "db": "NVD", "id": "CVE-2010-3647" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.289.0", "versionStartIncluding": "9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.1.102.64", "versionStartIncluding": "10.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:sun:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.1.95.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3647" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Will Dormman of CERT", "sources": [ { "db": "BID", "id": "44683" }, { "db": "CNNVD", "id": "CNNVD-201011-079" } ], "trust": 0.9 }, "cve": "CVE-2010-3647", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2010-3647", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-46252", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2010-3647", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201011-079", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-46252", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-46252" }, { "db": "JVNDB", "id": "JVNDB-2010-002331" }, { "db": "CNNVD", "id": "CNNVD-201011-079" }, { "db": "NVD", "id": "CVE-2010-3647" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions. \nNOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. For\nfurther information please consult the CVE entries and the Adobe\nSecurity Bulletins referenced below. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest stable\nversion:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=www-plugins/adobe-flash-10.1.102.64\"\n\nReferences\n==========\n\n [ 1 ] APSB10-06\n http://www.adobe.com/support/security/bulletins/apsb10-06.html\n [ 2 ] APSB10-14\n http://www.adobe.com/support/security/bulletins/apsb10-14.html\n [ 3 ] APSB10-16\n http://www.adobe.com/support/security/bulletins/apsb10-16.html\n [ 4 ] APSB10-22\n http://www.adobe.com/support/security/bulletins/apsb10-22.html\n [ 5 ] APSB10-26\n http://www.adobe.com/support/security/bulletins/apsb10-26.html\n [ 6 ] CVE-2008-4546\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546\n [ 7 ] CVE-2009-3793\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793\n [ 8 ] CVE-2010-0186\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186\n [ 9 ] CVE-2010-0187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187\n [ 10 ] CVE-2010-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209\n [ 11 ] CVE-2010-1297\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297\n [ 12 ] CVE-2010-2160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160\n [ 13 ] CVE-2010-2161\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161\n [ 14 ] CVE-2010-2162\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162\n [ 15 ] CVE-2010-2163\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163\n [ 16 ] CVE-2010-2164\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164\n [ 17 ] CVE-2010-2165\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165\n [ 18 ] CVE-2010-2166\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166\n [ 19 ] CVE-2010-2167\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167\n [ 20 ] CVE-2010-2169\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169\n [ 21 ] CVE-2010-2170\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170\n [ 22 ] CVE-2010-2171\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171\n [ 23 ] CVE-2010-2172\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172\n [ 24 ] CVE-2010-2173\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173\n [ 25 ] CVE-2010-2174\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174\n [ 26 ] CVE-2010-2175\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175\n [ 27 ] CVE-2010-2176\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176\n [ 28 ] CVE-2010-2177\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177\n [ 29 ] CVE-2010-2178\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178\n [ 30 ] CVE-2010-2179\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179\n [ 31 ] CVE-2010-2180\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180\n [ 32 ] CVE-2010-2181\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181\n [ 33 ] CVE-2010-2182\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182\n [ 34 ] CVE-2010-2183\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183\n [ 35 ] CVE-2010-2184\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184\n [ 36 ] CVE-2010-2185\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185\n [ 37 ] CVE-2010-2186\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186\n [ 38 ] CVE-2010-2187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187\n [ 39 ] CVE-2010-2188\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188\n [ 40 ] CVE-2010-2189\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189\n [ 41 ] CVE-2010-2213\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213\n [ 42 ] CVE-2010-2214\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214\n [ 43 ] CVE-2010-2215\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215\n [ 44 ] CVE-2010-2216\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216\n [ 45 ] CVE-2010-2884\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884\n [ 46 ] CVE-2010-3636\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636\n [ 47 ] CVE-2010-3639\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639\n [ 48 ] CVE-2010-3640\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640\n [ 49 ] CVE-2010-3641\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641\n [ 50 ] CVE-2010-3642\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642\n [ 51 ] CVE-2010-3643\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643\n [ 52 ] CVE-2010-3644\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644\n [ 53 ] CVE-2010-3645\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645\n [ 54 ] CVE-2010-3646\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646\n [ 55 ] CVE-2010-3647\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647\n [ 56 ] CVE-2010-3648\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648\n [ 57 ] CVE-2010-3649\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649\n [ 58 ] CVE-2010-3650\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650\n [ 59 ] CVE-2010-3652\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652\n [ 60 ] CVE-2010-3654\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654\n [ 61 ] CVE-2010-3976\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201101-09.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n\n. \n\nFor more information:\nSA38547\nSA40026\nSA40907\nSA41434\nSA41917\n\nSOLUTION:\nUpdate to version \"www-plugins/adobe-flash-10.1.102.64\" or later. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. \n\nJoin the beta: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Flash Player Unspecified Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA41917\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/41917/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nRELEASE DATE:\n2010-10-29\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/41917/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/41917/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in Adobe Flash Player, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is confirmed in version 10.1.85.3 running on a\nfully patched Windows XP Professional SP3. Other versions may also be\naffected. \n\nNOTE: The vulnerability is currently being actively exploited. \n\nSOLUTION:\nAdobe plans to release a fixed version on November 9, 2010. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported as a 0-day. \n\nORIGINAL ADVISORY:\nAdobe APSA10-05:\nhttp://www.adobe.com/support/security/advisories/apsa10-05.html\n\nMila Parkour:\nhttp://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This fixes multiple\nvulnerabilities, which can be exploited by malicious people to\ndisclose sensitive information, bypass certain security restrictions,\nor compromise a user\u0027s system. \n\nFor more information:\nSA41917\n\nSOLUTION:\nUpdated packages are available via Red Hat Network", "sources": [ { "db": "NVD", "id": "CVE-2010-3647" }, { "db": "JVNDB", "id": "JVNDB-2010-002331" }, { "db": "BID", "id": "44683" }, { "db": "VULHUB", "id": "VHN-46252" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-3647", "trust": 2.9 }, { "db": "BID", "id": "44683", "trust": 2.8 }, { "db": "VUPEN", "id": "ADV-2010-2903", "trust": 2.5 }, { "db": "SECUNIA", "id": "42926", "trust": 1.8 }, { "db": "SECUNIA", "id": "42183", "trust": 1.8 }, { "db": "SECUNIA", "id": "43026", "trust": 1.8 }, { "db": "VUPEN", "id": "ADV-2011-0173", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-2918", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-2906", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2011-0192", "trust": 1.7 }, { "db": "SECUNIA", "id": "41917", "trust": 0.9 }, { "db": "JVNDB", "id": "JVNDB-2010-002331", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201011-079", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-46252", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97654", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97735", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97788", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95253", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95657", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-46252" }, { "db": "BID", "id": "44683" }, { "db": "JVNDB", "id": "JVNDB-2010-002331" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-079" }, { "db": "NVD", "id": "CVE-2010-3647" } ] }, "id": "VAR-201011-0240", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-46252" } ], "trust": 0.01 }, "last_update_date": "2024-05-18T22:05:42.446000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB10-26", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "title": "cpsid_87813", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/878/cpsid_87813.html" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435?viewlocale=ja_jp" }, { "title": "RHSA-2010:0829", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0829.html" }, { "title": "RHSA-2010:0834", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0834.html" }, { "title": "RHSA-2010:0867", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0867.html" }, { "title": "multiple_vulnerabilities_in_adobe_flash1", "trust": 0.8, "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" }, { "title": "flash-player-10.1.10 2.64-0.1.1.i586", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35063" }, { "title": "MacOSXUpdCombo10.6.5", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35062" }, { "title": "install_flash_player_10.1.102.64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35061" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002331" }, { "db": "CNNVD", "id": "CNNVD-201011-079" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3647" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://www.securityfocus.com/bid/44683" }, { "trust": 2.5, "url": "http://www.vupen.com/english/advisories/2010/2903" }, { "trust": 2.1, "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" }, { "trust": 2.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html" }, { "trust": 1.7, "url": "http://support.apple.com/kb/ht4435" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12095" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16160" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0829.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0834.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0867.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42183" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42926" }, { "trust": 1.7, "url": "http://secunia.com/advisories/43026" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/2906" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/2918" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2011/0173" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2011/0192" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3647" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20101105-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2010/at100029.txt" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu331391" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3647" }, { "trust": 0.8, "url": "http://secunia.com/advisories/41917" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.4, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.4, "url": "http://secunia.com/products/corporate/vim/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.4, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.4, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.3, "url": "http://www.adobe.com/products/flash/" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=130331642631603\u0026amp;w=2" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42926/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42926" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42926/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3639" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2181" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2161" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2174" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3644" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2215" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2171" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2162" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2181" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4546" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4546" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2180" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2171" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2180" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2164" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2179" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2169" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3648" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2164" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2173" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3654" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3793" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2177" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3645" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2179" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2165" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2172" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3976" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2216" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-16.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2173" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-06.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2172" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3793" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2160" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2213" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2184" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2167" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3646" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2169" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2175" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2214" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2178" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2165" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2188" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2189" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3643" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2161" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3636" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3641" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2174" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3650" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2183" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2178" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2170" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2177" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3652" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2162" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3640" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2170" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-22.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2175" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3649" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2167" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2884" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3642" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/advisories/43026/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43026/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43026" }, { "trust": 0.1, "url": "http://www.gentoo.org/security/en/glsa/glsa-201101-09.xml" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa10-05.html" }, { "trust": 0.1, "url": "http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42183" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42183/#comments" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2010-0829.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42183/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-46252" }, { "db": "BID", "id": "44683" }, { "db": "JVNDB", "id": "JVNDB-2010-002331" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-079" }, { "db": "NVD", "id": "CVE-2010-3647" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-46252" }, { "db": "BID", "id": "44683" }, { "db": "JVNDB", "id": "JVNDB-2010-002331" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-079" }, { "db": "NVD", "id": "CVE-2010-3647" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-11-07T00:00:00", "db": "VULHUB", "id": "VHN-46252" }, { "date": "2010-11-04T00:00:00", "db": "BID", "id": "44683" }, { "date": "2010-11-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002331" }, { "date": "2011-01-19T04:51:35", "db": "PACKETSTORM", "id": "97654" }, { "date": "2011-01-21T21:15:05", "db": "PACKETSTORM", "id": "97735" }, { "date": "2011-01-24T07:05:29", "db": "PACKETSTORM", "id": "97788" }, { "date": "2010-10-29T05:44:30", "db": "PACKETSTORM", "id": "95253" }, { "date": "2010-11-09T02:06:41", "db": "PACKETSTORM", "id": "95657" }, { "date": "2010-11-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-079" }, { "date": "2010-11-07T22:00:02.330000", "db": "NVD", "id": "CVE-2010-3647" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-46252" }, { "date": "2013-06-20T09:40:00", "db": "BID", "id": "44683" }, { "date": "2011-02-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002331" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-079" }, { "date": "2024-05-17T17:17:35.823000", "db": "NVD", "id": "CVE-2010-3647" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "97735" }, { "db": "CNNVD", "id": "CNNVD-201011-079" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002331" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201011-079" } ], "trust": 0.6 } }
var-201105-0043
Vulnerability from variot
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0620, CVE-2011-0621, and CVE-2011-0622. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Malware can exploit this vulnerability via .swf files embedded in .doc files or .xls file attachments in emails to attack the Windows platform. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUSE Security Announcement
Package: flash-player
Announcement ID: SUSE-SA:2011:025
Date: Tue, 17 May 2011 12:00:00 +0000
Affected Products: openSUSE 11.3
openSUSE 11.4
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 10 SP4
Vulnerability Type: remote code execution
CVSS v2 Base Score: 6.8
SUSE Default Package: yes
Cross-References: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619
CVE-2011-0620, CVE-2011-0621, CVE-2011-0622
CVE-2011-0623, CVE-2011-0624, CVE-2011-0625
CVE-2011-0626, CVE-2011-0627
Content of This Advisory:
1) Problem Description
flash-player security update to 10.3
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
6) Authenticity Verification and Additional Information
1) Problem Description and Brief Discussion
Flash Player has been updated to version 10.3, fixing bugs and security issues. - CVE-2011-0589: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0618: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Numeric Errors (CWE-189) - CVE-2011-0619: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0620: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0621: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0622: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0623: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0624: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0625: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0626: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0627: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20)
More information can be found on: http://www.adobe.com/support/security/bulletins/apsb11-12.html
2) Solution or Work-Around
If supported by the browser, you can disable the flash plugin.
3) Special Instructions and Notes
After the flash player update has been installed, all programs utilizing the flash plugin should be restarted. In particular web browser sessions should be restarted.a
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST "Online Update" module or the "zypper" commandline tool. The package and patch management stack will detect which updates are required and automatically perform the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing
x86 Platform:
openSUSE 11.4: http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm
openSUSE 11.3: http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm
Sources:
openSUSE 11.4: http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm
openSUSE 11.3: http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm
Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web:
SUSE Linux Enterprise Desktop 10 SP4 http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69
SUSE Linux Enterprise Desktop 11 SP1 http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
-
Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file and run the command
gpg --verify
replacing
with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made
using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team security@suse.de" where
is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
-
Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with.
The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command
rpm -v --checksig
to verify the signature of the package, replacing
with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement.
-
SUSE runs two security mailing lists to which any interested party may subscribe:
opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to opensuse-security+subscribe@opensuse.org.
opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to opensuse-security-announce+subscribe@opensuse.org. The security@suse.de public key is listed below. =====================================================================
The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team security@suse.de pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key build@suse.de
- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux)
iQEVAwUBTdOSuney5gA9JdPZAQITxQf/Y5fPRPXZbk6J7KRCjiGoJ+zIfmIijKeh fF4WiLL02eRbTKbn/gVtb/bmxoRGRO6Np5q1XDjj253EWUc0Zn/oDWiXQzRvmir6 3os2rjBfUGirpfVzAv0qSAiD7XbMUo/ohvcUwhAxb2PaWipRnynMzUANcARSJ924 6YMitvr1IF+i8xDF8yThCFkkyjkDuBPzgomB6zs1/Fd+ku04mMFHLVYpf22DQcGh wYvHo46lMWURt+aLEu0TJ07OEocaARYfzwqUYuY/4FZ4ias+I1GjCjL1WldQxeA9 rQ3AGEZ9YVARnkg4CwRHWcYlyYwobanDykmODfu20DWM0FOofrH6xw== =mivB -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
For more information: SA44590
SOLUTION: Updated packages are available via Red Hat Network.
For more information: SA44590
2) An error within WebKit glue may result in an incorrect type cast.
3) Multiple integer overflow errors exist within the handling of SVG filters.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers and Adobe Security Advisories and Bulletins referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10"
References
[ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201110-11.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/
TITLE: Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA43269
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43269/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43269
RELEASE DATE: 2011-06-16
DISCUSS ADVISORY: http://secunia.com/advisories/43269/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43269/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43269
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Reader / Acrobat, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
1) An error in 3difr.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
2) An error in tesselate.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
3) An unspecified error can be exploited to cause a heap-based buffer overflow.
4) An integer overflow error in ACE.dll when parsing the "desc" ICC chunk can be exploited to corrupt memory via a specially crafted PDF file.
5) An unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to corrupt memory.
7) An error due to the application loading certain unspecified libraries in an insecure manner can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share.
9) An unspecified error can be exploited to bypass certain security restrictions.
This vulnerability affects Adobe Reader and Acrobat X 10.x only.
10) An unspecified error can be exploited to corrupt memory.
This vulnerability affects 8.x versions only.
11) An unspecified error can be exploited to corrupt memory.
12) An unspecified error can be exploited to corrupt memory.
13) An unspecified error can be exploited to corrupt memory.
For more information: SA44590 SA44846
The vulnerabilities are reported in the following products: * Adobe Reader X (10.0.1) and earlier for Windows. * Adobe Reader X (10.0.3) and earlier for Macintosh. * Adobe Reader 9.4.4 and earlier for Windows and Macintosh. * Adobe Reader 8.2.6 and earlier for Windows and Macintosh. * Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. * Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. * Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh.
SOLUTION: Apply updates (please see the vendor's advisory for details).
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: 1, 2) An anonymous person via ZDI. 4) Secunia Research.
The vendor also credits: 3, 6) Tarjei Mandt, Norman. 5) Rodrigo Rubira Branco. 7) Mila Parkour. 8) Billy Rios, Google Security Team. 9) Christian Navarrete, CubilFelino Security Research Lab. 10) Tavis Ormandy, Google Security Team. 11) Brett Gervasoni, Sense of Security. 12) Will Dormann, CERT/CC. 13) James Quirk, Los Alamos, New Mexico.
ORIGINAL ADVISORY: Adobe (APSB11-16): http://www.adobe.com/support/security/bulletins/apsb11-16.html
Secunia Research: http://secunia.com/secunia_research/2011-41/
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-218/ http://www.zerodayinitiative.com/advisories/ZDI-11-219/
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201105-0043", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.154.25" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.156.12" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.154.13" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.106.16" }, { "model": "flash player", "scope": "lte", "trust": 1.8, "vendor": "adobe", "version": "10.2.159.1" }, { "model": "flash player", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "10.1.92.8" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.2.152.33" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.24.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.63" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.35.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.14.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.28" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.1.52.14.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.67.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.33.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.0.584" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.1.52.15" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.2" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.262.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.112.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.2.152" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.69.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.68.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.25" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.21.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.22.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.16" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.61.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.12.10" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.53.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.18d60" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.66.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.155.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.34.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.45.2" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.283.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.24.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.79" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.42.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.39.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.19.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.31" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.73.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.2.152.32" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.70.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.114.0" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.2.157.51" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.60.0" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.2.157.51" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.2.159.1" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs4 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.2.154.28 for chrome users" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.2.157.51 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary eus", "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "rhel supplementary eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6.z (server)" }, { "model": "rhel supplementary long life", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6 (server)" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "freeflow print server 73.b0.73", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.152.21" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.3.185.21" }, { "model": "hat enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "freeflow print server 73.a3.31", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "flash cs4 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.3.181.14" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "flash cs5 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" }, { "model": "solaris express", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.24" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.4" }, { "model": "hat enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.27" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.18" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.28" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.153.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "hat enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.65" } ], "sources": [ { "db": "BID", "id": "47806" }, { "db": "JVNDB", "id": "JVNDB-2011-001645" }, { "db": "NVD", "id": "CVE-2011-0619" }, { "db": "CNNVD", "id": "CNNVD-201105-172" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.277.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.102.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.283.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.154.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2.159.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.154.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.105.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.106.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.156.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2.157.51", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2011-0619" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Secunia", "sources": [ { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" } ], "trust": 0.4 }, "cve": "CVE-2011-0619", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2011-0619", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-48564", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2011-0619", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201105-172", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-48564", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-48564" }, { "db": "JVNDB", "id": "JVNDB-2011-001645" }, { "db": "NVD", "id": "CVE-2011-0619" }, { "db": "CNNVD", "id": "CNNVD-201105-172" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0620, CVE-2011-0621, and CVE-2011-0622. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Malware can exploit this vulnerability via .swf files embedded in .doc files or .xls file attachments in emails to attack the Windows platform. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n______________________________________________________________________________\n\n SUSE Security Announcement\n\n Package: flash-player\n Announcement ID: SUSE-SA:2011:025\n Date: Tue, 17 May 2011 12:00:00 +0000\n Affected Products: openSUSE 11.3\n openSUSE 11.4\n SUSE Linux Enterprise Desktop 11 SP1\n SUSE Linux Enterprise Desktop 10 SP4\n Vulnerability Type: remote code execution\n CVSS v2 Base Score: 6.8\n SUSE Default Package: yes\n Cross-References: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619\n CVE-2011-0620, CVE-2011-0621, CVE-2011-0622\n CVE-2011-0623, CVE-2011-0624, CVE-2011-0625\n CVE-2011-0626, CVE-2011-0627\n\n Content of This Advisory:\n 1) Problem Description\n flash-player security update to 10.3\n 2) Solution or Work-Around\n 3) Special Instructions and Notes\n 4) Package Location and Checksums\n 5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n 6) Authenticity Verification and Additional Information\n\n______________________________________________________________________________\n\n1) Problem Description and Brief Discussion\n\n Flash Player has been updated to version 10.3, fixing bugs\n and security issues. \n - CVE-2011-0589: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0618: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Numeric Errors (CWE-189)\n - CVE-2011-0619: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0620: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0621: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0622: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0623: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0624: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0625: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0626: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0627: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n \n More information can be found on:\n http://www.adobe.com/support/security/bulletins/apsb11-12.html\n\n2) Solution or Work-Around\n\n If supported by the browser, you can disable the flash plugin. \n\n3) Special Instructions and Notes\n\n After the flash player update has been installed, all programs utilizing\n the flash plugin should be restarted. In particular web browser sessions\n should be restarted.a\n\n4) Package Location and Checksums\n\n The preferred method for installing security updates is to use the YaST\n \"Online Update\" module or the \"zypper\" commandline tool. The package and\n patch management stack will detect which updates are required and\n automatically perform the necessary steps to verify and install them. \n\n Alternatively, download the update packages for your distribution manually\n and verify their integrity by the methods listed in Section 6 of this\n announcement. Then install the packages using the command\n\n rpm -Fhv \u003cfile.rpm\u003e\n\n to apply the update, replacing \u003cfile.rpm\u003e with the filename of the\n downloaded RPM package. \n\n \n x86 Platform:\n \n openSUSE 11.4:\n http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm\n \n openSUSE 11.3:\n http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm\n \n Sources:\n \n openSUSE 11.4:\n http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm\n \n openSUSE 11.3:\n http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm\n \n Our maintenance customers are notified individually. The packages are\n offered for installation from the maintenance web:\n \n SUSE Linux Enterprise Desktop 10 SP4\n http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69\n \n SUSE Linux Enterprise Desktop 11 SP1\n http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad\n\n______________________________________________________________________________\n\n5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n\n See SUSE Security Summary Report. \n\n______________________________________________________________________________\n\n6) Authenticity Verification and Additional Information\n\n - Announcement authenticity verification:\n\n SUSE security announcements are published via mailing lists and on Web\n sites. The authenticity and integrity of a SUSE security announcement is\n guaranteed by a cryptographic signature in each announcement. All SUSE\n security announcements are published with a valid signature. \n\n To verify the signature of the announcement, save it as text into a file\n and run the command\n\n gpg --verify \u003cfile\u003e\n\n replacing \u003cfile\u003e with the name of the file where you saved the\n announcement. The output for a valid signature looks like:\n\n gpg: Signature made \u003cDATE\u003e using RSA key ID 3D25D3D9\n gpg: Good signature from \"SuSE Security Team \u003csecurity@suse.de\u003e\"\n\n where \u003cDATE\u003e is replaced by the date the document was signed. \n\n If the security team\u0027s key is not contained in your key ring, you can\n import it from the first installation CD. To import the key, use the\n command\n\n gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc\n\n - Package authenticity verification:\n\n SUSE update packages are available on many mirror FTP servers all over the\n world. While this service is considered valuable and important to the free\n and open source software community, the authenticity and the integrity of\n a package needs to be verified to ensure that it has not been tampered\n with. \n\n The internal rpm package signatures provide an easy way to verify the\n authenticity of an RPM package. Use the command\n\n rpm -v --checksig \u003cfile.rpm\u003e\n\n to verify the signature of the package, replacing \u003cfile.rpm\u003e with the\n filename of the RPM package downloaded. The package is unmodified if it\n contains a valid signature from build@suse.de with the key ID 9C800ACA. \n\n This key is automatically imported into the RPM database (on\n RPMv4-based distributions) and the gpg key ring of \u0027root\u0027 during\n installation. You can also find it on the first installation CD and at\n the end of this announcement. \n\n - SUSE runs two security mailing lists to which any interested party may\n subscribe:\n\n opensuse-security@opensuse.org\n - General Linux and SUSE security discussion. \n All SUSE security announcements are sent to this list. \n To subscribe, send an e-mail to\n \u003copensuse-security+subscribe@opensuse.org\u003e. \n\n opensuse-security-announce@opensuse.org\n - SUSE\u0027s announce-only mailing list. \n Only SUSE\u0027s security announcements are sent to this list. \n To subscribe, send an e-mail to\n \u003copensuse-security-announce+subscribe@opensuse.org\u003e. \n The \u003csecurity@suse.de\u003e public key is listed below. \n =====================================================================\n______________________________________________________________________________\n\n The information in this advisory may be distributed or reproduced,\n provided that the advisory is not modified in any way. In particular, the\n clear text signature should show proof of the authenticity of the text. \n\n SUSE Linux Products GmbH provides no warranties of any kind whatsoever\n with respect to the information contained in this security advisory. \n\nType Bits/KeyID Date User ID\npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team \u003csecurity@suse.de\u003e\npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key \u003cbuild@suse.de\u003e\n\n- -----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1.4.2 (GNU/Linux)\n\nmQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA\nBqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz\nJR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh\n1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U\nP7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+\ncZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg\nVGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b\nyHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7\ntQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ\nxG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63\nOm8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo\nchoXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI\nBkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u\nv/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+\nx9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0\nIx30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq\nMkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2\nsaqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o\nL0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU\nF7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS\nFQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW\ntp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It\nKlj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF\nAjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+\n3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk\nYS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP\n+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR\n8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U\n8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S\ncZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh\nELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB\nUVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo\nAqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n\nKFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi\nBBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro\nnIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg\nKL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx\nyoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn\nB/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV\nwM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh\nUzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF\n5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3\nD3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu\nzgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd\n9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi\na5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13\nCNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp\n271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE\nt5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG\nB/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw\nrbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt\nIJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL\nrWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H\nRKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa\ng8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA\nCspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO\n=ypVs\n- -----END PGP PUBLIC KEY BLOCK-----\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.9 (GNU/Linux)\n\niQEVAwUBTdOSuney5gA9JdPZAQITxQf/Y5fPRPXZbk6J7KRCjiGoJ+zIfmIijKeh\nfF4WiLL02eRbTKbn/gVtb/bmxoRGRO6Np5q1XDjj253EWUc0Zn/oDWiXQzRvmir6\n3os2rjBfUGirpfVzAv0qSAiD7XbMUo/ohvcUwhAxb2PaWipRnynMzUANcARSJ924\n6YMitvr1IF+i8xDF8yThCFkkyjkDuBPzgomB6zs1/Fd+ku04mMFHLVYpf22DQcGh\nwYvHo46lMWURt+aLEu0TJ07OEocaARYfzwqUYuY/4FZ4ias+I1GjCjL1WldQxeA9\nrQ3AGEZ9YVARnkg4CwRHWcYlyYwobanDykmODfu20DWM0FOofrH6xw==\n=mivB\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\nFor more information:\nSA44590\n\nSOLUTION:\nUpdated packages are available via Red Hat Network. \n\nFor more information:\nSA44590\n\n2) An error within WebKit glue may result in an incorrect type cast. \n\n3) Multiple integer overflow errors exist within the handling of SVG\nfilters. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers and Adobe Security Advisories and\nBulletins referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=www-plugins/adobe-flash-10.3.183.10\"\n\nReferences\n==========\n\n[ 1 ] APSA11-01\n http://www.adobe.com/support/security/advisories/apsa11-01.html\n[ 2 ] APSA11-02\n http://www.adobe.com/support/security/advisories/apsa11-02.html\n[ 3 ] APSB11-02\n http://www.adobe.com/support/security/bulletins/apsb11-02.html\n[ 4 ] APSB11-12\n http://www.adobe.com/support/security/bulletins/apsb11-12.html\n[ 5 ] APSB11-13\n http://www.adobe.com/support/security/bulletins/apsb11-13.html\n[ 6 ] APSB11-21\n https://www.adobe.com/support/security/bulletins/apsb11-21.html\n[ 7 ] APSB11-26\n https://www.adobe.com/support/security/bulletins/apsb11-26.html\n[ 8 ] CVE-2011-0558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558\n[ 9 ] CVE-2011-0559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559\n[ 10 ] CVE-2011-0560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560\n[ 11 ] CVE-2011-0561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561\n[ 12 ] CVE-2011-0571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571\n[ 13 ] CVE-2011-0572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572\n[ 14 ] CVE-2011-0573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573\n[ 15 ] CVE-2011-0574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574\n[ 16 ] CVE-2011-0575\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575\n[ 17 ] CVE-2011-0577\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577\n[ 18 ] CVE-2011-0578\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578\n[ 19 ] CVE-2011-0579\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579\n[ 20 ] CVE-2011-0589\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589\n[ 21 ] CVE-2011-0607\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607\n[ 22 ] CVE-2011-0608\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608\n[ 23 ] CVE-2011-0609\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609\n[ 24 ] CVE-2011-0611\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611\n[ 25 ] CVE-2011-0618\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618\n[ 26 ] CVE-2011-0619\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619\n[ 27 ] CVE-2011-0620\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620\n[ 28 ] CVE-2011-0621\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621\n[ 29 ] CVE-2011-0622\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622\n[ 30 ] CVE-2011-0623\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623\n[ 31 ] CVE-2011-0624\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624\n[ 32 ] CVE-2011-0625\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625\n[ 33 ] CVE-2011-0626\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626\n[ 34 ] CVE-2011-0627\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627\n[ 35 ] CVE-2011-0628\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628\n[ 36 ] CVE-2011-2107\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107\n[ 37 ] CVE-2011-2110\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110\n[ 38 ] CVE-2011-2125\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135\n[ 39 ] CVE-2011-2130\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130\n[ 40 ] CVE-2011-2134\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134\n[ 41 ] CVE-2011-2136\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136\n[ 42 ] CVE-2011-2137\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137\n[ 43 ] CVE-2011-2138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138\n[ 44 ] CVE-2011-2139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139\n[ 45 ] CVE-2011-2140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140\n[ 46 ] CVE-2011-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414\n[ 47 ] CVE-2011-2415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415\n[ 48 ] CVE-2011-2416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416\n[ 49 ] CVE-2011-2417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417\n[ 50 ] CVE-2011-2424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424\n[ 51 ] CVE-2011-2425\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425\n[ 52 ] CVE-2011-2426\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426\n[ 53 ] CVE-2011-2427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427\n[ 54 ] CVE-2011-2428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428\n[ 55 ] CVE-2011-2429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429\n[ 56 ] CVE-2011-2430\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430\n[ 57 ] CVE-2011-2444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201110-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. ----------------------------------------------------------------------\n\n\nJoin Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria\nSee to the presentation \"The Dynamics and Threats of End-Point Software Portfolios\" by Secunia\u0027s Research Analyst Director, Stefan Frei. \nRead more:\nhttp://conference.first.org/ \n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Reader / Acrobat Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA43269\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43269/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269\n\nRELEASE DATE:\n2011-06-16\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43269/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43269/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Adobe Reader /\nAcrobat, which can be exploited by malicious people to conduct\ncross-site scripting attacks, disclose potentially sensitive\ninformation, bypass certain security restrictions, and compromise a\nuser\u0027s system. \n\n1) An error in 3difr.x3d due to the component trusting the provided\nstring length when processing certain files can be exploited to cause\na stack-based buffer overflow. \n\n2) An error in tesselate.x3d due to the component trusting the\nprovided string length when processing certain files can be exploited\nto cause a stack-based buffer overflow. \n\n3) An unspecified error can be exploited to cause a heap-based buffer\noverflow. \n\n4) An integer overflow error in ACE.dll when parsing the \"desc\" ICC\nchunk can be exploited to corrupt memory via a specially crafted PDF\nfile. \n\n5) An unspecified error can be exploited to corrupt memory. \n\n6) An unspecified error can be exploited to corrupt memory. \n\n7) An error due to the application loading certain unspecified\nlibraries in an insecure manner can be exploited to load arbitrary\nlibraries by tricking a user into e.g. opening a file located on a\nremote WebDAV or SMB share. \n\n9) An unspecified error can be exploited to bypass certain security\nrestrictions. \n\nThis vulnerability affects Adobe Reader and Acrobat X 10.x only. \n\n10) An unspecified error can be exploited to corrupt memory. \n\nThis vulnerability affects 8.x versions only. \n\n11) An unspecified error can be exploited to corrupt memory. \n\n12) An unspecified error can be exploited to corrupt memory. \n\n13) An unspecified error can be exploited to corrupt memory. \n\nFor more information:\nSA44590\nSA44846\n\nThe vulnerabilities are reported in the following products:\n* Adobe Reader X (10.0.1) and earlier for Windows. \n* Adobe Reader X (10.0.3) and earlier for Macintosh. \n* Adobe Reader 9.4.4 and earlier for Windows and Macintosh. \n* Adobe Reader 8.2.6 and earlier for Windows and Macintosh. \n* Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. \n* Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. \n* Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh. \n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\n1, 2) An anonymous person via ZDI. \n4) Secunia Research. \n\nThe vendor also credits:\n3, 6) Tarjei Mandt, Norman. \n5) Rodrigo Rubira Branco. \n7) Mila Parkour. \n8) Billy Rios, Google Security Team. \n9) Christian Navarrete, CubilFelino Security Research Lab. \n10) Tavis Ormandy, Google Security Team. \n11) Brett Gervasoni, Sense of Security. \n12) Will Dormann, CERT/CC. \n13) James Quirk, Los Alamos, New Mexico. \n\nORIGINAL ADVISORY:\nAdobe (APSB11-16):\nhttp://www.adobe.com/support/security/bulletins/apsb11-16.html\n\nSecunia Research:\nhttp://secunia.com/secunia_research/2011-41/\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-218/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-219/\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2011-0619" }, { "db": "JVNDB", "id": "JVNDB-2011-001645" }, { "db": "BID", "id": "47806" }, { "db": "VULHUB", "id": "VHN-48564" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-0619", "trust": 3.0 }, { "db": "BID", "id": "47806", "trust": 1.2 }, { "db": "SECUNIA", "id": "43269", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2011-001645", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201105-172", "trust": 0.7 }, { "db": "SECUNIA", "id": "44568", "trust": 0.7 }, { "db": "SECUNIA", "id": "44591", "trust": 0.7 }, { "db": "SECUNIA", "id": "44590", "trust": 0.7 }, { "db": "NSFOCUS", "id": "16829", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-48564", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101520", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101403", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101417", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105802", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-218", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-219", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "102309", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101414", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48564" }, { "db": "BID", "id": "47806" }, { "db": "JVNDB", "id": "JVNDB-2011-001645" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0619" }, { "db": "CNNVD", "id": "CNNVD-201105-172" } ] }, "id": "VAR-201105-0043", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-48564" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:14:45.132000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB11-12", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "title": "cpsid_90300", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/903/cpsid_90300.html" }, { "title": "APSB11-12", "trust": 0.8, "url": "http://www.adobe.com/jp/support/security/bulletins/apsb11-12.html" }, { "title": "RHSA-2011:0511", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2011-0511.html" }, { "title": "Multiple vulnerabilities in Adobe Flashplayer", "trust": 0.8, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001645" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48564" }, { "db": "JVNDB", "id": "JVNDB-2011-001645" }, { "db": "NVD", "id": "CVE-2011-0619" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14088" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16141" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0619" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20110513-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2011/at110013.txt" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0619" }, { "trust": 0.8, "url": "http://secunia.com/advisories/43269" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/47806" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44568" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44590" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44591" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/16829" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.4, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.4, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.3, "url": "http://www.adobe.com" }, { "trust": 0.3, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/127e996-10b83-4ab94539ab540/cert_xrx11-003_v1.0.pdf" }, { "trust": 0.3, "url": "http://twitter.com/secunia" }, { "trust": 0.3, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.3, "url": "http://www.facebook.com/secunia" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0624" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0627" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0619" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0626" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0622" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0618" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0625" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0589" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0621" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0623" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0620" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm" }, { "trust": 0.1, "url": "http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm" }, { "trust": 0.1, "url": "http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44568/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44568" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44568/" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-0511.html" }, { "trust": 0.1, "url": "http://feeds.feedburner.com/googlechromereleases" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44591/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44591/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44591" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0579" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0626" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2414" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2417" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0575" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0607" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2135" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0621" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0624" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2425" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2107" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2416" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-02.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2110" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0575" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2424" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0559" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-21.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2426" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0620" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0579" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-13.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0578" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2130" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2134" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0619" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2137" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2138" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2136" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0578" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0623" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0577" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0589" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0627" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2428" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-26.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0607" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2430" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2427" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201110-11.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2140" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0559" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0625" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-01.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0622" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0618" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0577" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43269/" }, { "trust": 0.1, "url": "http://conference.first.org/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43269/#comments" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-16.html" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-218/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-219/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_research/2011-41/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44590/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44590/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44590" } ], "sources": [ { "db": "VULHUB", "id": "VHN-48564" }, { "db": "BID", "id": "47806" }, { "db": "JVNDB", "id": "JVNDB-2011-001645" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0619" }, { "db": "CNNVD", "id": "CNNVD-201105-172" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-48564" }, { "db": "BID", "id": "47806" }, { "db": "JVNDB", "id": "JVNDB-2011-001645" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0619" }, { "db": "CNNVD", "id": "CNNVD-201105-172" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-05-13T00:00:00", "db": "VULHUB", "id": "VHN-48564" }, { "date": "2011-05-12T00:00:00", "db": "BID", "id": "47806" }, { "date": "2011-05-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001645" }, { "date": "2011-05-18T14:23:49", "db": "PACKETSTORM", "id": "101520" }, { "date": "2011-05-13T05:29:19", "db": "PACKETSTORM", "id": "101403" }, { "date": "2011-05-15T11:28:00", "db": "PACKETSTORM", "id": "101417" }, { "date": "2011-10-14T06:16:06", "db": "PACKETSTORM", "id": "105802" }, { "date": "2011-06-16T02:14:44", "db": "PACKETSTORM", "id": "102309" }, { "date": "2011-05-15T11:27:52", "db": "PACKETSTORM", "id": "101414" }, { "date": "2011-05-13T22:55:01.253000", "db": "NVD", "id": "CVE-2011-0619" }, { "date": "2011-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201105-172" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-30T00:00:00", "db": "VULHUB", "id": "VHN-48564" }, { "date": "2013-06-20T09:38:00", "db": "BID", "id": "47806" }, { "date": "2011-08-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001645" }, { "date": "2018-10-30T16:26:24.687000", "db": "NVD", "id": "CVE-2011-0619" }, { "date": "2011-05-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201105-172" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "105802" }, { "db": "CNNVD", "id": "CNNVD-201105-172" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001645" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer overflow", "sources": [ { "db": "CNNVD", "id": "CNNVD-201105-172" } ], "trust": 0.6 } }
var-201011-0232
Vulnerability from variot
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Adobe Flash Player is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected application to stop responding or crash. Due to the nature of this issue, arbitrary code-execution may be possible; this has not been confirmed. NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below.
Impact
A remote attacker could entice a user to open a specially crafted SWF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest stable version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
[ 1 ] APSB10-06 http://www.adobe.com/support/security/bulletins/apsb10-06.html [ 2 ] APSB10-14 http://www.adobe.com/support/security/bulletins/apsb10-14.html [ 3 ] APSB10-16 http://www.adobe.com/support/security/bulletins/apsb10-16.html [ 4 ] APSB10-22 http://www.adobe.com/support/security/bulletins/apsb10-22.html [ 5 ] APSB10-26 http://www.adobe.com/support/security/bulletins/apsb10-26.html [ 6 ] CVE-2008-4546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546 [ 7 ] CVE-2009-3793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793 [ 8 ] CVE-2010-0186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186 [ 9 ] CVE-2010-0187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187 [ 10 ] CVE-2010-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209 [ 11 ] CVE-2010-1297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297 [ 12 ] CVE-2010-2160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160 [ 13 ] CVE-2010-2161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161 [ 14 ] CVE-2010-2162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162 [ 15 ] CVE-2010-2163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163 [ 16 ] CVE-2010-2164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164 [ 17 ] CVE-2010-2165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165 [ 18 ] CVE-2010-2166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166 [ 19 ] CVE-2010-2167 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167 [ 20 ] CVE-2010-2169 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169 [ 21 ] CVE-2010-2170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170 [ 22 ] CVE-2010-2171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171 [ 23 ] CVE-2010-2172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172 [ 24 ] CVE-2010-2173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173 [ 25 ] CVE-2010-2174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174 [ 26 ] CVE-2010-2175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175 [ 27 ] CVE-2010-2176 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176 [ 28 ] CVE-2010-2177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177 [ 29 ] CVE-2010-2178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178 [ 30 ] CVE-2010-2179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179 [ 31 ] CVE-2010-2180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180 [ 32 ] CVE-2010-2181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181 [ 33 ] CVE-2010-2182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182 [ 34 ] CVE-2010-2183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183 [ 35 ] CVE-2010-2184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184 [ 36 ] CVE-2010-2185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185 [ 37 ] CVE-2010-2186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186 [ 38 ] CVE-2010-2187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187 [ 39 ] CVE-2010-2188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188 [ 40 ] CVE-2010-2189 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189 [ 41 ] CVE-2010-2213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213 [ 42 ] CVE-2010-2214 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214 [ 43 ] CVE-2010-2215 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215 [ 44 ] CVE-2010-2216 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216 [ 45 ] CVE-2010-2884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884 [ 46 ] CVE-2010-3636 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636 [ 47 ] CVE-2010-3639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639 [ 48 ] CVE-2010-3640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640 [ 49 ] CVE-2010-3641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641 [ 50 ] CVE-2010-3642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642 [ 51 ] CVE-2010-3643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643 [ 52 ] CVE-2010-3644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644 [ 53 ] CVE-2010-3645 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645 [ 54 ] CVE-2010-3646 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646 [ 55 ] CVE-2010-3647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647 [ 56 ] CVE-2010-3648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648 [ 57 ] CVE-2010-3649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649 [ 58 ] CVE-2010-3650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650 [ 59 ] CVE-2010-3652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652 [ 60 ] CVE-2010-3654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654 [ 61 ] CVE-2010-3976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information: SA38547 SA40026 SA40907 SA41434 SA41917
SOLUTION: Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta: http://secunia.com/products/corporate/vim/
TITLE: Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID: SA41917
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE: 2010-10-29
DISCUSS ADVISORY: http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been discovered in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a fully patched Windows XP Professional SP3. Other versions may also be affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION: Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day.
ORIGINAL ADVISORY: Adobe APSA10-05: http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour: http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
For more information: SA41917
SOLUTION: Updated packages are available via Red Hat Network
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201011-0232", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "10.0" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "flash player", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "air", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "2.0.4" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs3 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs4 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.95.1 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "3" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.8.z extras" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.92.8" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.0.0.584" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.0.12.10" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "air", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "2.5.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2.12610" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.4" }, { "model": "solaris express", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.01" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9130" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9120" }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.0" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" } ], "sources": [ { "db": "BID", "id": "44692" }, { "db": "JVNDB", "id": "JVNDB-2010-002323" }, { "db": "CNNVD", "id": "CNNVD-201011-087" }, { "db": "NVD", "id": "CVE-2010-3639" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.289.0", "versionStartIncluding": "9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.1.102.64", "versionStartIncluding": "10.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:sun:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.1.95.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3639" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Matthew Scott Bergin of Smash The Stack and Bergin Pen. Testing", "sources": [ { "db": "BID", "id": "44692" }, { "db": "CNNVD", "id": "CNNVD-201011-087" } ], "trust": 0.9 }, "cve": "CVE-2010-3639", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2010-3639", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-46244", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2010-3639", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201011-087", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-46244", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-46244" }, { "db": "JVNDB", "id": "JVNDB-2010-002323" }, { "db": "CNNVD", "id": "CNNVD-201011-087" }, { "db": "NVD", "id": "CVE-2010-3639" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Adobe Flash Player is prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause the affected application to stop responding or crash. Due to the nature of this issue, arbitrary code-execution may be possible; this has not been confirmed. \nNOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. For\nfurther information please consult the CVE entries and the Adobe\nSecurity Bulletins referenced below. \n\nImpact\n======\n\nA remote attacker could entice a user to open a specially crafted SWF\nfile, possibly resulting in the execution of arbitrary code with the\nprivileges of the user running the application, or a Denial of Service. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest stable\nversion:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=www-plugins/adobe-flash-10.1.102.64\"\n\nReferences\n==========\n\n [ 1 ] APSB10-06\n http://www.adobe.com/support/security/bulletins/apsb10-06.html\n [ 2 ] APSB10-14\n http://www.adobe.com/support/security/bulletins/apsb10-14.html\n [ 3 ] APSB10-16\n http://www.adobe.com/support/security/bulletins/apsb10-16.html\n [ 4 ] APSB10-22\n http://www.adobe.com/support/security/bulletins/apsb10-22.html\n [ 5 ] APSB10-26\n http://www.adobe.com/support/security/bulletins/apsb10-26.html\n [ 6 ] CVE-2008-4546\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546\n [ 7 ] CVE-2009-3793\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793\n [ 8 ] CVE-2010-0186\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186\n [ 9 ] CVE-2010-0187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187\n [ 10 ] CVE-2010-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209\n [ 11 ] CVE-2010-1297\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297\n [ 12 ] CVE-2010-2160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160\n [ 13 ] CVE-2010-2161\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161\n [ 14 ] CVE-2010-2162\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162\n [ 15 ] CVE-2010-2163\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163\n [ 16 ] CVE-2010-2164\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164\n [ 17 ] CVE-2010-2165\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165\n [ 18 ] CVE-2010-2166\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166\n [ 19 ] CVE-2010-2167\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167\n [ 20 ] CVE-2010-2169\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169\n [ 21 ] CVE-2010-2170\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170\n [ 22 ] CVE-2010-2171\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171\n [ 23 ] CVE-2010-2172\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172\n [ 24 ] CVE-2010-2173\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173\n [ 25 ] CVE-2010-2174\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174\n [ 26 ] CVE-2010-2175\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175\n [ 27 ] CVE-2010-2176\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176\n [ 28 ] CVE-2010-2177\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177\n [ 29 ] CVE-2010-2178\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178\n [ 30 ] CVE-2010-2179\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179\n [ 31 ] CVE-2010-2180\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180\n [ 32 ] CVE-2010-2181\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181\n [ 33 ] CVE-2010-2182\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182\n [ 34 ] CVE-2010-2183\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183\n [ 35 ] CVE-2010-2184\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184\n [ 36 ] CVE-2010-2185\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185\n [ 37 ] CVE-2010-2186\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186\n [ 38 ] CVE-2010-2187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187\n [ 39 ] CVE-2010-2188\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188\n [ 40 ] CVE-2010-2189\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189\n [ 41 ] CVE-2010-2213\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213\n [ 42 ] CVE-2010-2214\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214\n [ 43 ] CVE-2010-2215\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215\n [ 44 ] CVE-2010-2216\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216\n [ 45 ] CVE-2010-2884\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884\n [ 46 ] CVE-2010-3636\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636\n [ 47 ] CVE-2010-3639\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639\n [ 48 ] CVE-2010-3640\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640\n [ 49 ] CVE-2010-3641\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641\n [ 50 ] CVE-2010-3642\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642\n [ 51 ] CVE-2010-3643\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643\n [ 52 ] CVE-2010-3644\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644\n [ 53 ] CVE-2010-3645\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645\n [ 54 ] CVE-2010-3646\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646\n [ 55 ] CVE-2010-3647\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647\n [ 56 ] CVE-2010-3648\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648\n [ 57 ] CVE-2010-3649\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649\n [ 58 ] CVE-2010-3650\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650\n [ 59 ] CVE-2010-3652\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652\n [ 60 ] CVE-2010-3654\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654\n [ 61 ] CVE-2010-3976\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201101-09.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n\n. \n\nFor more information:\nSA38547\nSA40026\nSA40907\nSA41434\nSA41917\n\nSOLUTION:\nUpdate to version \"www-plugins/adobe-flash-10.1.102.64\" or later. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. \n\nJoin the beta: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Flash Player Unspecified Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA41917\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/41917/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nRELEASE DATE:\n2010-10-29\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/41917/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/41917/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in Adobe Flash Player, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is confirmed in version 10.1.85.3 running on a\nfully patched Windows XP Professional SP3. Other versions may also be\naffected. \n\nNOTE: The vulnerability is currently being actively exploited. \n\nSOLUTION:\nAdobe plans to release a fixed version on November 9, 2010. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported as a 0-day. \n\nORIGINAL ADVISORY:\nAdobe APSA10-05:\nhttp://www.adobe.com/support/security/advisories/apsa10-05.html\n\nMila Parkour:\nhttp://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This fixes multiple\nvulnerabilities, which can be exploited by malicious people to\ndisclose sensitive information, bypass certain security restrictions,\nor compromise a user\u0027s system. \n\nFor more information:\nSA41917\n\nSOLUTION:\nUpdated packages are available via Red Hat Network", "sources": [ { "db": "NVD", "id": "CVE-2010-3639" }, { "db": "JVNDB", "id": "JVNDB-2010-002323" }, { "db": "BID", "id": "44692" }, { "db": "VULHUB", "id": "VHN-46244" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" } ], "trust": 2.43 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-46244", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-46244" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-3639", "trust": 2.9 }, { "db": "BID", "id": "44692", "trust": 2.8 }, { "db": "VUPEN", "id": "ADV-2010-2903", "trust": 2.5 }, { "db": "SECUNIA", "id": "42926", "trust": 1.8 }, { "db": "SECUNIA", "id": "42183", "trust": 1.8 }, { "db": "SECUNIA", "id": "43026", "trust": 1.8 }, { "db": "VUPEN", "id": "ADV-2011-0173", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-2918", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-2906", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2011-0192", "trust": 1.7 }, { "db": "SECUNIA", "id": "41917", "trust": 0.9 }, { "db": "JVNDB", "id": "JVNDB-2010-002323", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201011-087", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "95577", "trust": 0.1 }, { "db": "EXPLOIT-DB", "id": "15426", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-70138", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-46244", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97654", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97735", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97788", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95253", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95657", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-46244" }, { "db": "BID", "id": "44692" }, { "db": "JVNDB", "id": "JVNDB-2010-002323" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-087" }, { "db": "NVD", "id": "CVE-2010-3639" } ] }, "id": "VAR-201011-0232", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-46244" } ], "trust": 0.01 }, "last_update_date": "2024-05-18T21:02:37.966000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB10-26", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "title": "cpsid_87813", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/878/cpsid_87813.html" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435?viewlocale=ja_jp" }, { "title": "RHSA-2010:0829", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0829.html" }, { "title": "RHSA-2010:0834", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0834.html" }, { "title": "RHSA-2010:0867", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0867.html" }, { "title": "multiple_vulnerabilities_in_adobe_flash1", "trust": 0.8, "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002323" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3639" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://www.securityfocus.com/bid/44692" }, { "trust": 2.5, "url": "http://www.vupen.com/english/advisories/2010/2903" }, { "trust": 2.1, "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" }, { "trust": 2.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html" }, { "trust": 1.7, "url": "http://support.apple.com/kb/ht4435" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11310" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12625" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0829.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0834.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0867.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42183" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42926" }, { "trust": 1.7, "url": "http://secunia.com/advisories/43026" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/2906" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/2918" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2011/0173" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2011/0192" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3639" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20101105-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2010/at100029.txt" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu331391" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3639" }, { "trust": 0.8, "url": "http://secunia.com/advisories/41917" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.4, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.4, "url": "http://secunia.com/products/corporate/vim/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.4, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.4, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.3, "url": "http://www.adobe.com/products/flash/" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=130331642631603\u0026amp;w=2" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42926/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42926" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42926/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2181" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2161" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2174" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3644" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2215" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2171" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2162" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2181" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4546" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4546" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2180" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2171" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2180" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2164" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2179" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2169" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3648" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2164" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2173" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3654" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3793" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2177" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3645" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2179" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2165" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2172" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3976" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2216" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-16.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3647" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2173" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-06.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2172" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3793" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2160" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2213" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2184" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2167" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3646" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2169" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2175" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2214" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2178" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2165" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2188" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2189" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3643" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2161" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3636" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3641" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2174" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3650" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2183" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2178" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2170" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2177" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3652" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2162" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3640" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2170" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-22.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2175" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3649" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2167" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2884" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3642" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/advisories/43026/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43026/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43026" }, { "trust": 0.1, "url": "http://www.gentoo.org/security/en/glsa/glsa-201101-09.xml" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa10-05.html" }, { "trust": 0.1, "url": "http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42183" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42183/#comments" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2010-0829.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42183/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-46244" }, { "db": "BID", "id": "44692" }, { "db": "JVNDB", "id": "JVNDB-2010-002323" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-087" }, { "db": "NVD", "id": "CVE-2010-3639" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-46244" }, { "db": "BID", "id": "44692" }, { "db": "JVNDB", "id": "JVNDB-2010-002323" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-087" }, { "db": "NVD", "id": "CVE-2010-3639" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-11-07T00:00:00", "db": "VULHUB", "id": "VHN-46244" }, { "date": "2010-11-04T00:00:00", "db": "BID", "id": "44692" }, { "date": "2010-11-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002323" }, { "date": "2011-01-19T04:51:35", "db": "PACKETSTORM", "id": "97654" }, { "date": "2011-01-21T21:15:05", "db": "PACKETSTORM", "id": "97735" }, { "date": "2011-01-24T07:05:29", "db": "PACKETSTORM", "id": "97788" }, { "date": "2010-10-29T05:44:30", "db": "PACKETSTORM", "id": "95253" }, { "date": "2010-11-09T02:06:41", "db": "PACKETSTORM", "id": "95657" }, { "date": "2010-11-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-087" }, { "date": "2010-11-07T22:00:01.987000", "db": "NVD", "id": "CVE-2010-3639" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-46244" }, { "date": "2015-03-19T09:22:00", "db": "BID", "id": "44692" }, { "date": "2011-02-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002323" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-087" }, { "date": "2024-05-17T17:27:55.303000", "db": "NVD", "id": "CVE-2010-3639" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "97735" }, { "db": "CNNVD", "id": "CNNVD-201011-087" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002323" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201011-087" } ], "trust": 0.6 } }
var-201011-0242
Vulnerability from variot
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions. NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest stable version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
[ 1 ] APSB10-06 http://www.adobe.com/support/security/bulletins/apsb10-06.html [ 2 ] APSB10-14 http://www.adobe.com/support/security/bulletins/apsb10-14.html [ 3 ] APSB10-16 http://www.adobe.com/support/security/bulletins/apsb10-16.html [ 4 ] APSB10-22 http://www.adobe.com/support/security/bulletins/apsb10-22.html [ 5 ] APSB10-26 http://www.adobe.com/support/security/bulletins/apsb10-26.html [ 6 ] CVE-2008-4546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546 [ 7 ] CVE-2009-3793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793 [ 8 ] CVE-2010-0186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186 [ 9 ] CVE-2010-0187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187 [ 10 ] CVE-2010-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209 [ 11 ] CVE-2010-1297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297 [ 12 ] CVE-2010-2160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160 [ 13 ] CVE-2010-2161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161 [ 14 ] CVE-2010-2162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162 [ 15 ] CVE-2010-2163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163 [ 16 ] CVE-2010-2164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164 [ 17 ] CVE-2010-2165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165 [ 18 ] CVE-2010-2166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166 [ 19 ] CVE-2010-2167 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167 [ 20 ] CVE-2010-2169 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169 [ 21 ] CVE-2010-2170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170 [ 22 ] CVE-2010-2171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171 [ 23 ] CVE-2010-2172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172 [ 24 ] CVE-2010-2173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173 [ 25 ] CVE-2010-2174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174 [ 26 ] CVE-2010-2175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175 [ 27 ] CVE-2010-2176 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176 [ 28 ] CVE-2010-2177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177 [ 29 ] CVE-2010-2178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178 [ 30 ] CVE-2010-2179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179 [ 31 ] CVE-2010-2180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180 [ 32 ] CVE-2010-2181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181 [ 33 ] CVE-2010-2182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182 [ 34 ] CVE-2010-2183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183 [ 35 ] CVE-2010-2184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184 [ 36 ] CVE-2010-2185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185 [ 37 ] CVE-2010-2186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186 [ 38 ] CVE-2010-2187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187 [ 39 ] CVE-2010-2188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188 [ 40 ] CVE-2010-2189 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189 [ 41 ] CVE-2010-2213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213 [ 42 ] CVE-2010-2214 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214 [ 43 ] CVE-2010-2215 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215 [ 44 ] CVE-2010-2216 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216 [ 45 ] CVE-2010-2884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884 [ 46 ] CVE-2010-3636 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636 [ 47 ] CVE-2010-3639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639 [ 48 ] CVE-2010-3640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640 [ 49 ] CVE-2010-3641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641 [ 50 ] CVE-2010-3642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642 [ 51 ] CVE-2010-3643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643 [ 52 ] CVE-2010-3644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644 [ 53 ] CVE-2010-3645 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645 [ 54 ] CVE-2010-3646 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646 [ 55 ] CVE-2010-3647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647 [ 56 ] CVE-2010-3648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648 [ 57 ] CVE-2010-3649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649 [ 58 ] CVE-2010-3650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650 [ 59 ] CVE-2010-3652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652 [ 60 ] CVE-2010-3654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654 [ 61 ] CVE-2010-3976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information: SA38547 SA40026 SA40907 SA41434 SA41917
SOLUTION: Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta: http://secunia.com/products/corporate/vim/
TITLE: Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID: SA41917
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE: 2010-10-29
DISCUSS ADVISORY: http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been discovered in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a fully patched Windows XP Professional SP3. Other versions may also be affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION: Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day.
ORIGINAL ADVISORY: Adobe APSA10-05: http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour: http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
For more information: SA41917
SOLUTION: Updated packages are available via Red Hat Network
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201011-0242", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "10.0" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "flash player", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "air", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "2.0.4" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs3 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs4 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.95.1 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "3" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.8.z extras" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.92.8" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.52.14.1" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.52.15" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.0.45.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "air", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "2.5.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2.12610" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.4" }, { "model": "solaris express", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.01" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.1" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9130" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9120" }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.0" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" } ], "sources": [ { "db": "BID", "id": "44685" }, { "db": "JVNDB", "id": "JVNDB-2010-002334" }, { "db": "CNNVD", "id": "CNNVD-201011-077" }, { "db": "NVD", "id": "CVE-2010-3649" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.289.0", "versionStartIncluding": "9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.1.102.64", "versionStartIncluding": "10.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:sun:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.1.95.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3649" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Will Dormman of CERT", "sources": [ { "db": "BID", "id": "44685" }, { "db": "CNNVD", "id": "CNNVD-201011-077" } ], "trust": 0.9 }, "cve": "CVE-2010-3649", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2010-3649", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-46254", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2010-3649", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201011-077", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-46254", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-46254" }, { "db": "JVNDB", "id": "JVNDB-2010-002334" }, { "db": "CNNVD", "id": "CNNVD-201011-077" }, { "db": "NVD", "id": "CVE-2010-3649" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions. \nNOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. For\nfurther information please consult the CVE entries and the Adobe\nSecurity Bulletins referenced below. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest stable\nversion:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=www-plugins/adobe-flash-10.1.102.64\"\n\nReferences\n==========\n\n [ 1 ] APSB10-06\n http://www.adobe.com/support/security/bulletins/apsb10-06.html\n [ 2 ] APSB10-14\n http://www.adobe.com/support/security/bulletins/apsb10-14.html\n [ 3 ] APSB10-16\n http://www.adobe.com/support/security/bulletins/apsb10-16.html\n [ 4 ] APSB10-22\n http://www.adobe.com/support/security/bulletins/apsb10-22.html\n [ 5 ] APSB10-26\n http://www.adobe.com/support/security/bulletins/apsb10-26.html\n [ 6 ] CVE-2008-4546\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546\n [ 7 ] CVE-2009-3793\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793\n [ 8 ] CVE-2010-0186\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186\n [ 9 ] CVE-2010-0187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187\n [ 10 ] CVE-2010-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209\n [ 11 ] CVE-2010-1297\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297\n [ 12 ] CVE-2010-2160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160\n [ 13 ] CVE-2010-2161\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161\n [ 14 ] CVE-2010-2162\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162\n [ 15 ] CVE-2010-2163\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163\n [ 16 ] CVE-2010-2164\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164\n [ 17 ] CVE-2010-2165\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165\n [ 18 ] CVE-2010-2166\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166\n [ 19 ] CVE-2010-2167\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167\n [ 20 ] CVE-2010-2169\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169\n [ 21 ] CVE-2010-2170\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170\n [ 22 ] CVE-2010-2171\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171\n [ 23 ] CVE-2010-2172\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172\n [ 24 ] CVE-2010-2173\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173\n [ 25 ] CVE-2010-2174\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174\n [ 26 ] CVE-2010-2175\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175\n [ 27 ] CVE-2010-2176\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176\n [ 28 ] CVE-2010-2177\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177\n [ 29 ] CVE-2010-2178\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178\n [ 30 ] CVE-2010-2179\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179\n [ 31 ] CVE-2010-2180\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180\n [ 32 ] CVE-2010-2181\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181\n [ 33 ] CVE-2010-2182\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182\n [ 34 ] CVE-2010-2183\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183\n [ 35 ] CVE-2010-2184\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184\n [ 36 ] CVE-2010-2185\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185\n [ 37 ] CVE-2010-2186\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186\n [ 38 ] CVE-2010-2187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187\n [ 39 ] CVE-2010-2188\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188\n [ 40 ] CVE-2010-2189\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189\n [ 41 ] CVE-2010-2213\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213\n [ 42 ] CVE-2010-2214\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214\n [ 43 ] CVE-2010-2215\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215\n [ 44 ] CVE-2010-2216\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216\n [ 45 ] CVE-2010-2884\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884\n [ 46 ] CVE-2010-3636\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636\n [ 47 ] CVE-2010-3639\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639\n [ 48 ] CVE-2010-3640\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640\n [ 49 ] CVE-2010-3641\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641\n [ 50 ] CVE-2010-3642\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642\n [ 51 ] CVE-2010-3643\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643\n [ 52 ] CVE-2010-3644\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644\n [ 53 ] CVE-2010-3645\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645\n [ 54 ] CVE-2010-3646\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646\n [ 55 ] CVE-2010-3647\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647\n [ 56 ] CVE-2010-3648\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648\n [ 57 ] CVE-2010-3649\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649\n [ 58 ] CVE-2010-3650\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650\n [ 59 ] CVE-2010-3652\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652\n [ 60 ] CVE-2010-3654\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654\n [ 61 ] CVE-2010-3976\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201101-09.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n\n. \n\nFor more information:\nSA38547\nSA40026\nSA40907\nSA41434\nSA41917\n\nSOLUTION:\nUpdate to version \"www-plugins/adobe-flash-10.1.102.64\" or later. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. \n\nJoin the beta: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Flash Player Unspecified Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA41917\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/41917/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nRELEASE DATE:\n2010-10-29\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/41917/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/41917/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in Adobe Flash Player, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is confirmed in version 10.1.85.3 running on a\nfully patched Windows XP Professional SP3. Other versions may also be\naffected. \n\nNOTE: The vulnerability is currently being actively exploited. \n\nSOLUTION:\nAdobe plans to release a fixed version on November 9, 2010. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported as a 0-day. \n\nORIGINAL ADVISORY:\nAdobe APSA10-05:\nhttp://www.adobe.com/support/security/advisories/apsa10-05.html\n\nMila Parkour:\nhttp://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This fixes multiple\nvulnerabilities, which can be exploited by malicious people to\ndisclose sensitive information, bypass certain security restrictions,\nor compromise a user\u0027s system. \n\nFor more information:\nSA41917\n\nSOLUTION:\nUpdated packages are available via Red Hat Network", "sources": [ { "db": "NVD", "id": "CVE-2010-3649" }, { "db": "JVNDB", "id": "JVNDB-2010-002334" }, { "db": "BID", "id": "44685" }, { "db": "VULHUB", "id": "VHN-46254" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-3649", "trust": 2.9 }, { "db": "BID", "id": "44685", "trust": 2.8 }, { "db": "VUPEN", "id": "ADV-2010-2903", "trust": 2.5 }, { "db": "SECUNIA", "id": "42183", "trust": 1.8 }, { "db": "SECUNIA", "id": "42926", "trust": 1.8 }, { "db": "SECUNIA", "id": "43026", "trust": 1.8 }, { "db": "VUPEN", "id": "ADV-2011-0173", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-2906", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-2918", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2011-0192", "trust": 1.7 }, { "db": "SECUNIA", "id": "41917", "trust": 0.9 }, { "db": "JVNDB", "id": "JVNDB-2010-002334", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201011-077", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-46254", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97654", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97735", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97788", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95253", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95657", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-46254" }, { "db": "BID", "id": "44685" }, { "db": "JVNDB", "id": "JVNDB-2010-002334" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-077" }, { "db": "NVD", "id": "CVE-2010-3649" } ] }, "id": "VAR-201011-0242", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-46254" } ], "trust": 0.01 }, "last_update_date": "2024-05-18T20:15:08.216000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB10-26", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "title": "cpsid_87813", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/878/cpsid_87813.html" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435?viewlocale=ja_jp" }, { "title": "RHSA-2010:0829", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0829.html" }, { "title": "RHSA-2010:0834", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0834.html" }, { "title": "RHSA-2010:0867", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0867.html" }, { "title": "multiple_vulnerabilities_in_adobe_flash1", "trust": 0.8, "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" }, { "title": "flash-player-10.1.10 2.64-0.1.1.i586", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35063" }, { "title": "MacOSXUpdCombo10.6.5", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35062" }, { "title": "install_flash_player_10.1.102.64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35061" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002334" }, { "db": "CNNVD", "id": "CNNVD-201011-077" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3649" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://www.securityfocus.com/bid/44685" }, { "trust": 2.5, "url": "http://www.vupen.com/english/advisories/2010/2903" }, { "trust": 2.1, "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" }, { "trust": 2.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html" }, { "trust": 1.7, "url": "http://support.apple.com/kb/ht4435" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11872" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15750" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0829.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0834.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0867.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42183" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42926" }, { "trust": 1.7, "url": "http://secunia.com/advisories/43026" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/2906" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/2918" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2011/0173" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2011/0192" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3649" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20101105-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2010/at100029.txt" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu331391" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3649" }, { "trust": 0.8, "url": "http://secunia.com/advisories/41917" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.4, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.4, "url": "http://secunia.com/products/corporate/vim/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.4, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.4, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.3, "url": "http://www.adobe.com/products/flash/" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=130331642631603\u0026amp;w=2" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42926/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42926" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42926/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3639" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2181" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2161" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2174" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3644" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2215" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2171" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2162" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2181" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4546" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4546" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2180" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2171" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2180" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2164" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2179" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2169" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3648" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2164" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2173" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3654" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3793" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2177" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3645" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2179" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2165" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2172" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3976" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2216" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-16.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3647" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2173" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-06.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2172" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3793" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2160" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2213" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2184" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2167" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3646" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2169" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2175" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2214" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2178" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2165" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2188" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2189" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3643" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2161" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3636" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3641" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2174" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3650" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2183" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2178" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2170" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2177" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3652" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2162" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3640" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2170" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-22.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2175" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2187" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2167" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2884" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3642" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/advisories/43026/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43026/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43026" }, { "trust": 0.1, "url": "http://www.gentoo.org/security/en/glsa/glsa-201101-09.xml" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa10-05.html" }, { "trust": 0.1, "url": "http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42183" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42183/#comments" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2010-0829.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42183/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-46254" }, { "db": "BID", "id": "44685" }, { "db": "JVNDB", "id": "JVNDB-2010-002334" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-077" }, { "db": "NVD", "id": "CVE-2010-3649" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-46254" }, { "db": "BID", "id": "44685" }, { "db": "JVNDB", "id": "JVNDB-2010-002334" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-077" }, { "db": "NVD", "id": "CVE-2010-3649" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-11-07T00:00:00", "db": "VULHUB", "id": "VHN-46254" }, { "date": "2010-11-04T00:00:00", "db": "BID", "id": "44685" }, { "date": "2010-11-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002334" }, { "date": "2011-01-19T04:51:35", "db": "PACKETSTORM", "id": "97654" }, { "date": "2011-01-21T21:15:05", "db": "PACKETSTORM", "id": "97735" }, { "date": "2011-01-24T07:05:29", "db": "PACKETSTORM", "id": "97788" }, { "date": "2010-10-29T05:44:30", "db": "PACKETSTORM", "id": "95253" }, { "date": "2010-11-09T02:06:41", "db": "PACKETSTORM", "id": "95657" }, { "date": "2010-11-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-077" }, { "date": "2010-11-07T22:00:02.440000", "db": "NVD", "id": "CVE-2010-3649" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-46254" }, { "date": "2015-03-19T09:24:00", "db": "BID", "id": "44685" }, { "date": "2011-02-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002334" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-077" }, { "date": "2024-05-17T17:17:59.740000", "db": "NVD", "id": "CVE-2010-3649" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "97735" }, { "db": "CNNVD", "id": "CNNVD-201011-077" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002334" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201011-077" } ], "trust": 0.6 } }
var-201011-0241
Vulnerability from variot
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions. NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest stable version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
[ 1 ] APSB10-06 http://www.adobe.com/support/security/bulletins/apsb10-06.html [ 2 ] APSB10-14 http://www.adobe.com/support/security/bulletins/apsb10-14.html [ 3 ] APSB10-16 http://www.adobe.com/support/security/bulletins/apsb10-16.html [ 4 ] APSB10-22 http://www.adobe.com/support/security/bulletins/apsb10-22.html [ 5 ] APSB10-26 http://www.adobe.com/support/security/bulletins/apsb10-26.html [ 6 ] CVE-2008-4546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546 [ 7 ] CVE-2009-3793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793 [ 8 ] CVE-2010-0186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186 [ 9 ] CVE-2010-0187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187 [ 10 ] CVE-2010-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209 [ 11 ] CVE-2010-1297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297 [ 12 ] CVE-2010-2160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160 [ 13 ] CVE-2010-2161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161 [ 14 ] CVE-2010-2162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162 [ 15 ] CVE-2010-2163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163 [ 16 ] CVE-2010-2164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164 [ 17 ] CVE-2010-2165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165 [ 18 ] CVE-2010-2166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166 [ 19 ] CVE-2010-2167 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167 [ 20 ] CVE-2010-2169 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169 [ 21 ] CVE-2010-2170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170 [ 22 ] CVE-2010-2171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171 [ 23 ] CVE-2010-2172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172 [ 24 ] CVE-2010-2173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173 [ 25 ] CVE-2010-2174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174 [ 26 ] CVE-2010-2175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175 [ 27 ] CVE-2010-2176 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176 [ 28 ] CVE-2010-2177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177 [ 29 ] CVE-2010-2178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178 [ 30 ] CVE-2010-2179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179 [ 31 ] CVE-2010-2180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180 [ 32 ] CVE-2010-2181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181 [ 33 ] CVE-2010-2182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182 [ 34 ] CVE-2010-2183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183 [ 35 ] CVE-2010-2184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184 [ 36 ] CVE-2010-2185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185 [ 37 ] CVE-2010-2186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186 [ 38 ] CVE-2010-2187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187 [ 39 ] CVE-2010-2188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188 [ 40 ] CVE-2010-2189 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189 [ 41 ] CVE-2010-2213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213 [ 42 ] CVE-2010-2214 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214 [ 43 ] CVE-2010-2215 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215 [ 44 ] CVE-2010-2216 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216 [ 45 ] CVE-2010-2884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884 [ 46 ] CVE-2010-3636 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636 [ 47 ] CVE-2010-3639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639 [ 48 ] CVE-2010-3640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640 [ 49 ] CVE-2010-3641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641 [ 50 ] CVE-2010-3642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642 [ 51 ] CVE-2010-3643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643 [ 52 ] CVE-2010-3644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644 [ 53 ] CVE-2010-3645 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645 [ 54 ] CVE-2010-3646 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646 [ 55 ] CVE-2010-3647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647 [ 56 ] CVE-2010-3648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648 [ 57 ] CVE-2010-3649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649 [ 58 ] CVE-2010-3650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650 [ 59 ] CVE-2010-3652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652 [ 60 ] CVE-2010-3654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654 [ 61 ] CVE-2010-3976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information: SA38547 SA40026 SA40907 SA41434 SA41917
SOLUTION: Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta: http://secunia.com/products/corporate/vim/
TITLE: Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID: SA41917
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE: 2010-10-29
DISCUSS ADVISORY: http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been discovered in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a fully patched Windows XP Professional SP3. Other versions may also be affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION: Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day.
ORIGINAL ADVISORY: Adobe APSA10-05: http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour: http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
For more information: SA41917
SOLUTION: Updated packages are available via Red Hat Network
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201011-0241", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "10.0" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "flash player", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "air", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "2.0.4" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs3 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs4 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.95.1 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "3" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.8.z extras" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.92.8" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "9.0.28" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "9.0.31" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "air", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "2.5.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2.12610" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.4" }, { "model": "solaris express", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.01" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9130" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9120" }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.0" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" } ], "sources": [ { "db": "BID", "id": "44684" }, { "db": "JVNDB", "id": "JVNDB-2010-002333" }, { "db": "CNNVD", "id": "CNNVD-201011-078" }, { "db": "NVD", "id": "CVE-2010-3648" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.289.0", "versionStartIncluding": "9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.1.102.64", "versionStartIncluding": "10.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:sun:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.1.95.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3648" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Will Dormman of CERT", "sources": [ { "db": "BID", "id": "44684" }, { "db": "CNNVD", "id": "CNNVD-201011-078" } ], "trust": 0.9 }, "cve": "CVE-2010-3648", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2010-3648", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-46253", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2010-3648", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201011-078", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-46253", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-46253" }, { "db": "JVNDB", "id": "JVNDB-2010-002333" }, { "db": "CNNVD", "id": "CNNVD-201011-078" }, { "db": "NVD", "id": "CVE-2010-3648" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions. \nNOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. For\nfurther information please consult the CVE entries and the Adobe\nSecurity Bulletins referenced below. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest stable\nversion:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=www-plugins/adobe-flash-10.1.102.64\"\n\nReferences\n==========\n\n [ 1 ] APSB10-06\n http://www.adobe.com/support/security/bulletins/apsb10-06.html\n [ 2 ] APSB10-14\n http://www.adobe.com/support/security/bulletins/apsb10-14.html\n [ 3 ] APSB10-16\n http://www.adobe.com/support/security/bulletins/apsb10-16.html\n [ 4 ] APSB10-22\n http://www.adobe.com/support/security/bulletins/apsb10-22.html\n [ 5 ] APSB10-26\n http://www.adobe.com/support/security/bulletins/apsb10-26.html\n [ 6 ] CVE-2008-4546\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546\n [ 7 ] CVE-2009-3793\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793\n [ 8 ] CVE-2010-0186\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186\n [ 9 ] CVE-2010-0187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187\n [ 10 ] CVE-2010-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209\n [ 11 ] CVE-2010-1297\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297\n [ 12 ] CVE-2010-2160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160\n [ 13 ] CVE-2010-2161\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161\n [ 14 ] CVE-2010-2162\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162\n [ 15 ] CVE-2010-2163\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163\n [ 16 ] CVE-2010-2164\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164\n [ 17 ] CVE-2010-2165\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165\n [ 18 ] CVE-2010-2166\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166\n [ 19 ] CVE-2010-2167\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167\n [ 20 ] CVE-2010-2169\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169\n [ 21 ] CVE-2010-2170\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170\n [ 22 ] CVE-2010-2171\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171\n [ 23 ] CVE-2010-2172\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172\n [ 24 ] CVE-2010-2173\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173\n [ 25 ] CVE-2010-2174\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174\n [ 26 ] CVE-2010-2175\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175\n [ 27 ] CVE-2010-2176\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176\n [ 28 ] CVE-2010-2177\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177\n [ 29 ] CVE-2010-2178\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178\n [ 30 ] CVE-2010-2179\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179\n [ 31 ] CVE-2010-2180\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180\n [ 32 ] CVE-2010-2181\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181\n [ 33 ] CVE-2010-2182\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182\n [ 34 ] CVE-2010-2183\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183\n [ 35 ] CVE-2010-2184\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184\n [ 36 ] CVE-2010-2185\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185\n [ 37 ] CVE-2010-2186\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186\n [ 38 ] CVE-2010-2187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187\n [ 39 ] CVE-2010-2188\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188\n [ 40 ] CVE-2010-2189\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189\n [ 41 ] CVE-2010-2213\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213\n [ 42 ] CVE-2010-2214\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214\n [ 43 ] CVE-2010-2215\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215\n [ 44 ] CVE-2010-2216\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216\n [ 45 ] CVE-2010-2884\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884\n [ 46 ] CVE-2010-3636\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636\n [ 47 ] CVE-2010-3639\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639\n [ 48 ] CVE-2010-3640\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640\n [ 49 ] CVE-2010-3641\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641\n [ 50 ] CVE-2010-3642\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642\n [ 51 ] CVE-2010-3643\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643\n [ 52 ] CVE-2010-3644\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644\n [ 53 ] CVE-2010-3645\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645\n [ 54 ] CVE-2010-3646\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646\n [ 55 ] CVE-2010-3647\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647\n [ 56 ] CVE-2010-3648\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648\n [ 57 ] CVE-2010-3649\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649\n [ 58 ] CVE-2010-3650\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650\n [ 59 ] CVE-2010-3652\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652\n [ 60 ] CVE-2010-3654\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654\n [ 61 ] CVE-2010-3976\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201101-09.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n\n. \n\nFor more information:\nSA38547\nSA40026\nSA40907\nSA41434\nSA41917\n\nSOLUTION:\nUpdate to version \"www-plugins/adobe-flash-10.1.102.64\" or later. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. \n\nJoin the beta: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Flash Player Unspecified Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA41917\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/41917/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nRELEASE DATE:\n2010-10-29\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/41917/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/41917/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in Adobe Flash Player, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is confirmed in version 10.1.85.3 running on a\nfully patched Windows XP Professional SP3. Other versions may also be\naffected. \n\nNOTE: The vulnerability is currently being actively exploited. \n\nSOLUTION:\nAdobe plans to release a fixed version on November 9, 2010. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported as a 0-day. \n\nORIGINAL ADVISORY:\nAdobe APSA10-05:\nhttp://www.adobe.com/support/security/advisories/apsa10-05.html\n\nMila Parkour:\nhttp://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This fixes multiple\nvulnerabilities, which can be exploited by malicious people to\ndisclose sensitive information, bypass certain security restrictions,\nor compromise a user\u0027s system. \n\nFor more information:\nSA41917\n\nSOLUTION:\nUpdated packages are available via Red Hat Network", "sources": [ { "db": "NVD", "id": "CVE-2010-3648" }, { "db": "JVNDB", "id": "JVNDB-2010-002333" }, { "db": "BID", "id": "44684" }, { "db": "VULHUB", "id": "VHN-46253" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-3648", "trust": 2.9 }, { "db": "BID", "id": "44684", "trust": 2.8 }, { "db": "VUPEN", "id": "ADV-2010-2903", "trust": 2.5 }, { "db": "SECUNIA", "id": "42926", "trust": 1.8 }, { "db": "SECUNIA", "id": "42183", "trust": 1.8 }, { "db": "SECUNIA", "id": "43026", "trust": 1.8 }, { "db": "VUPEN", "id": "ADV-2011-0173", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-2918", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-2906", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2011-0192", "trust": 1.7 }, { "db": "SECUNIA", "id": "41917", "trust": 0.9 }, { "db": "JVNDB", "id": "JVNDB-2010-002333", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201011-078", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-46253", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97654", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97735", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97788", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95253", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95657", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-46253" }, { "db": "BID", "id": "44684" }, { "db": "JVNDB", "id": "JVNDB-2010-002333" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-078" }, { "db": "NVD", "id": "CVE-2010-3648" } ] }, "id": "VAR-201011-0241", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-46253" } ], "trust": 0.01 }, "last_update_date": "2024-05-18T21:29:05.832000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB10-26", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "title": "cpsid_87813", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/878/cpsid_87813.html" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435?viewlocale=ja_jp" }, { "title": "RHSA-2010:0829", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0829.html" }, { "title": "RHSA-2010:0834", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0834.html" }, { "title": "RHSA-2010:0867", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0867.html" }, { "title": "multiple_vulnerabilities_in_adobe_flash1", "trust": 0.8, "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" }, { "title": "flash-player-10.1.10 2.64-0.1.1.i586", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35063" }, { "title": "MacOSXUpdCombo10.6.5", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35062" }, { "title": "install_flash_player_10.1.102.64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35061" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002333" }, { "db": "CNNVD", "id": "CNNVD-201011-078" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3648" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://www.securityfocus.com/bid/44684" }, { "trust": 2.5, "url": "http://www.vupen.com/english/advisories/2010/2903" }, { "trust": 2.1, "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" }, { "trust": 2.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html" }, { "trust": 1.7, "url": "http://support.apple.com/kb/ht4435" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11842" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15980" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0829.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0834.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0867.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42183" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42926" }, { "trust": 1.7, "url": "http://secunia.com/advisories/43026" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/2906" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/2918" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2011/0173" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2011/0192" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3648" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20101105-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2010/at100029.txt" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu331391" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3648" }, { "trust": 0.8, "url": "http://secunia.com/advisories/41917" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.4, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.4, "url": "http://secunia.com/products/corporate/vim/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.4, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.4, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.3, "url": "http://www.adobe.com/products/flash/" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=130331642631603\u0026amp;w=2" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42926/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42926" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42926/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3639" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2181" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2161" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2174" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3644" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2215" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2171" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2162" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2181" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4546" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4546" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2180" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2171" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2180" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2164" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2179" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2169" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2164" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2173" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3654" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3793" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2177" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3645" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2179" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2165" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2172" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3976" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2216" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-16.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3647" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2173" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-06.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2172" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3793" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2160" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2213" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2184" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2167" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3646" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2169" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2175" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2214" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2178" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2165" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2188" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2189" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3643" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2161" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3636" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3641" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2174" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3650" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2183" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2178" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2170" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2177" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3652" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2162" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3640" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2170" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-22.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2175" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3649" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2167" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2884" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3642" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/advisories/43026/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43026/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43026" }, { "trust": 0.1, "url": "http://www.gentoo.org/security/en/glsa/glsa-201101-09.xml" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa10-05.html" }, { "trust": 0.1, "url": "http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42183" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42183/#comments" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2010-0829.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42183/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-46253" }, { "db": "BID", "id": "44684" }, { "db": "JVNDB", "id": "JVNDB-2010-002333" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-078" }, { "db": "NVD", "id": "CVE-2010-3648" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-46253" }, { "db": "BID", "id": "44684" }, { "db": "JVNDB", "id": "JVNDB-2010-002333" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-078" }, { "db": "NVD", "id": "CVE-2010-3648" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-11-07T00:00:00", "db": "VULHUB", "id": "VHN-46253" }, { "date": "2010-11-04T00:00:00", "db": "BID", "id": "44684" }, { "date": "2010-11-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002333" }, { "date": "2011-01-19T04:51:35", "db": "PACKETSTORM", "id": "97654" }, { "date": "2011-01-21T21:15:05", "db": "PACKETSTORM", "id": "97735" }, { "date": "2011-01-24T07:05:29", "db": "PACKETSTORM", "id": "97788" }, { "date": "2010-10-29T05:44:30", "db": "PACKETSTORM", "id": "95253" }, { "date": "2010-11-09T02:06:41", "db": "PACKETSTORM", "id": "95657" }, { "date": "2010-11-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-078" }, { "date": "2010-11-07T22:00:02.363000", "db": "NVD", "id": "CVE-2010-3648" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-46253" }, { "date": "2013-06-20T09:38:00", "db": "BID", "id": "44684" }, { "date": "2011-02-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002333" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-078" }, { "date": "2024-05-17T17:17:41.250000", "db": "NVD", "id": "CVE-2010-3648" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "97735" }, { "db": "CNNVD", "id": "CNNVD-201011-078" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002333" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201011-078" } ], "trust": 0.6 } }
var-201011-0236
Vulnerability from variot
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions. NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest stable version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
[ 1 ] APSB10-06 http://www.adobe.com/support/security/bulletins/apsb10-06.html [ 2 ] APSB10-14 http://www.adobe.com/support/security/bulletins/apsb10-14.html [ 3 ] APSB10-16 http://www.adobe.com/support/security/bulletins/apsb10-16.html [ 4 ] APSB10-22 http://www.adobe.com/support/security/bulletins/apsb10-22.html [ 5 ] APSB10-26 http://www.adobe.com/support/security/bulletins/apsb10-26.html [ 6 ] CVE-2008-4546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546 [ 7 ] CVE-2009-3793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793 [ 8 ] CVE-2010-0186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186 [ 9 ] CVE-2010-0187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187 [ 10 ] CVE-2010-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209 [ 11 ] CVE-2010-1297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297 [ 12 ] CVE-2010-2160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160 [ 13 ] CVE-2010-2161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161 [ 14 ] CVE-2010-2162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162 [ 15 ] CVE-2010-2163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163 [ 16 ] CVE-2010-2164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164 [ 17 ] CVE-2010-2165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165 [ 18 ] CVE-2010-2166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166 [ 19 ] CVE-2010-2167 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167 [ 20 ] CVE-2010-2169 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169 [ 21 ] CVE-2010-2170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170 [ 22 ] CVE-2010-2171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171 [ 23 ] CVE-2010-2172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172 [ 24 ] CVE-2010-2173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173 [ 25 ] CVE-2010-2174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174 [ 26 ] CVE-2010-2175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175 [ 27 ] CVE-2010-2176 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176 [ 28 ] CVE-2010-2177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177 [ 29 ] CVE-2010-2178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178 [ 30 ] CVE-2010-2179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179 [ 31 ] CVE-2010-2180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180 [ 32 ] CVE-2010-2181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181 [ 33 ] CVE-2010-2182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182 [ 34 ] CVE-2010-2183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183 [ 35 ] CVE-2010-2184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184 [ 36 ] CVE-2010-2185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185 [ 37 ] CVE-2010-2186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186 [ 38 ] CVE-2010-2187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187 [ 39 ] CVE-2010-2188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188 [ 40 ] CVE-2010-2189 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189 [ 41 ] CVE-2010-2213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213 [ 42 ] CVE-2010-2214 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214 [ 43 ] CVE-2010-2215 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215 [ 44 ] CVE-2010-2216 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216 [ 45 ] CVE-2010-2884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884 [ 46 ] CVE-2010-3636 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636 [ 47 ] CVE-2010-3639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639 [ 48 ] CVE-2010-3640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640 [ 49 ] CVE-2010-3641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641 [ 50 ] CVE-2010-3642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642 [ 51 ] CVE-2010-3643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643 [ 52 ] CVE-2010-3644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644 [ 53 ] CVE-2010-3645 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645 [ 54 ] CVE-2010-3646 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646 [ 55 ] CVE-2010-3647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647 [ 56 ] CVE-2010-3648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648 [ 57 ] CVE-2010-3649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649 [ 58 ] CVE-2010-3650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650 [ 59 ] CVE-2010-3652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652 [ 60 ] CVE-2010-3654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654 [ 61 ] CVE-2010-3976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information: SA38547 SA40026 SA40907 SA41434 SA41917
SOLUTION: Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta: http://secunia.com/products/corporate/vim/
TITLE: Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID: SA41917
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE: 2010-10-29
DISCUSS ADVISORY: http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been discovered in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a fully patched Windows XP Professional SP3. Other versions may also be affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION: Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day.
ORIGINAL ADVISORY: Adobe APSA10-05: http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour: http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
For more information: SA41917
SOLUTION: Updated packages are available via Red Hat Network
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201011-0236", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "10.0" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "flash player", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "air", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "2.0.4" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs3 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs4 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.95.1 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "3" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.8.z extras" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.92.8" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "9.0.28" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.52.14.1" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.52.15" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "air", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "2.5.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2.12610" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.4" }, { "model": "solaris express", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.01" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9130" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9120" }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.0" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" } ], "sources": [ { "db": "BID", "id": "44679" }, { "db": "JVNDB", "id": "JVNDB-2010-002327" }, { "db": "CNNVD", "id": "CNNVD-201011-083" }, { "db": "NVD", "id": "CVE-2010-3643" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.289.0", "versionStartIncluding": "9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.1.102.64", "versionStartIncluding": "10.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:sun:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.1.95.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3643" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Will Dormman of CERT", "sources": [ { "db": "BID", "id": "44679" }, { "db": "CNNVD", "id": "CNNVD-201011-083" } ], "trust": 0.9 }, "cve": "CVE-2010-3643", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2010-3643", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-46248", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2010-3643", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201011-083", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-46248", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-46248" }, { "db": "JVNDB", "id": "JVNDB-2010-002327" }, { "db": "CNNVD", "id": "CNNVD-201011-083" }, { "db": "NVD", "id": "CVE-2010-3643" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions. \nNOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. For\nfurther information please consult the CVE entries and the Adobe\nSecurity Bulletins referenced below. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest stable\nversion:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=www-plugins/adobe-flash-10.1.102.64\"\n\nReferences\n==========\n\n [ 1 ] APSB10-06\n http://www.adobe.com/support/security/bulletins/apsb10-06.html\n [ 2 ] APSB10-14\n http://www.adobe.com/support/security/bulletins/apsb10-14.html\n [ 3 ] APSB10-16\n http://www.adobe.com/support/security/bulletins/apsb10-16.html\n [ 4 ] APSB10-22\n http://www.adobe.com/support/security/bulletins/apsb10-22.html\n [ 5 ] APSB10-26\n http://www.adobe.com/support/security/bulletins/apsb10-26.html\n [ 6 ] CVE-2008-4546\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546\n [ 7 ] CVE-2009-3793\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793\n [ 8 ] CVE-2010-0186\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186\n [ 9 ] CVE-2010-0187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187\n [ 10 ] CVE-2010-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209\n [ 11 ] CVE-2010-1297\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297\n [ 12 ] CVE-2010-2160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160\n [ 13 ] CVE-2010-2161\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161\n [ 14 ] CVE-2010-2162\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162\n [ 15 ] CVE-2010-2163\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163\n [ 16 ] CVE-2010-2164\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164\n [ 17 ] CVE-2010-2165\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165\n [ 18 ] CVE-2010-2166\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166\n [ 19 ] CVE-2010-2167\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167\n [ 20 ] CVE-2010-2169\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169\n [ 21 ] CVE-2010-2170\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170\n [ 22 ] CVE-2010-2171\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171\n [ 23 ] CVE-2010-2172\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172\n [ 24 ] CVE-2010-2173\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173\n [ 25 ] CVE-2010-2174\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174\n [ 26 ] CVE-2010-2175\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175\n [ 27 ] CVE-2010-2176\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176\n [ 28 ] CVE-2010-2177\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177\n [ 29 ] CVE-2010-2178\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178\n [ 30 ] CVE-2010-2179\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179\n [ 31 ] CVE-2010-2180\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180\n [ 32 ] CVE-2010-2181\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181\n [ 33 ] CVE-2010-2182\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182\n [ 34 ] CVE-2010-2183\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183\n [ 35 ] CVE-2010-2184\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184\n [ 36 ] CVE-2010-2185\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185\n [ 37 ] CVE-2010-2186\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186\n [ 38 ] CVE-2010-2187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187\n [ 39 ] CVE-2010-2188\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188\n [ 40 ] CVE-2010-2189\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189\n [ 41 ] CVE-2010-2213\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213\n [ 42 ] CVE-2010-2214\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214\n [ 43 ] CVE-2010-2215\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215\n [ 44 ] CVE-2010-2216\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216\n [ 45 ] CVE-2010-2884\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884\n [ 46 ] CVE-2010-3636\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636\n [ 47 ] CVE-2010-3639\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639\n [ 48 ] CVE-2010-3640\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640\n [ 49 ] CVE-2010-3641\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641\n [ 50 ] CVE-2010-3642\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642\n [ 51 ] CVE-2010-3643\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643\n [ 52 ] CVE-2010-3644\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644\n [ 53 ] CVE-2010-3645\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645\n [ 54 ] CVE-2010-3646\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646\n [ 55 ] CVE-2010-3647\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647\n [ 56 ] CVE-2010-3648\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648\n [ 57 ] CVE-2010-3649\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649\n [ 58 ] CVE-2010-3650\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650\n [ 59 ] CVE-2010-3652\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652\n [ 60 ] CVE-2010-3654\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654\n [ 61 ] CVE-2010-3976\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201101-09.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n\n. \n\nFor more information:\nSA38547\nSA40026\nSA40907\nSA41434\nSA41917\n\nSOLUTION:\nUpdate to version \"www-plugins/adobe-flash-10.1.102.64\" or later. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. \n\nJoin the beta: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Flash Player Unspecified Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA41917\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/41917/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nRELEASE DATE:\n2010-10-29\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/41917/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/41917/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in Adobe Flash Player, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is confirmed in version 10.1.85.3 running on a\nfully patched Windows XP Professional SP3. Other versions may also be\naffected. \n\nNOTE: The vulnerability is currently being actively exploited. \n\nSOLUTION:\nAdobe plans to release a fixed version on November 9, 2010. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported as a 0-day. \n\nORIGINAL ADVISORY:\nAdobe APSA10-05:\nhttp://www.adobe.com/support/security/advisories/apsa10-05.html\n\nMila Parkour:\nhttp://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This fixes multiple\nvulnerabilities, which can be exploited by malicious people to\ndisclose sensitive information, bypass certain security restrictions,\nor compromise a user\u0027s system. \n\nFor more information:\nSA41917\n\nSOLUTION:\nUpdated packages are available via Red Hat Network", "sources": [ { "db": "NVD", "id": "CVE-2010-3643" }, { "db": "JVNDB", "id": "JVNDB-2010-002327" }, { "db": "BID", "id": "44679" }, { "db": "VULHUB", "id": "VHN-46248" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-3643", "trust": 2.9 }, { "db": "BID", "id": "44679", "trust": 2.8 }, { "db": "VUPEN", "id": "ADV-2010-2903", "trust": 2.5 }, { "db": "SECUNIA", "id": "42183", "trust": 1.8 }, { "db": "SECUNIA", "id": "42926", "trust": 1.8 }, { "db": "SECUNIA", "id": "43026", "trust": 1.8 }, { "db": "VUPEN", "id": "ADV-2011-0173", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-2918", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-2906", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2011-0192", "trust": 1.7 }, { "db": "SECUNIA", "id": "41917", "trust": 0.9 }, { "db": "JVNDB", "id": "JVNDB-2010-002327", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201011-083", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-46248", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97654", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97735", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97788", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95253", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95657", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-46248" }, { "db": "BID", "id": "44679" }, { "db": "JVNDB", "id": "JVNDB-2010-002327" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-083" }, { "db": "NVD", "id": "CVE-2010-3643" } ] }, "id": "VAR-201011-0236", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-46248" } ], "trust": 0.01 }, "last_update_date": "2024-05-18T21:03:54.664000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB10-26", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "title": "cpsid_87813", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/878/cpsid_87813.html" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435?viewlocale=ja_jp" }, { "title": "RHSA-2010:0829", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0829.html" }, { "title": "RHSA-2010:0834", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0834.html" }, { "title": "RHSA-2010:0867", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0867.html" }, { "title": "multiple_vulnerabilities_in_adobe_flash1", "trust": 0.8, "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002327" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3643" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://www.securityfocus.com/bid/44679" }, { "trust": 2.5, "url": "http://www.vupen.com/english/advisories/2010/2903" }, { "trust": 2.1, "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" }, { "trust": 2.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html" }, { "trust": 1.7, "url": "http://support.apple.com/kb/ht4435" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12151" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16242" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0829.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0834.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0867.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42183" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42926" }, { "trust": 1.7, "url": "http://secunia.com/advisories/43026" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/2906" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/2918" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2011/0173" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2011/0192" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3643" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20101105-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2010/at100029.txt" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu331391" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3643" }, { "trust": 0.8, "url": "http://secunia.com/advisories/41917" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.4, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.4, "url": "http://secunia.com/products/corporate/vim/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.4, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.4, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.3, "url": "http://www.adobe.com/products/flash/" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=130331642631603\u0026amp;w=2" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42926/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42926" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42926/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3639" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2181" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2161" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2174" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3644" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2215" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2171" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2162" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2181" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4546" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4546" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2180" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2171" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2180" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2164" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2179" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2169" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3648" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2164" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2173" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3654" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3793" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2177" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3645" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2179" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2165" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2172" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3976" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2216" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-16.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3647" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2173" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-06.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2172" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3793" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2160" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2213" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2184" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2167" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3646" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2169" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2175" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2214" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2178" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2165" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2188" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2189" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2161" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3636" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3641" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2174" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3650" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2183" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2178" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2170" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2177" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3652" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2162" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3640" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2170" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-22.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2175" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3649" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2167" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2884" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3642" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/advisories/43026/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43026/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43026" }, { "trust": 0.1, "url": "http://www.gentoo.org/security/en/glsa/glsa-201101-09.xml" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa10-05.html" }, { "trust": 0.1, "url": "http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42183" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42183/#comments" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2010-0829.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42183/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-46248" }, { "db": "BID", "id": "44679" }, { "db": "JVNDB", "id": "JVNDB-2010-002327" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-083" }, { "db": "NVD", "id": "CVE-2010-3643" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-46248" }, { "db": "BID", "id": "44679" }, { "db": "JVNDB", "id": "JVNDB-2010-002327" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-083" }, { "db": "NVD", "id": "CVE-2010-3643" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-11-07T00:00:00", "db": "VULHUB", "id": "VHN-46248" }, { "date": "2010-11-04T00:00:00", "db": "BID", "id": "44679" }, { "date": "2010-11-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002327" }, { "date": "2011-01-19T04:51:35", "db": "PACKETSTORM", "id": "97654" }, { "date": "2011-01-21T21:15:05", "db": "PACKETSTORM", "id": "97735" }, { "date": "2011-01-24T07:05:29", "db": "PACKETSTORM", "id": "97788" }, { "date": "2010-10-29T05:44:30", "db": "PACKETSTORM", "id": "95253" }, { "date": "2010-11-09T02:06:41", "db": "PACKETSTORM", "id": "95657" }, { "date": "2010-11-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-083" }, { "date": "2010-11-07T22:00:02.177000", "db": "NVD", "id": "CVE-2010-3643" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-46248" }, { "date": "2013-06-20T09:39:00", "db": "BID", "id": "44679" }, { "date": "2011-02-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002327" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-083" }, { "date": "2024-05-17T17:10:59.427000", "db": "NVD", "id": "CVE-2010-3643" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "97735" }, { "db": "CNNVD", "id": "CNNVD-201011-083" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002327" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201011-083" } ], "trust": 0.6 } }
var-201011-0233
Vulnerability from variot
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions. NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest stable version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
[ 1 ] APSB10-06 http://www.adobe.com/support/security/bulletins/apsb10-06.html [ 2 ] APSB10-14 http://www.adobe.com/support/security/bulletins/apsb10-14.html [ 3 ] APSB10-16 http://www.adobe.com/support/security/bulletins/apsb10-16.html [ 4 ] APSB10-22 http://www.adobe.com/support/security/bulletins/apsb10-22.html [ 5 ] APSB10-26 http://www.adobe.com/support/security/bulletins/apsb10-26.html [ 6 ] CVE-2008-4546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546 [ 7 ] CVE-2009-3793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793 [ 8 ] CVE-2010-0186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186 [ 9 ] CVE-2010-0187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187 [ 10 ] CVE-2010-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209 [ 11 ] CVE-2010-1297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297 [ 12 ] CVE-2010-2160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160 [ 13 ] CVE-2010-2161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161 [ 14 ] CVE-2010-2162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162 [ 15 ] CVE-2010-2163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163 [ 16 ] CVE-2010-2164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164 [ 17 ] CVE-2010-2165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165 [ 18 ] CVE-2010-2166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166 [ 19 ] CVE-2010-2167 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167 [ 20 ] CVE-2010-2169 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169 [ 21 ] CVE-2010-2170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170 [ 22 ] CVE-2010-2171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171 [ 23 ] CVE-2010-2172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172 [ 24 ] CVE-2010-2173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173 [ 25 ] CVE-2010-2174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174 [ 26 ] CVE-2010-2175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175 [ 27 ] CVE-2010-2176 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176 [ 28 ] CVE-2010-2177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177 [ 29 ] CVE-2010-2178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178 [ 30 ] CVE-2010-2179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179 [ 31 ] CVE-2010-2180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180 [ 32 ] CVE-2010-2181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181 [ 33 ] CVE-2010-2182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182 [ 34 ] CVE-2010-2183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183 [ 35 ] CVE-2010-2184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184 [ 36 ] CVE-2010-2185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185 [ 37 ] CVE-2010-2186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186 [ 38 ] CVE-2010-2187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187 [ 39 ] CVE-2010-2188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188 [ 40 ] CVE-2010-2189 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189 [ 41 ] CVE-2010-2213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213 [ 42 ] CVE-2010-2214 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214 [ 43 ] CVE-2010-2215 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215 [ 44 ] CVE-2010-2216 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216 [ 45 ] CVE-2010-2884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884 [ 46 ] CVE-2010-3636 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636 [ 47 ] CVE-2010-3639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639 [ 48 ] CVE-2010-3640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640 [ 49 ] CVE-2010-3641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641 [ 50 ] CVE-2010-3642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642 [ 51 ] CVE-2010-3643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643 [ 52 ] CVE-2010-3644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644 [ 53 ] CVE-2010-3645 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645 [ 54 ] CVE-2010-3646 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646 [ 55 ] CVE-2010-3647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647 [ 56 ] CVE-2010-3648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648 [ 57 ] CVE-2010-3649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649 [ 58 ] CVE-2010-3650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650 [ 59 ] CVE-2010-3652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652 [ 60 ] CVE-2010-3654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654 [ 61 ] CVE-2010-3976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information: SA38547 SA40026 SA40907 SA41434 SA41917
SOLUTION: Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta: http://secunia.com/products/corporate/vim/
TITLE: Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID: SA41917
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE: 2010-10-29
DISCUSS ADVISORY: http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been discovered in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a fully patched Windows XP Professional SP3. Other versions may also be affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION: Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day.
ORIGINAL ADVISORY: Adobe APSA10-05: http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour: http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
For more information: SA41917
SOLUTION: Updated packages are available via Red Hat Network
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201011-0233", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "10.0" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "flash player", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "air", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "2.0.4" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs3 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs4 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.95.1 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "3" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.8.z extras" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.92.8" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "9.0.28" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.1.52.15" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "air", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "2.5.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.2" }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.3" }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2.12610" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "solaris express", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.01" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9130" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9120" }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.0" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" } ], "sources": [ { "db": "BID", "id": "44675" }, { "db": "JVNDB", "id": "JVNDB-2010-002324" }, { "db": "CNNVD", "id": "CNNVD-201011-086" }, { "db": "NVD", "id": "CVE-2010-3640" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.289.0", "versionStartIncluding": "9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.1.102.64", "versionStartIncluding": "10.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:sun:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.1.95.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3640" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Will Dormman of CERT", "sources": [ { "db": "BID", "id": "44675" }, { "db": "CNNVD", "id": "CNNVD-201011-086" } ], "trust": 0.9 }, "cve": "CVE-2010-3640", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2010-3640", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-46245", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2010-3640", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201011-086", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-46245", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-46245" }, { "db": "JVNDB", "id": "JVNDB-2010-002324" }, { "db": "CNNVD", "id": "CNNVD-201011-086" }, { "db": "NVD", "id": "CVE-2010-3640" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions. \nNOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. For\nfurther information please consult the CVE entries and the Adobe\nSecurity Bulletins referenced below. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest stable\nversion:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=www-plugins/adobe-flash-10.1.102.64\"\n\nReferences\n==========\n\n [ 1 ] APSB10-06\n http://www.adobe.com/support/security/bulletins/apsb10-06.html\n [ 2 ] APSB10-14\n http://www.adobe.com/support/security/bulletins/apsb10-14.html\n [ 3 ] APSB10-16\n http://www.adobe.com/support/security/bulletins/apsb10-16.html\n [ 4 ] APSB10-22\n http://www.adobe.com/support/security/bulletins/apsb10-22.html\n [ 5 ] APSB10-26\n http://www.adobe.com/support/security/bulletins/apsb10-26.html\n [ 6 ] CVE-2008-4546\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546\n [ 7 ] CVE-2009-3793\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793\n [ 8 ] CVE-2010-0186\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186\n [ 9 ] CVE-2010-0187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187\n [ 10 ] CVE-2010-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209\n [ 11 ] CVE-2010-1297\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297\n [ 12 ] CVE-2010-2160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160\n [ 13 ] CVE-2010-2161\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161\n [ 14 ] CVE-2010-2162\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162\n [ 15 ] CVE-2010-2163\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163\n [ 16 ] CVE-2010-2164\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164\n [ 17 ] CVE-2010-2165\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165\n [ 18 ] CVE-2010-2166\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166\n [ 19 ] CVE-2010-2167\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167\n [ 20 ] CVE-2010-2169\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169\n [ 21 ] CVE-2010-2170\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170\n [ 22 ] CVE-2010-2171\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171\n [ 23 ] CVE-2010-2172\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172\n [ 24 ] CVE-2010-2173\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173\n [ 25 ] CVE-2010-2174\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174\n [ 26 ] CVE-2010-2175\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175\n [ 27 ] CVE-2010-2176\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176\n [ 28 ] CVE-2010-2177\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177\n [ 29 ] CVE-2010-2178\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178\n [ 30 ] CVE-2010-2179\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179\n [ 31 ] CVE-2010-2180\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180\n [ 32 ] CVE-2010-2181\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181\n [ 33 ] CVE-2010-2182\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182\n [ 34 ] CVE-2010-2183\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183\n [ 35 ] CVE-2010-2184\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184\n [ 36 ] CVE-2010-2185\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185\n [ 37 ] CVE-2010-2186\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186\n [ 38 ] CVE-2010-2187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187\n [ 39 ] CVE-2010-2188\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188\n [ 40 ] CVE-2010-2189\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189\n [ 41 ] CVE-2010-2213\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213\n [ 42 ] CVE-2010-2214\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214\n [ 43 ] CVE-2010-2215\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215\n [ 44 ] CVE-2010-2216\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216\n [ 45 ] CVE-2010-2884\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884\n [ 46 ] CVE-2010-3636\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636\n [ 47 ] CVE-2010-3639\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639\n [ 48 ] CVE-2010-3640\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640\n [ 49 ] CVE-2010-3641\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641\n [ 50 ] CVE-2010-3642\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642\n [ 51 ] CVE-2010-3643\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643\n [ 52 ] CVE-2010-3644\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644\n [ 53 ] CVE-2010-3645\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645\n [ 54 ] CVE-2010-3646\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646\n [ 55 ] CVE-2010-3647\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647\n [ 56 ] CVE-2010-3648\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648\n [ 57 ] CVE-2010-3649\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649\n [ 58 ] CVE-2010-3650\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650\n [ 59 ] CVE-2010-3652\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652\n [ 60 ] CVE-2010-3654\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654\n [ 61 ] CVE-2010-3976\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201101-09.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n\n. \n\nFor more information:\nSA38547\nSA40026\nSA40907\nSA41434\nSA41917\n\nSOLUTION:\nUpdate to version \"www-plugins/adobe-flash-10.1.102.64\" or later. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. \n\nJoin the beta: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Flash Player Unspecified Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA41917\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/41917/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nRELEASE DATE:\n2010-10-29\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/41917/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/41917/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in Adobe Flash Player, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is confirmed in version 10.1.85.3 running on a\nfully patched Windows XP Professional SP3. Other versions may also be\naffected. \n\nNOTE: The vulnerability is currently being actively exploited. \n\nSOLUTION:\nAdobe plans to release a fixed version on November 9, 2010. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported as a 0-day. \n\nORIGINAL ADVISORY:\nAdobe APSA10-05:\nhttp://www.adobe.com/support/security/advisories/apsa10-05.html\n\nMila Parkour:\nhttp://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This fixes multiple\nvulnerabilities, which can be exploited by malicious people to\ndisclose sensitive information, bypass certain security restrictions,\nor compromise a user\u0027s system. \n\nFor more information:\nSA41917\n\nSOLUTION:\nUpdated packages are available via Red Hat Network", "sources": [ { "db": "NVD", "id": "CVE-2010-3640" }, { "db": "JVNDB", "id": "JVNDB-2010-002324" }, { "db": "BID", "id": "44675" }, { "db": "VULHUB", "id": "VHN-46245" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-3640", "trust": 2.9 }, { "db": "BID", "id": "44675", "trust": 2.8 }, { "db": "VUPEN", "id": "ADV-2010-2903", "trust": 2.5 }, { "db": "SECUNIA", "id": "42183", "trust": 1.8 }, { "db": "SECUNIA", "id": "42926", "trust": 1.8 }, { "db": "SECUNIA", "id": "43026", "trust": 1.8 }, { "db": "VUPEN", "id": "ADV-2011-0173", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-2918", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-2906", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2011-0192", "trust": 1.7 }, { "db": "SECUNIA", "id": "41917", "trust": 0.9 }, { "db": "JVNDB", "id": "JVNDB-2010-002324", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201011-086", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-46245", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97654", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97735", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97788", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95253", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95657", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-46245" }, { "db": "BID", "id": "44675" }, { "db": "JVNDB", "id": "JVNDB-2010-002324" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-086" }, { "db": "NVD", "id": "CVE-2010-3640" } ] }, "id": "VAR-201011-0233", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-46245" } ], "trust": 0.01 }, "last_update_date": "2024-05-18T23:04:33.796000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB10-26", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "title": "cpsid_87813", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/878/cpsid_87813.html" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435?viewlocale=ja_jp" }, { "title": "RHSA-2010:0829", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0829.html" }, { "title": "RHSA-2010:0834", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0834.html" }, { "title": "RHSA-2010:0867", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0867.html" }, { "title": "multiple_vulnerabilities_in_adobe_flash1", "trust": 0.8, "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" }, { "title": "flash-player-10.1.10 2.64-0.1.1.i586", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35063" }, { "title": "MacOSXUpdCombo10.6.5", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35062" }, { "title": "install_flash_player_10.1.102.64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35061" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002324" }, { "db": "CNNVD", "id": "CNNVD-201011-086" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3640" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://www.securityfocus.com/bid/44675" }, { "trust": 2.5, "url": "http://www.vupen.com/english/advisories/2010/2903" }, { "trust": 2.1, "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" }, { "trust": 2.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html" }, { "trust": 1.7, "url": "http://support.apple.com/kb/ht4435" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12179" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16281" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0829.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0834.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0867.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42183" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42926" }, { "trust": 1.7, "url": "http://secunia.com/advisories/43026" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/2906" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/2918" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2011/0173" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2011/0192" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3640" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20101105-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2010/at100029.txt" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu331391" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3640" }, { "trust": 0.8, "url": "http://secunia.com/advisories/41917" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.4, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.4, "url": "http://secunia.com/products/corporate/vim/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.4, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.4, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.3, "url": "http://www.adobe.com/products/flash/" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=130331642631603\u0026amp;w=2" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42926/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42926" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42926/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3639" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2181" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2161" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2174" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3644" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2215" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2171" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2162" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2181" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4546" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4546" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2180" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2171" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2180" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2164" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2179" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2169" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3648" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2164" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2173" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3654" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3793" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2177" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3645" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2179" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2165" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2172" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3976" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2216" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-16.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3647" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2173" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-06.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2172" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3793" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2160" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2213" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2184" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2167" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3646" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2169" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2175" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2214" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2178" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2165" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2188" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2189" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3643" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2161" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3636" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3641" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2174" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3650" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2183" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2178" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2170" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2177" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3652" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2162" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2170" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-22.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2175" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3649" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2167" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2884" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3642" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/advisories/43026/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43026/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43026" }, { "trust": 0.1, "url": "http://www.gentoo.org/security/en/glsa/glsa-201101-09.xml" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa10-05.html" }, { "trust": 0.1, "url": "http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42183" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42183/#comments" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2010-0829.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42183/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-46245" }, { "db": "BID", "id": "44675" }, { "db": "JVNDB", "id": "JVNDB-2010-002324" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-086" }, { "db": "NVD", "id": "CVE-2010-3640" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-46245" }, { "db": "BID", "id": "44675" }, { "db": "JVNDB", "id": "JVNDB-2010-002324" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-086" }, { "db": "NVD", "id": "CVE-2010-3640" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-11-07T00:00:00", "db": "VULHUB", "id": "VHN-46245" }, { "date": "2010-11-04T00:00:00", "db": "BID", "id": "44675" }, { "date": "2010-11-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002324" }, { "date": "2011-01-19T04:51:35", "db": "PACKETSTORM", "id": "97654" }, { "date": "2011-01-21T21:15:05", "db": "PACKETSTORM", "id": "97735" }, { "date": "2011-01-24T07:05:29", "db": "PACKETSTORM", "id": "97788" }, { "date": "2010-10-29T05:44:30", "db": "PACKETSTORM", "id": "95253" }, { "date": "2010-11-09T02:06:41", "db": "PACKETSTORM", "id": "95657" }, { "date": "2010-11-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-086" }, { "date": "2010-11-07T22:00:02.037000", "db": "NVD", "id": "CVE-2010-3640" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-46245" }, { "date": "2015-03-19T08:32:00", "db": "BID", "id": "44675" }, { "date": "2011-02-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002324" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-086" }, { "date": "2024-05-17T17:28:11.957000", "db": "NVD", "id": "CVE-2010-3640" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "97735" }, { "db": "CNNVD", "id": "CNNVD-201011-086" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002324" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201011-086" } ], "trust": 0.6 } }
var-201011-0243
Vulnerability from variot
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions. NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest stable version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
[ 1 ] APSB10-06 http://www.adobe.com/support/security/bulletins/apsb10-06.html [ 2 ] APSB10-14 http://www.adobe.com/support/security/bulletins/apsb10-14.html [ 3 ] APSB10-16 http://www.adobe.com/support/security/bulletins/apsb10-16.html [ 4 ] APSB10-22 http://www.adobe.com/support/security/bulletins/apsb10-22.html [ 5 ] APSB10-26 http://www.adobe.com/support/security/bulletins/apsb10-26.html [ 6 ] CVE-2008-4546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546 [ 7 ] CVE-2009-3793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793 [ 8 ] CVE-2010-0186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186 [ 9 ] CVE-2010-0187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187 [ 10 ] CVE-2010-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209 [ 11 ] CVE-2010-1297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297 [ 12 ] CVE-2010-2160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160 [ 13 ] CVE-2010-2161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161 [ 14 ] CVE-2010-2162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162 [ 15 ] CVE-2010-2163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163 [ 16 ] CVE-2010-2164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164 [ 17 ] CVE-2010-2165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165 [ 18 ] CVE-2010-2166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166 [ 19 ] CVE-2010-2167 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167 [ 20 ] CVE-2010-2169 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169 [ 21 ] CVE-2010-2170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170 [ 22 ] CVE-2010-2171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171 [ 23 ] CVE-2010-2172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172 [ 24 ] CVE-2010-2173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173 [ 25 ] CVE-2010-2174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174 [ 26 ] CVE-2010-2175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175 [ 27 ] CVE-2010-2176 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176 [ 28 ] CVE-2010-2177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177 [ 29 ] CVE-2010-2178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178 [ 30 ] CVE-2010-2179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179 [ 31 ] CVE-2010-2180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180 [ 32 ] CVE-2010-2181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181 [ 33 ] CVE-2010-2182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182 [ 34 ] CVE-2010-2183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183 [ 35 ] CVE-2010-2184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184 [ 36 ] CVE-2010-2185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185 [ 37 ] CVE-2010-2186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186 [ 38 ] CVE-2010-2187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187 [ 39 ] CVE-2010-2188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188 [ 40 ] CVE-2010-2189 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189 [ 41 ] CVE-2010-2213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213 [ 42 ] CVE-2010-2214 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214 [ 43 ] CVE-2010-2215 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215 [ 44 ] CVE-2010-2216 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216 [ 45 ] CVE-2010-2884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884 [ 46 ] CVE-2010-3636 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636 [ 47 ] CVE-2010-3639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639 [ 48 ] CVE-2010-3640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640 [ 49 ] CVE-2010-3641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641 [ 50 ] CVE-2010-3642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642 [ 51 ] CVE-2010-3643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643 [ 52 ] CVE-2010-3644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644 [ 53 ] CVE-2010-3645 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645 [ 54 ] CVE-2010-3646 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646 [ 55 ] CVE-2010-3647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647 [ 56 ] CVE-2010-3648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648 [ 57 ] CVE-2010-3649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649 [ 58 ] CVE-2010-3650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650 [ 59 ] CVE-2010-3652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652 [ 60 ] CVE-2010-3654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654 [ 61 ] CVE-2010-3976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information: SA38547 SA40026 SA40907 SA41434 SA41917
SOLUTION: Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta: http://secunia.com/products/corporate/vim/
TITLE: Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID: SA41917
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE: 2010-10-29
DISCUSS ADVISORY: http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been discovered in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a fully patched Windows XP Professional SP3. Other versions may also be affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION: Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day.
ORIGINAL ADVISORY: Adobe APSA10-05: http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour: http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
For more information: SA41917
SOLUTION: Updated packages are available via Red Hat Network
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201011-0243", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "10.0" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "flash player", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.4" }, { "model": "air", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "2.0.4" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs3 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs4 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.1.95.1 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "3" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.8.z extras" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.0.0.584" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.0.12.10" }, { "model": "flash player", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.0.45.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "air", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "2.5.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.2.12610" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.4" }, { "model": "solaris express", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.01" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9130" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.5.3.9120" }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "2.0.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "air", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1.0" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" } ], "sources": [ { "db": "BID", "id": "44686" }, { "db": "JVNDB", "id": "JVNDB-2010-002335" }, { "db": "CNNVD", "id": "CNNVD-201011-076" }, { "db": "NVD", "id": "CVE-2010-3650" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.289.0", "versionStartIncluding": "9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.1.102.64", "versionStartIncluding": "10.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:sun:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.1.95.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3650" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Will Dormman of CERT", "sources": [ { "db": "BID", "id": "44686" }, { "db": "CNNVD", "id": "CNNVD-201011-076" } ], "trust": 0.9 }, "cve": "CVE-2010-3650", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2010-3650", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-46255", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2010-3650", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201011-076", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-46255", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-46255" }, { "db": "JVNDB", "id": "JVNDB-2010-002335" }, { "db": "CNNVD", "id": "CNNVD-201011-076" }, { "db": "NVD", "id": "CVE-2010-3650" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions. \nNOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. For\nfurther information please consult the CVE entries and the Adobe\nSecurity Bulletins referenced below. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest stable\nversion:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=www-plugins/adobe-flash-10.1.102.64\"\n\nReferences\n==========\n\n [ 1 ] APSB10-06\n http://www.adobe.com/support/security/bulletins/apsb10-06.html\n [ 2 ] APSB10-14\n http://www.adobe.com/support/security/bulletins/apsb10-14.html\n [ 3 ] APSB10-16\n http://www.adobe.com/support/security/bulletins/apsb10-16.html\n [ 4 ] APSB10-22\n http://www.adobe.com/support/security/bulletins/apsb10-22.html\n [ 5 ] APSB10-26\n http://www.adobe.com/support/security/bulletins/apsb10-26.html\n [ 6 ] CVE-2008-4546\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546\n [ 7 ] CVE-2009-3793\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793\n [ 8 ] CVE-2010-0186\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186\n [ 9 ] CVE-2010-0187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187\n [ 10 ] CVE-2010-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209\n [ 11 ] CVE-2010-1297\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297\n [ 12 ] CVE-2010-2160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160\n [ 13 ] CVE-2010-2161\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161\n [ 14 ] CVE-2010-2162\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162\n [ 15 ] CVE-2010-2163\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163\n [ 16 ] CVE-2010-2164\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164\n [ 17 ] CVE-2010-2165\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165\n [ 18 ] CVE-2010-2166\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166\n [ 19 ] CVE-2010-2167\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167\n [ 20 ] CVE-2010-2169\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169\n [ 21 ] CVE-2010-2170\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170\n [ 22 ] CVE-2010-2171\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171\n [ 23 ] CVE-2010-2172\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172\n [ 24 ] CVE-2010-2173\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173\n [ 25 ] CVE-2010-2174\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174\n [ 26 ] CVE-2010-2175\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175\n [ 27 ] CVE-2010-2176\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176\n [ 28 ] CVE-2010-2177\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177\n [ 29 ] CVE-2010-2178\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178\n [ 30 ] CVE-2010-2179\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179\n [ 31 ] CVE-2010-2180\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180\n [ 32 ] CVE-2010-2181\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181\n [ 33 ] CVE-2010-2182\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182\n [ 34 ] CVE-2010-2183\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183\n [ 35 ] CVE-2010-2184\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184\n [ 36 ] CVE-2010-2185\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185\n [ 37 ] CVE-2010-2186\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186\n [ 38 ] CVE-2010-2187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187\n [ 39 ] CVE-2010-2188\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188\n [ 40 ] CVE-2010-2189\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189\n [ 41 ] CVE-2010-2213\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213\n [ 42 ] CVE-2010-2214\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214\n [ 43 ] CVE-2010-2215\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215\n [ 44 ] CVE-2010-2216\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216\n [ 45 ] CVE-2010-2884\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884\n [ 46 ] CVE-2010-3636\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636\n [ 47 ] CVE-2010-3639\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639\n [ 48 ] CVE-2010-3640\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640\n [ 49 ] CVE-2010-3641\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641\n [ 50 ] CVE-2010-3642\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642\n [ 51 ] CVE-2010-3643\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643\n [ 52 ] CVE-2010-3644\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644\n [ 53 ] CVE-2010-3645\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645\n [ 54 ] CVE-2010-3646\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646\n [ 55 ] CVE-2010-3647\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647\n [ 56 ] CVE-2010-3648\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648\n [ 57 ] CVE-2010-3649\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649\n [ 58 ] CVE-2010-3650\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650\n [ 59 ] CVE-2010-3652\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652\n [ 60 ] CVE-2010-3654\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654\n [ 61 ] CVE-2010-3976\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201101-09.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n\n. \n\nFor more information:\nSA38547\nSA40026\nSA40907\nSA41434\nSA41917\n\nSOLUTION:\nUpdate to version \"www-plugins/adobe-flash-10.1.102.64\" or later. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. \n\nJoin the beta: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Flash Player Unspecified Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA41917\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/41917/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nRELEASE DATE:\n2010-10-29\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/41917/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/41917/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in Adobe Flash Player, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is confirmed in version 10.1.85.3 running on a\nfully patched Windows XP Professional SP3. Other versions may also be\naffected. \n\nNOTE: The vulnerability is currently being actively exploited. \n\nSOLUTION:\nAdobe plans to release a fixed version on November 9, 2010. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported as a 0-day. \n\nORIGINAL ADVISORY:\nAdobe APSA10-05:\nhttp://www.adobe.com/support/security/advisories/apsa10-05.html\n\nMila Parkour:\nhttp://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This fixes multiple\nvulnerabilities, which can be exploited by malicious people to\ndisclose sensitive information, bypass certain security restrictions,\nor compromise a user\u0027s system. \n\nFor more information:\nSA41917\n\nSOLUTION:\nUpdated packages are available via Red Hat Network", "sources": [ { "db": "NVD", "id": "CVE-2010-3650" }, { "db": "JVNDB", "id": "JVNDB-2010-002335" }, { "db": "BID", "id": "44686" }, { "db": "VULHUB", "id": "VHN-46255" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-3650", "trust": 2.9 }, { "db": "BID", "id": "44686", "trust": 2.8 }, { "db": "VUPEN", "id": "ADV-2010-2903", "trust": 2.5 }, { "db": "SECUNIA", "id": "42926", "trust": 1.8 }, { "db": "SECUNIA", "id": "42183", "trust": 1.8 }, { "db": "SECUNIA", "id": "43026", "trust": 1.8 }, { "db": "VUPEN", "id": "ADV-2011-0173", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-2918", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-2906", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2011-0192", "trust": 1.7 }, { "db": "SECUNIA", "id": "41917", "trust": 0.9 }, { "db": "JVNDB", "id": "JVNDB-2010-002335", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201011-076", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-46255", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97654", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97735", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97788", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95253", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95657", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-46255" }, { "db": "BID", "id": "44686" }, { "db": "JVNDB", "id": "JVNDB-2010-002335" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-076" }, { "db": "NVD", "id": "CVE-2010-3650" } ] }, "id": "VAR-201011-0243", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-46255" } ], "trust": 0.01 }, "last_update_date": "2024-05-18T23:00:04.669000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB10-26", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "title": "cpsid_87813", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/878/cpsid_87813.html" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435" }, { "title": "HT4435", "trust": 0.8, "url": "http://support.apple.com/kb/ht4435?viewlocale=ja_jp" }, { "title": "RHSA-2010:0829", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0829.html" }, { "title": "RHSA-2010:0834", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0834.html" }, { "title": "RHSA-2010:0867", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0867.html" }, { "title": "multiple_vulnerabilities_in_adobe_flash1", "trust": 0.8, "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" }, { "title": "flash-player-10.1.10 2.64-0.1.1.i586", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35063" }, { "title": "MacOSXUpdCombo10.6.5", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35062" }, { "title": "install_flash_player_10.1.102.64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=35061" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002335" }, { "db": "CNNVD", "id": "CNNVD-201011-076" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3650" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://www.securityfocus.com/bid/44686" }, { "trust": 2.5, "url": "http://www.vupen.com/english/advisories/2010/2903" }, { "trust": 2.1, "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" }, { "trust": 2.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html" }, { "trust": 1.7, "url": "http://support.apple.com/kb/ht4435" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11636" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15971" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0829.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0834.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2010-0867.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42183" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42926" }, { "trust": 1.7, "url": "http://secunia.com/advisories/43026" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/2906" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/2918" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2011/0173" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2011/0192" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3650" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20101105-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2010/at100029.txt" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu331391" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3650" }, { "trust": 0.8, "url": "http://secunia.com/advisories/41917" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.4, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.4, "url": "http://secunia.com/products/corporate/vim/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.4, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.4, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.3, "url": "http://www.adobe.com/products/flash/" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=130331642631603\u0026amp;w=2" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42926/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42926" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42926/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3639" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2181" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2161" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2174" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3644" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2215" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2171" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2162" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2181" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4546" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4546" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2180" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2171" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2180" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2164" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2179" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2169" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3648" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2164" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2173" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3654" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3793" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2177" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3645" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2179" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2165" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2172" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3976" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2216" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-16.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3647" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2173" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-06.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2172" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3793" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2160" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2213" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2184" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2167" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3646" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2169" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2175" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2214" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2178" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2165" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2188" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2189" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3643" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2161" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0186" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3636" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3641" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2174" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2183" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2178" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2170" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2177" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3652" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2162" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3640" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2170" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-22.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2175" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3649" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2167" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2884" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3642" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/advisories/43026/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43026/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43026" }, { "trust": 0.1, "url": "http://www.gentoo.org/security/en/glsa/glsa-201101-09.xml" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41917" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/41917/" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa10-05.html" }, { "trust": 0.1, "url": "http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42183" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42183/#comments" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2010-0829.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/42183/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-46255" }, { "db": "BID", "id": "44686" }, { "db": "JVNDB", "id": "JVNDB-2010-002335" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-076" }, { "db": "NVD", "id": "CVE-2010-3650" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-46255" }, { "db": "BID", "id": "44686" }, { "db": "JVNDB", "id": "JVNDB-2010-002335" }, { "db": "PACKETSTORM", "id": "97654" }, { "db": "PACKETSTORM", "id": "97735" }, { "db": "PACKETSTORM", "id": "97788" }, { "db": "PACKETSTORM", "id": "95253" }, { "db": "PACKETSTORM", "id": "95657" }, { "db": "CNNVD", "id": "CNNVD-201011-076" }, { "db": "NVD", "id": "CVE-2010-3650" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-11-07T00:00:00", "db": "VULHUB", "id": "VHN-46255" }, { "date": "2010-11-04T00:00:00", "db": "BID", "id": "44686" }, { "date": "2010-11-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002335" }, { "date": "2011-01-19T04:51:35", "db": "PACKETSTORM", "id": "97654" }, { "date": "2011-01-21T21:15:05", "db": "PACKETSTORM", "id": "97735" }, { "date": "2011-01-24T07:05:29", "db": "PACKETSTORM", "id": "97788" }, { "date": "2010-10-29T05:44:30", "db": "PACKETSTORM", "id": "95253" }, { "date": "2010-11-09T02:06:41", "db": "PACKETSTORM", "id": "95657" }, { "date": "2010-11-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-076" }, { "date": "2010-11-07T22:00:02.473000", "db": "NVD", "id": "CVE-2010-3650" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-46255" }, { "date": "2013-06-20T09:38:00", "db": "BID", "id": "44686" }, { "date": "2011-02-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002335" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201011-076" }, { "date": "2024-05-17T17:18:08.897000", "db": "NVD", "id": "CVE-2010-3650" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "97735" }, { "db": "CNNVD", "id": "CNNVD-201011-076" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002335" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201011-076" } ], "trust": 0.6 } }
var-201105-0013
Vulnerability from variot
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0625. Adobe Flash Player Contains a vulnerability that allows arbitrary code execution. This vulnerability CVE-2011-0623 , CVE-2011-0624 and CVE-2011-0625 Is a different vulnerability.A third party may execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUSE Security Announcement
Package: flash-player
Announcement ID: SUSE-SA:2011:025
Date: Tue, 17 May 2011 12:00:00 +0000
Affected Products: openSUSE 11.3
openSUSE 11.4
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 10 SP4
Vulnerability Type: remote code execution
CVSS v2 Base Score: 6.8
SUSE Default Package: yes
Cross-References: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619
CVE-2011-0620, CVE-2011-0621, CVE-2011-0622
CVE-2011-0623, CVE-2011-0624, CVE-2011-0625
CVE-2011-0626, CVE-2011-0627
Content of This Advisory:
1) Problem Description
flash-player security update to 10.3
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
6) Authenticity Verification and Additional Information
1) Problem Description and Brief Discussion
Flash Player has been updated to version 10.3, fixing bugs and security issues. - CVE-2011-0589: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0618: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Numeric Errors (CWE-189) - CVE-2011-0619: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0620: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0621: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0622: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0623: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0624: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0625: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0626: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0627: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20)
More information can be found on: http://www.adobe.com/support/security/bulletins/apsb11-12.html
2) Solution or Work-Around
If supported by the browser, you can disable the flash plugin.
3) Special Instructions and Notes
After the flash player update has been installed, all programs utilizing the flash plugin should be restarted. In particular web browser sessions should be restarted.a
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST "Online Update" module or the "zypper" commandline tool. The package and patch management stack will detect which updates are required and automatically perform the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing
x86 Platform:
openSUSE 11.4: http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm
openSUSE 11.3: http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm
Sources:
openSUSE 11.4: http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm
openSUSE 11.3: http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm
Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web:
SUSE Linux Enterprise Desktop 10 SP4 http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69
SUSE Linux Enterprise Desktop 11 SP1 http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
-
Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file and run the command
gpg --verify
replacing
with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made
using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team security@suse.de" where
is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
-
Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with.
The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command
rpm -v --checksig
to verify the signature of the package, replacing
with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement.
-
SUSE runs two security mailing lists to which any interested party may subscribe:
opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to opensuse-security+subscribe@opensuse.org.
opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to opensuse-security-announce+subscribe@opensuse.org. The security@suse.de public key is listed below. =====================================================================
The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team security@suse.de pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key build@suse.de
- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux)
iQEVAwUBTdOSuney5gA9JdPZAQITxQf/Y5fPRPXZbk6J7KRCjiGoJ+zIfmIijKeh fF4WiLL02eRbTKbn/gVtb/bmxoRGRO6Np5q1XDjj253EWUc0Zn/oDWiXQzRvmir6 3os2rjBfUGirpfVzAv0qSAiD7XbMUo/ohvcUwhAxb2PaWipRnynMzUANcARSJ924 6YMitvr1IF+i8xDF8yThCFkkyjkDuBPzgomB6zs1/Fd+ku04mMFHLVYpf22DQcGh wYvHo46lMWURt+aLEu0TJ07OEocaARYfzwqUYuY/4FZ4ias+I1GjCjL1WldQxeA9 rQ3AGEZ9YVARnkg4CwRHWcYlyYwobanDykmODfu20DWM0FOofrH6xw== =mivB -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
For more information: SA44590
SOLUTION: Updated packages are available via Red Hat Network.
For more information: SA44590
2) An error within WebKit glue may result in an incorrect type cast.
3) Multiple integer overflow errors exist within the handling of SVG filters.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers and Adobe Security Advisories and Bulletins referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10"
References
[ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201110-11.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/
TITLE: Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA43269
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43269/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43269
RELEASE DATE: 2011-06-16
DISCUSS ADVISORY: http://secunia.com/advisories/43269/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43269/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43269
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Reader / Acrobat, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
1) An error in 3difr.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
2) An error in tesselate.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
3) An unspecified error can be exploited to cause a heap-based buffer overflow.
4) An integer overflow error in ACE.dll when parsing the "desc" ICC chunk can be exploited to corrupt memory via a specially crafted PDF file.
5) An unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to corrupt memory.
7) An error due to the application loading certain unspecified libraries in an insecure manner can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share.
9) An unspecified error can be exploited to bypass certain security restrictions.
This vulnerability affects Adobe Reader and Acrobat X 10.x only.
10) An unspecified error can be exploited to corrupt memory.
This vulnerability affects 8.x versions only.
11) An unspecified error can be exploited to corrupt memory.
12) An unspecified error can be exploited to corrupt memory.
13) An unspecified error can be exploited to corrupt memory.
For more information: SA44590 SA44846
The vulnerabilities are reported in the following products: * Adobe Reader X (10.0.1) and earlier for Windows. * Adobe Reader X (10.0.3) and earlier for Macintosh. * Adobe Reader 9.4.4 and earlier for Windows and Macintosh. * Adobe Reader 8.2.6 and earlier for Windows and Macintosh. * Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. * Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. * Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh.
SOLUTION: Apply updates (please see the vendor's advisory for details).
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: 1, 2) An anonymous person via ZDI. 4) Secunia Research.
The vendor also credits: 3, 6) Tarjei Mandt, Norman. 5) Rodrigo Rubira Branco. 7) Mila Parkour. 8) Billy Rios, Google Security Team. 9) Christian Navarrete, CubilFelino Security Research Lab. 10) Tavis Ormandy, Google Security Team. 11) Brett Gervasoni, Sense of Security. 12) Will Dormann, CERT/CC. 13) James Quirk, Los Alamos, New Mexico.
ORIGINAL ADVISORY: Adobe (APSB11-16): http://www.adobe.com/support/security/bulletins/apsb11-16.html
Secunia Research: http://secunia.com/secunia_research/2011-41/
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-218/ http://www.zerodayinitiative.com/advisories/ZDI-11-219/
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201105-0013", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.154.25" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.156.12" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.154.13" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.106.16" }, { "model": "flash player", "scope": "lte", "trust": 1.8, "vendor": "adobe", "version": "10.2.159.1" }, { "model": "flash player", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "10.1.92.8" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.2.152.33" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.24.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.63" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.35.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.14.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.28" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.1.52.14.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.67.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.33.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.0.584" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.1.52.15" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.2" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.262.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.112.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.2.152" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.69.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.68.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.25" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.21.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.22.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.16" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.61.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.12.10" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.53.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.18d60" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.66.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.155.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.34.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.45.2" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.283.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.24.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.79" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.42.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.39.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.19.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.31" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.73.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.2.152.32" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.70.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.114.0" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.2.157.51" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.60.0" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.2.157.51" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.2.159.1" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs4 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.2.154.28 for chrome a user" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.2.157.51 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary eus", "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "rhel supplementary eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6.z (server)" }, { "model": "rhel supplementary long life", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6 (server)" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "freeflow print server 73.b0.73", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.152.21" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.3.185.21" }, { "model": "hat enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "in motion blackberry playbook tablet software", "scope": "ne", "trust": 0.3, "vendor": "research", "version": "1.0.6" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "freeflow print server 73.a3.31", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "in motion blackberry playbook tablet software", "scope": "eq", "trust": 0.3, "vendor": "research", "version": "1.0.5.2342" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "flash cs4 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.3.181.14" }, { "model": "flash cs5 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" }, { "model": "solaris express", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.24" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.4" }, { "model": "hat enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.27" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.18" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.28" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.153.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "hat enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.65" } ], "sources": [ { "db": "BID", "id": "47814" }, { "db": "JVNDB", "id": "JVNDB-2011-001652" }, { "db": "NVD", "id": "CVE-2011-0626" }, { "db": "CNNVD", "id": "CNNVD-201105-179" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2.159.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.154.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.154.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.102.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.283.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.277.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2.157.51", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.106.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.156.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.105.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2011-0626" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Secunia", "sources": [ { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" } ], "trust": 0.4 }, "cve": "CVE-2011-0626", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2011-0626", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-48571", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2011-0626", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201105-179", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-48571", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-48571" }, { "db": "JVNDB", "id": "JVNDB-2011-001652" }, { "db": "NVD", "id": "CVE-2011-0626" }, { "db": "CNNVD", "id": "CNNVD-201105-179" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a \"bounds checking\" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0625. Adobe Flash Player Contains a vulnerability that allows arbitrary code execution. This vulnerability CVE-2011-0623 , CVE-2011-0624 and CVE-2011-0625 Is a different vulnerability.A third party may execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n______________________________________________________________________________\n\n SUSE Security Announcement\n\n Package: flash-player\n Announcement ID: SUSE-SA:2011:025\n Date: Tue, 17 May 2011 12:00:00 +0000\n Affected Products: openSUSE 11.3\n openSUSE 11.4\n SUSE Linux Enterprise Desktop 11 SP1\n SUSE Linux Enterprise Desktop 10 SP4\n Vulnerability Type: remote code execution\n CVSS v2 Base Score: 6.8\n SUSE Default Package: yes\n Cross-References: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619\n CVE-2011-0620, CVE-2011-0621, CVE-2011-0622\n CVE-2011-0623, CVE-2011-0624, CVE-2011-0625\n CVE-2011-0626, CVE-2011-0627\n\n Content of This Advisory:\n 1) Problem Description\n flash-player security update to 10.3\n 2) Solution or Work-Around\n 3) Special Instructions and Notes\n 4) Package Location and Checksums\n 5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n 6) Authenticity Verification and Additional Information\n\n______________________________________________________________________________\n\n1) Problem Description and Brief Discussion\n\n Flash Player has been updated to version 10.3, fixing bugs\n and security issues. \n - CVE-2011-0589: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0618: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Numeric Errors (CWE-189)\n - CVE-2011-0619: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0620: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0621: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0622: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0623: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0624: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0625: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0626: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0627: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n \n More information can be found on:\n http://www.adobe.com/support/security/bulletins/apsb11-12.html\n\n2) Solution or Work-Around\n\n If supported by the browser, you can disable the flash plugin. \n\n3) Special Instructions and Notes\n\n After the flash player update has been installed, all programs utilizing\n the flash plugin should be restarted. In particular web browser sessions\n should be restarted.a\n\n4) Package Location and Checksums\n\n The preferred method for installing security updates is to use the YaST\n \"Online Update\" module or the \"zypper\" commandline tool. The package and\n patch management stack will detect which updates are required and\n automatically perform the necessary steps to verify and install them. \n\n Alternatively, download the update packages for your distribution manually\n and verify their integrity by the methods listed in Section 6 of this\n announcement. Then install the packages using the command\n\n rpm -Fhv \u003cfile.rpm\u003e\n\n to apply the update, replacing \u003cfile.rpm\u003e with the filename of the\n downloaded RPM package. \n\n \n x86 Platform:\n \n openSUSE 11.4:\n http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm\n \n openSUSE 11.3:\n http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm\n \n Sources:\n \n openSUSE 11.4:\n http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm\n \n openSUSE 11.3:\n http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm\n \n Our maintenance customers are notified individually. The packages are\n offered for installation from the maintenance web:\n \n SUSE Linux Enterprise Desktop 10 SP4\n http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69\n \n SUSE Linux Enterprise Desktop 11 SP1\n http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad\n\n______________________________________________________________________________\n\n5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n\n See SUSE Security Summary Report. \n\n______________________________________________________________________________\n\n6) Authenticity Verification and Additional Information\n\n - Announcement authenticity verification:\n\n SUSE security announcements are published via mailing lists and on Web\n sites. The authenticity and integrity of a SUSE security announcement is\n guaranteed by a cryptographic signature in each announcement. All SUSE\n security announcements are published with a valid signature. \n\n To verify the signature of the announcement, save it as text into a file\n and run the command\n\n gpg --verify \u003cfile\u003e\n\n replacing \u003cfile\u003e with the name of the file where you saved the\n announcement. The output for a valid signature looks like:\n\n gpg: Signature made \u003cDATE\u003e using RSA key ID 3D25D3D9\n gpg: Good signature from \"SuSE Security Team \u003csecurity@suse.de\u003e\"\n\n where \u003cDATE\u003e is replaced by the date the document was signed. \n\n If the security team\u0027s key is not contained in your key ring, you can\n import it from the first installation CD. To import the key, use the\n command\n\n gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc\n\n - Package authenticity verification:\n\n SUSE update packages are available on many mirror FTP servers all over the\n world. While this service is considered valuable and important to the free\n and open source software community, the authenticity and the integrity of\n a package needs to be verified to ensure that it has not been tampered\n with. \n\n The internal rpm package signatures provide an easy way to verify the\n authenticity of an RPM package. Use the command\n\n rpm -v --checksig \u003cfile.rpm\u003e\n\n to verify the signature of the package, replacing \u003cfile.rpm\u003e with the\n filename of the RPM package downloaded. The package is unmodified if it\n contains a valid signature from build@suse.de with the key ID 9C800ACA. \n\n This key is automatically imported into the RPM database (on\n RPMv4-based distributions) and the gpg key ring of \u0027root\u0027 during\n installation. You can also find it on the first installation CD and at\n the end of this announcement. \n\n - SUSE runs two security mailing lists to which any interested party may\n subscribe:\n\n opensuse-security@opensuse.org\n - General Linux and SUSE security discussion. \n All SUSE security announcements are sent to this list. \n To subscribe, send an e-mail to\n \u003copensuse-security+subscribe@opensuse.org\u003e. \n\n opensuse-security-announce@opensuse.org\n - SUSE\u0027s announce-only mailing list. \n Only SUSE\u0027s security announcements are sent to this list. \n To subscribe, send an e-mail to\n \u003copensuse-security-announce+subscribe@opensuse.org\u003e. \n The \u003csecurity@suse.de\u003e public key is listed below. \n =====================================================================\n______________________________________________________________________________\n\n The information in this advisory may be distributed or reproduced,\n provided that the advisory is not modified in any way. In particular, the\n clear text signature should show proof of the authenticity of the text. \n\n SUSE Linux Products GmbH provides no warranties of any kind whatsoever\n with respect to the information contained in this security advisory. \n\nType Bits/KeyID Date User ID\npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team \u003csecurity@suse.de\u003e\npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key \u003cbuild@suse.de\u003e\n\n- -----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1.4.2 (GNU/Linux)\n\nmQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA\nBqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz\nJR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh\n1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U\nP7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+\ncZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg\nVGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b\nyHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7\ntQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ\nxG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63\nOm8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo\nchoXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI\nBkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u\nv/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+\nx9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0\nIx30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq\nMkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2\nsaqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o\nL0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU\nF7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS\nFQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW\ntp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It\nKlj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF\nAjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+\n3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk\nYS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP\n+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR\n8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U\n8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S\ncZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh\nELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB\nUVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo\nAqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n\nKFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi\nBBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro\nnIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg\nKL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx\nyoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn\nB/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV\nwM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh\nUzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF\n5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3\nD3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu\nzgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd\n9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi\na5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13\nCNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp\n271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE\nt5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG\nB/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw\nrbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt\nIJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL\nrWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H\nRKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa\ng8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA\nCspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO\n=ypVs\n- -----END PGP PUBLIC KEY BLOCK-----\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.9 (GNU/Linux)\n\niQEVAwUBTdOSuney5gA9JdPZAQITxQf/Y5fPRPXZbk6J7KRCjiGoJ+zIfmIijKeh\nfF4WiLL02eRbTKbn/gVtb/bmxoRGRO6Np5q1XDjj253EWUc0Zn/oDWiXQzRvmir6\n3os2rjBfUGirpfVzAv0qSAiD7XbMUo/ohvcUwhAxb2PaWipRnynMzUANcARSJ924\n6YMitvr1IF+i8xDF8yThCFkkyjkDuBPzgomB6zs1/Fd+ku04mMFHLVYpf22DQcGh\nwYvHo46lMWURt+aLEu0TJ07OEocaARYfzwqUYuY/4FZ4ias+I1GjCjL1WldQxeA9\nrQ3AGEZ9YVARnkg4CwRHWcYlyYwobanDykmODfu20DWM0FOofrH6xw==\n=mivB\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\nFor more information:\nSA44590\n\nSOLUTION:\nUpdated packages are available via Red Hat Network. \n\nFor more information:\nSA44590\n\n2) An error within WebKit glue may result in an incorrect type cast. \n\n3) Multiple integer overflow errors exist within the handling of SVG\nfilters. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers and Adobe Security Advisories and\nBulletins referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=www-plugins/adobe-flash-10.3.183.10\"\n\nReferences\n==========\n\n[ 1 ] APSA11-01\n http://www.adobe.com/support/security/advisories/apsa11-01.html\n[ 2 ] APSA11-02\n http://www.adobe.com/support/security/advisories/apsa11-02.html\n[ 3 ] APSB11-02\n http://www.adobe.com/support/security/bulletins/apsb11-02.html\n[ 4 ] APSB11-12\n http://www.adobe.com/support/security/bulletins/apsb11-12.html\n[ 5 ] APSB11-13\n http://www.adobe.com/support/security/bulletins/apsb11-13.html\n[ 6 ] APSB11-21\n https://www.adobe.com/support/security/bulletins/apsb11-21.html\n[ 7 ] APSB11-26\n https://www.adobe.com/support/security/bulletins/apsb11-26.html\n[ 8 ] CVE-2011-0558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558\n[ 9 ] CVE-2011-0559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559\n[ 10 ] CVE-2011-0560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560\n[ 11 ] CVE-2011-0561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561\n[ 12 ] CVE-2011-0571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571\n[ 13 ] CVE-2011-0572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572\n[ 14 ] CVE-2011-0573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573\n[ 15 ] CVE-2011-0574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574\n[ 16 ] CVE-2011-0575\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575\n[ 17 ] CVE-2011-0577\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577\n[ 18 ] CVE-2011-0578\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578\n[ 19 ] CVE-2011-0579\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579\n[ 20 ] CVE-2011-0589\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589\n[ 21 ] CVE-2011-0607\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607\n[ 22 ] CVE-2011-0608\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608\n[ 23 ] CVE-2011-0609\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609\n[ 24 ] CVE-2011-0611\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611\n[ 25 ] CVE-2011-0618\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618\n[ 26 ] CVE-2011-0619\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619\n[ 27 ] CVE-2011-0620\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620\n[ 28 ] CVE-2011-0621\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621\n[ 29 ] CVE-2011-0622\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622\n[ 30 ] CVE-2011-0623\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623\n[ 31 ] CVE-2011-0624\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624\n[ 32 ] CVE-2011-0625\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625\n[ 33 ] CVE-2011-0626\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626\n[ 34 ] CVE-2011-0627\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627\n[ 35 ] CVE-2011-0628\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628\n[ 36 ] CVE-2011-2107\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107\n[ 37 ] CVE-2011-2110\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110\n[ 38 ] CVE-2011-2125\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135\n[ 39 ] CVE-2011-2130\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130\n[ 40 ] CVE-2011-2134\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134\n[ 41 ] CVE-2011-2136\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136\n[ 42 ] CVE-2011-2137\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137\n[ 43 ] CVE-2011-2138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138\n[ 44 ] CVE-2011-2139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139\n[ 45 ] CVE-2011-2140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140\n[ 46 ] CVE-2011-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414\n[ 47 ] CVE-2011-2415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415\n[ 48 ] CVE-2011-2416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416\n[ 49 ] CVE-2011-2417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417\n[ 50 ] CVE-2011-2424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424\n[ 51 ] CVE-2011-2425\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425\n[ 52 ] CVE-2011-2426\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426\n[ 53 ] CVE-2011-2427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427\n[ 54 ] CVE-2011-2428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428\n[ 55 ] CVE-2011-2429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429\n[ 56 ] CVE-2011-2430\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430\n[ 57 ] CVE-2011-2444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201110-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. ----------------------------------------------------------------------\n\n\nJoin Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria\nSee to the presentation \"The Dynamics and Threats of End-Point Software Portfolios\" by Secunia\u0027s Research Analyst Director, Stefan Frei. \nRead more:\nhttp://conference.first.org/ \n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Reader / Acrobat Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA43269\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43269/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269\n\nRELEASE DATE:\n2011-06-16\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43269/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43269/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Adobe Reader /\nAcrobat, which can be exploited by malicious people to conduct\ncross-site scripting attacks, disclose potentially sensitive\ninformation, bypass certain security restrictions, and compromise a\nuser\u0027s system. \n\n1) An error in 3difr.x3d due to the component trusting the provided\nstring length when processing certain files can be exploited to cause\na stack-based buffer overflow. \n\n2) An error in tesselate.x3d due to the component trusting the\nprovided string length when processing certain files can be exploited\nto cause a stack-based buffer overflow. \n\n3) An unspecified error can be exploited to cause a heap-based buffer\noverflow. \n\n4) An integer overflow error in ACE.dll when parsing the \"desc\" ICC\nchunk can be exploited to corrupt memory via a specially crafted PDF\nfile. \n\n5) An unspecified error can be exploited to corrupt memory. \n\n6) An unspecified error can be exploited to corrupt memory. \n\n7) An error due to the application loading certain unspecified\nlibraries in an insecure manner can be exploited to load arbitrary\nlibraries by tricking a user into e.g. opening a file located on a\nremote WebDAV or SMB share. \n\n9) An unspecified error can be exploited to bypass certain security\nrestrictions. \n\nThis vulnerability affects Adobe Reader and Acrobat X 10.x only. \n\n10) An unspecified error can be exploited to corrupt memory. \n\nThis vulnerability affects 8.x versions only. \n\n11) An unspecified error can be exploited to corrupt memory. \n\n12) An unspecified error can be exploited to corrupt memory. \n\n13) An unspecified error can be exploited to corrupt memory. \n\nFor more information:\nSA44590\nSA44846\n\nThe vulnerabilities are reported in the following products:\n* Adobe Reader X (10.0.1) and earlier for Windows. \n* Adobe Reader X (10.0.3) and earlier for Macintosh. \n* Adobe Reader 9.4.4 and earlier for Windows and Macintosh. \n* Adobe Reader 8.2.6 and earlier for Windows and Macintosh. \n* Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. \n* Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. \n* Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh. \n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\n1, 2) An anonymous person via ZDI. \n4) Secunia Research. \n\nThe vendor also credits:\n3, 6) Tarjei Mandt, Norman. \n5) Rodrigo Rubira Branco. \n7) Mila Parkour. \n8) Billy Rios, Google Security Team. \n9) Christian Navarrete, CubilFelino Security Research Lab. \n10) Tavis Ormandy, Google Security Team. \n11) Brett Gervasoni, Sense of Security. \n12) Will Dormann, CERT/CC. \n13) James Quirk, Los Alamos, New Mexico. \n\nORIGINAL ADVISORY:\nAdobe (APSB11-16):\nhttp://www.adobe.com/support/security/bulletins/apsb11-16.html\n\nSecunia Research:\nhttp://secunia.com/secunia_research/2011-41/\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-218/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-219/\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2011-0626" }, { "db": "JVNDB", "id": "JVNDB-2011-001652" }, { "db": "BID", "id": "47814" }, { "db": "VULHUB", "id": "VHN-48571" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-0626", "trust": 3.0 }, { "db": "BID", "id": "47814", "trust": 1.2 }, { "db": "SECUNIA", "id": "43269", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2011-001652", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201105-179", "trust": 0.7 }, { "db": "SECUNIA", "id": "44568", "trust": 0.7 }, { "db": "SECUNIA", "id": "44591", "trust": 0.7 }, { "db": "SECUNIA", "id": "44590", "trust": 0.7 }, { "db": "NSFOCUS", "id": "16830", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-48571", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101520", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101403", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101417", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105802", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-218", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-219", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "102309", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101414", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48571" }, { "db": "BID", "id": "47814" }, { "db": "JVNDB", "id": "JVNDB-2011-001652" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0626" }, { "db": "CNNVD", "id": "CNNVD-201105-179" } ] }, "id": "VAR-201105-0013", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-48571" } ], "trust": 0.24074074 }, "last_update_date": "2023-12-18T11:46:47.134000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB11-12", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "title": "cpsid_90300", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/903/cpsid_90300.html" }, { "title": "APSB11-12", "trust": 0.8, "url": "http://www.adobe.com/jp/support/security/bulletins/apsb11-12.html" }, { "title": "RHSA-2011:0511", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2011-0511.html" }, { "title": "Multiple vulnerabilities in Adobe Flashplayer", "trust": 0.8, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer" }, { "title": "install_flashplayer11x32ax_gtba_chra_dy_aih", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=44945" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001652" }, { "db": "CNNVD", "id": "CNNVD-201105-179" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48571" }, { "db": "JVNDB", "id": "JVNDB-2011-001652" }, { "db": "NVD", "id": "CVE-2011-0626" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14036" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16156" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0626" }, { "trust": 0.8, "url": "http://secunia.com/advisories/43269" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20110513-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2011/at110013.txt" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0626" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/47814" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44568" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44590" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44591" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/16830" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.4, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.4, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.3, "url": "http://www.adobe.com" }, { "trust": 0.3, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer" }, { "trust": 0.3, "url": "http://www.blackberry.com/btsc/kb27365" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/127e996-10b83-4ab94539ab540/cert_xrx11-003_v1.0.pdf" }, { "trust": 0.3, "url": "http://twitter.com/secunia" }, { "trust": 0.3, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.3, "url": "http://www.facebook.com/secunia" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0624" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0627" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0619" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0626" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0622" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0618" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0625" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0589" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0621" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0623" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0620" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm" }, { "trust": 0.1, "url": "http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm" }, { "trust": 0.1, "url": "http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44568/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44568" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44568/" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-0511.html" }, { "trust": 0.1, "url": "http://feeds.feedburner.com/googlechromereleases" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44591/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44591/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44591" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0579" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0626" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2414" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2417" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0575" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0607" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2135" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0621" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0624" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2425" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2107" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2416" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-02.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2110" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0575" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2424" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0559" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-21.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2426" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0620" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0579" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-13.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0578" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2130" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2134" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0619" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2137" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2138" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2136" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0578" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0623" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0577" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0589" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0627" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2428" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-26.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0607" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2430" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2427" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201110-11.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2140" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0559" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0625" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-01.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0622" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0618" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0577" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43269/" }, { "trust": 0.1, "url": "http://conference.first.org/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43269/#comments" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-16.html" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-218/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-219/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_research/2011-41/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44590/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44590/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44590" } ], "sources": [ { "db": "VULHUB", "id": "VHN-48571" }, { "db": "BID", "id": "47814" }, { "db": "JVNDB", "id": "JVNDB-2011-001652" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0626" }, { "db": "CNNVD", "id": "CNNVD-201105-179" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-48571" }, { "db": "BID", "id": "47814" }, { "db": "JVNDB", "id": "JVNDB-2011-001652" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0626" }, { "db": "CNNVD", "id": "CNNVD-201105-179" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-05-13T00:00:00", "db": "VULHUB", "id": "VHN-48571" }, { "date": "2011-05-12T00:00:00", "db": "BID", "id": "47814" }, { "date": "2011-05-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001652" }, { "date": "2011-05-18T14:23:49", "db": "PACKETSTORM", "id": "101520" }, { "date": "2011-05-13T05:29:19", "db": "PACKETSTORM", "id": "101403" }, { "date": "2011-05-15T11:28:00", "db": "PACKETSTORM", "id": "101417" }, { "date": "2011-10-14T06:16:06", "db": "PACKETSTORM", "id": "105802" }, { "date": "2011-06-16T02:14:44", "db": "PACKETSTORM", "id": "102309" }, { "date": "2011-05-15T11:27:52", "db": "PACKETSTORM", "id": "101414" }, { "date": "2011-05-13T22:55:01.550000", "db": "NVD", "id": "CVE-2011-0626" }, { "date": "2011-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201105-179" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-30T00:00:00", "db": "VULHUB", "id": "VHN-48571" }, { "date": "2015-03-19T09:21:00", "db": "BID", "id": "47814" }, { "date": "2011-08-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001652" }, { "date": "2018-10-30T16:26:24.687000", "db": "NVD", "id": "CVE-2011-0626" }, { "date": "2011-05-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201105-179" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "105802" }, { "db": "CNNVD", "id": "CNNVD-201105-179" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001652" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation", "sources": [ { "db": "CNNVD", "id": "CNNVD-201105-179" } ], "trust": 0.6 } }
var-201105-0014
Vulnerability from variot
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file. Adobe Flash Player is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. A remote attacker can embed a malicious Flash (.swf) file in Microsoft Word (.doc) or Microsoft Excel (.xls) and send it to Windows users as an email attachment. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUSE Security Announcement
Package: flash-player
Announcement ID: SUSE-SA:2011:025
Date: Tue, 17 May 2011 12:00:00 +0000
Affected Products: openSUSE 11.3
openSUSE 11.4
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 10 SP4
Vulnerability Type: remote code execution
CVSS v2 Base Score: 6.8
SUSE Default Package: yes
Cross-References: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619
CVE-2011-0620, CVE-2011-0621, CVE-2011-0622
CVE-2011-0623, CVE-2011-0624, CVE-2011-0625
CVE-2011-0626, CVE-2011-0627
Content of This Advisory:
1) Problem Description
flash-player security update to 10.3
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
6) Authenticity Verification and Additional Information
1) Problem Description and Brief Discussion
Flash Player has been updated to version 10.3, fixing bugs and security issues. - CVE-2011-0589: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0618: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Numeric Errors (CWE-189) - CVE-2011-0619: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0620: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0621: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0622: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0623: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0624: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0625: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0626: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0627: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20)
More information can be found on: http://www.adobe.com/support/security/bulletins/apsb11-12.html
2) Solution or Work-Around
If supported by the browser, you can disable the flash plugin.
3) Special Instructions and Notes
After the flash player update has been installed, all programs utilizing the flash plugin should be restarted. In particular web browser sessions should be restarted.a
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST "Online Update" module or the "zypper" commandline tool. The package and patch management stack will detect which updates are required and automatically perform the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing
x86 Platform:
openSUSE 11.4: http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm
openSUSE 11.3: http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm
Sources:
openSUSE 11.4: http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm
openSUSE 11.3: http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm
Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web:
SUSE Linux Enterprise Desktop 10 SP4 http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69
SUSE Linux Enterprise Desktop 11 SP1 http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
-
Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file and run the command
gpg --verify
replacing
with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made
using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team security@suse.de" where
is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
-
Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with.
The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command
rpm -v --checksig
to verify the signature of the package, replacing
with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement.
-
SUSE runs two security mailing lists to which any interested party may subscribe:
opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to opensuse-security+subscribe@opensuse.org.
opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to opensuse-security-announce+subscribe@opensuse.org. The security@suse.de public key is listed below. =====================================================================
The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team security@suse.de pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key build@suse.de
- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux)
iQEVAwUBTdOSuney5gA9JdPZAQITxQf/Y5fPRPXZbk6J7KRCjiGoJ+zIfmIijKeh fF4WiLL02eRbTKbn/gVtb/bmxoRGRO6Np5q1XDjj253EWUc0Zn/oDWiXQzRvmir6 3os2rjBfUGirpfVzAv0qSAiD7XbMUo/ohvcUwhAxb2PaWipRnynMzUANcARSJ924 6YMitvr1IF+i8xDF8yThCFkkyjkDuBPzgomB6zs1/Fd+ku04mMFHLVYpf22DQcGh wYvHo46lMWURt+aLEu0TJ07OEocaARYfzwqUYuY/4FZ4ias+I1GjCjL1WldQxeA9 rQ3AGEZ9YVARnkg4CwRHWcYlyYwobanDykmODfu20DWM0FOofrH6xw== =mivB -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
For more information: SA44590
SOLUTION: Updated packages are available via Red Hat Network.
For more information: SA44590
2) An error within WebKit glue may result in an incorrect type cast.
3) Multiple integer overflow errors exist within the handling of SVG filters.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers and Adobe Security Advisories and Bulletins referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10"
References
[ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201110-11.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/
TITLE: Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA43269
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43269/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43269
RELEASE DATE: 2011-06-16
DISCUSS ADVISORY: http://secunia.com/advisories/43269/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43269/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43269
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Reader / Acrobat, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
1) An error in 3difr.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
2) An error in tesselate.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
3) An unspecified error can be exploited to cause a heap-based buffer overflow.
4) An integer overflow error in ACE.dll when parsing the "desc" ICC chunk can be exploited to corrupt memory via a specially crafted PDF file.
5) An unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to corrupt memory.
7) An error due to the application loading certain unspecified libraries in an insecure manner can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share.
9) An unspecified error can be exploited to bypass certain security restrictions.
This vulnerability affects Adobe Reader and Acrobat X 10.x only.
10) An unspecified error can be exploited to corrupt memory.
This vulnerability affects 8.x versions only.
11) An unspecified error can be exploited to corrupt memory.
12) An unspecified error can be exploited to corrupt memory.
13) An unspecified error can be exploited to corrupt memory.
For more information: SA44590 SA44846
The vulnerabilities are reported in the following products: * Adobe Reader X (10.0.1) and earlier for Windows. * Adobe Reader X (10.0.3) and earlier for Macintosh. * Adobe Reader 9.4.4 and earlier for Windows and Macintosh. * Adobe Reader 8.2.6 and earlier for Windows and Macintosh. * Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. * Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. * Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh.
SOLUTION: Apply updates (please see the vendor's advisory for details).
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: 1, 2) An anonymous person via ZDI. 4) Secunia Research.
The vendor also credits: 3, 6) Tarjei Mandt, Norman. 5) Rodrigo Rubira Branco. 7) Mila Parkour. 8) Billy Rios, Google Security Team. 9) Christian Navarrete, CubilFelino Security Research Lab. 10) Tavis Ormandy, Google Security Team. 11) Brett Gervasoni, Sense of Security. 12) Will Dormann, CERT/CC. 13) James Quirk, Los Alamos, New Mexico.
ORIGINAL ADVISORY: Adobe (APSB11-16): http://www.adobe.com/support/security/bulletins/apsb11-16.html
Secunia Research: http://secunia.com/secunia_research/2011-41/
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-218/ http://www.zerodayinitiative.com/advisories/ZDI-11-219/
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201105-0014", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.154.25" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.156.12" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.154.13" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.106.16" }, { "model": "flash player", "scope": "lte", "trust": 1.8, "vendor": "adobe", "version": "10.2.159.1" }, { "model": "flash player", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "10.1.92.8" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.2.152.33" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.24.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.63" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.35.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.14.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.28" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.1.52.14.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.67.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.33.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.0.584" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.1.52.15" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.2" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.262.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.112.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.2.152" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.69.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.68.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.25" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.21.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.22.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.16" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.61.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.12.10" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.53.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.18d60" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.66.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.155.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.34.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.45.2" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.283.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.24.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.79" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.42.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.39.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.19.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.31" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.73.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.2.152.32" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.70.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.114.0" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.2.157.51" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.60.0" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.2.157.51" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.2.159.1" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs4 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.2.154.28 for chrome a user" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.2.157.51 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary eus", "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "rhel supplementary eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6.z (server)" }, { "model": "rhel supplementary long life", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6 (server)" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "freeflow print server 73.b0.73", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.152.21" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.3.185.21" }, { "model": "hat enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "freeflow print server 73.a3.31", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "flash cs4 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.3.181.14" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "flash cs5 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" }, { "model": "solaris express", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.24" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.4" }, { "model": "hat enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.27" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.18" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.28" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.153.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "hat enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.65" } ], "sources": [ { "db": "BID", "id": "47810" }, { "db": "JVNDB", "id": "JVNDB-2011-001653" }, { "db": "NVD", "id": "CVE-2011-0627" }, { "db": "CNNVD", "id": "CNNVD-201105-180" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.102.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2.159.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.154.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.154.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.277.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.283.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2.157.51", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.105.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.106.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.156.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2011-0627" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Secunia", "sources": [ { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" } ], "trust": 0.4 }, "cve": "CVE-2011-0627", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2011-0627", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-48572", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2011-0627", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201105-180", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-48572", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-48572" }, { "db": "JVNDB", "id": "JVNDB-2011-001653" }, { "db": "NVD", "id": "CVE-2011-0627" }, { "db": "CNNVD", "id": "CNNVD-201105-180" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file. Adobe Flash Player is prone to a remote memory-corruption vulnerability. \nAn attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. A remote attacker can embed a malicious Flash (.swf) file in Microsoft Word (.doc) or Microsoft Excel (.xls) and send it to Windows users as an email attachment. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n______________________________________________________________________________\n\n SUSE Security Announcement\n\n Package: flash-player\n Announcement ID: SUSE-SA:2011:025\n Date: Tue, 17 May 2011 12:00:00 +0000\n Affected Products: openSUSE 11.3\n openSUSE 11.4\n SUSE Linux Enterprise Desktop 11 SP1\n SUSE Linux Enterprise Desktop 10 SP4\n Vulnerability Type: remote code execution\n CVSS v2 Base Score: 6.8\n SUSE Default Package: yes\n Cross-References: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619\n CVE-2011-0620, CVE-2011-0621, CVE-2011-0622\n CVE-2011-0623, CVE-2011-0624, CVE-2011-0625\n CVE-2011-0626, CVE-2011-0627\n\n Content of This Advisory:\n 1) Problem Description\n flash-player security update to 10.3\n 2) Solution or Work-Around\n 3) Special Instructions and Notes\n 4) Package Location and Checksums\n 5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n 6) Authenticity Verification and Additional Information\n\n______________________________________________________________________________\n\n1) Problem Description and Brief Discussion\n\n Flash Player has been updated to version 10.3, fixing bugs\n and security issues. \n - CVE-2011-0589: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0618: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Numeric Errors (CWE-189)\n - CVE-2011-0619: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0620: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0621: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0622: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0623: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0624: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0625: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0626: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0627: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n \n More information can be found on:\n http://www.adobe.com/support/security/bulletins/apsb11-12.html\n\n2) Solution or Work-Around\n\n If supported by the browser, you can disable the flash plugin. \n\n3) Special Instructions and Notes\n\n After the flash player update has been installed, all programs utilizing\n the flash plugin should be restarted. In particular web browser sessions\n should be restarted.a\n\n4) Package Location and Checksums\n\n The preferred method for installing security updates is to use the YaST\n \"Online Update\" module or the \"zypper\" commandline tool. The package and\n patch management stack will detect which updates are required and\n automatically perform the necessary steps to verify and install them. \n\n Alternatively, download the update packages for your distribution manually\n and verify their integrity by the methods listed in Section 6 of this\n announcement. Then install the packages using the command\n\n rpm -Fhv \u003cfile.rpm\u003e\n\n to apply the update, replacing \u003cfile.rpm\u003e with the filename of the\n downloaded RPM package. \n\n \n x86 Platform:\n \n openSUSE 11.4:\n http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm\n \n openSUSE 11.3:\n http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm\n \n Sources:\n \n openSUSE 11.4:\n http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm\n \n openSUSE 11.3:\n http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm\n \n Our maintenance customers are notified individually. The packages are\n offered for installation from the maintenance web:\n \n SUSE Linux Enterprise Desktop 10 SP4\n http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69\n \n SUSE Linux Enterprise Desktop 11 SP1\n http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad\n\n______________________________________________________________________________\n\n5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n\n See SUSE Security Summary Report. \n\n______________________________________________________________________________\n\n6) Authenticity Verification and Additional Information\n\n - Announcement authenticity verification:\n\n SUSE security announcements are published via mailing lists and on Web\n sites. The authenticity and integrity of a SUSE security announcement is\n guaranteed by a cryptographic signature in each announcement. All SUSE\n security announcements are published with a valid signature. \n\n To verify the signature of the announcement, save it as text into a file\n and run the command\n\n gpg --verify \u003cfile\u003e\n\n replacing \u003cfile\u003e with the name of the file where you saved the\n announcement. The output for a valid signature looks like:\n\n gpg: Signature made \u003cDATE\u003e using RSA key ID 3D25D3D9\n gpg: Good signature from \"SuSE Security Team \u003csecurity@suse.de\u003e\"\n\n where \u003cDATE\u003e is replaced by the date the document was signed. \n\n If the security team\u0027s key is not contained in your key ring, you can\n import it from the first installation CD. To import the key, use the\n command\n\n gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc\n\n - Package authenticity verification:\n\n SUSE update packages are available on many mirror FTP servers all over the\n world. While this service is considered valuable and important to the free\n and open source software community, the authenticity and the integrity of\n a package needs to be verified to ensure that it has not been tampered\n with. \n\n The internal rpm package signatures provide an easy way to verify the\n authenticity of an RPM package. Use the command\n\n rpm -v --checksig \u003cfile.rpm\u003e\n\n to verify the signature of the package, replacing \u003cfile.rpm\u003e with the\n filename of the RPM package downloaded. The package is unmodified if it\n contains a valid signature from build@suse.de with the key ID 9C800ACA. \n\n This key is automatically imported into the RPM database (on\n RPMv4-based distributions) and the gpg key ring of \u0027root\u0027 during\n installation. You can also find it on the first installation CD and at\n the end of this announcement. \n\n - SUSE runs two security mailing lists to which any interested party may\n subscribe:\n\n opensuse-security@opensuse.org\n - General Linux and SUSE security discussion. \n All SUSE security announcements are sent to this list. \n To subscribe, send an e-mail to\n \u003copensuse-security+subscribe@opensuse.org\u003e. \n\n opensuse-security-announce@opensuse.org\n - SUSE\u0027s announce-only mailing list. \n Only SUSE\u0027s security announcements are sent to this list. \n To subscribe, send an e-mail to\n \u003copensuse-security-announce+subscribe@opensuse.org\u003e. \n The \u003csecurity@suse.de\u003e public key is listed below. \n =====================================================================\n______________________________________________________________________________\n\n The information in this advisory may be distributed or reproduced,\n provided that the advisory is not modified in any way. In particular, the\n clear text signature should show proof of the authenticity of the text. \n\n SUSE Linux Products GmbH provides no warranties of any kind whatsoever\n with respect to the information contained in this security advisory. \n\nType Bits/KeyID Date User ID\npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team \u003csecurity@suse.de\u003e\npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key \u003cbuild@suse.de\u003e\n\n- -----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1.4.2 (GNU/Linux)\n\nmQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA\nBqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz\nJR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh\n1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U\nP7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+\ncZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg\nVGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b\nyHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7\ntQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ\nxG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63\nOm8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo\nchoXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI\nBkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u\nv/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+\nx9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0\nIx30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq\nMkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2\nsaqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o\nL0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU\nF7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS\nFQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW\ntp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It\nKlj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF\nAjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+\n3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk\nYS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP\n+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR\n8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U\n8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S\ncZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh\nELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB\nUVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo\nAqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n\nKFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi\nBBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro\nnIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg\nKL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx\nyoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn\nB/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV\nwM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh\nUzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF\n5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3\nD3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu\nzgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd\n9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi\na5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13\nCNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp\n271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE\nt5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG\nB/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw\nrbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt\nIJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL\nrWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H\nRKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa\ng8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA\nCspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO\n=ypVs\n- -----END PGP PUBLIC KEY BLOCK-----\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.9 (GNU/Linux)\n\niQEVAwUBTdOSuney5gA9JdPZAQITxQf/Y5fPRPXZbk6J7KRCjiGoJ+zIfmIijKeh\nfF4WiLL02eRbTKbn/gVtb/bmxoRGRO6Np5q1XDjj253EWUc0Zn/oDWiXQzRvmir6\n3os2rjBfUGirpfVzAv0qSAiD7XbMUo/ohvcUwhAxb2PaWipRnynMzUANcARSJ924\n6YMitvr1IF+i8xDF8yThCFkkyjkDuBPzgomB6zs1/Fd+ku04mMFHLVYpf22DQcGh\nwYvHo46lMWURt+aLEu0TJ07OEocaARYfzwqUYuY/4FZ4ias+I1GjCjL1WldQxeA9\nrQ3AGEZ9YVARnkg4CwRHWcYlyYwobanDykmODfu20DWM0FOofrH6xw==\n=mivB\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\nFor more information:\nSA44590\n\nSOLUTION:\nUpdated packages are available via Red Hat Network. \n\nFor more information:\nSA44590\n\n2) An error within WebKit glue may result in an incorrect type cast. \n\n3) Multiple integer overflow errors exist within the handling of SVG\nfilters. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers and Adobe Security Advisories and\nBulletins referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=www-plugins/adobe-flash-10.3.183.10\"\n\nReferences\n==========\n\n[ 1 ] APSA11-01\n http://www.adobe.com/support/security/advisories/apsa11-01.html\n[ 2 ] APSA11-02\n http://www.adobe.com/support/security/advisories/apsa11-02.html\n[ 3 ] APSB11-02\n http://www.adobe.com/support/security/bulletins/apsb11-02.html\n[ 4 ] APSB11-12\n http://www.adobe.com/support/security/bulletins/apsb11-12.html\n[ 5 ] APSB11-13\n http://www.adobe.com/support/security/bulletins/apsb11-13.html\n[ 6 ] APSB11-21\n https://www.adobe.com/support/security/bulletins/apsb11-21.html\n[ 7 ] APSB11-26\n https://www.adobe.com/support/security/bulletins/apsb11-26.html\n[ 8 ] CVE-2011-0558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558\n[ 9 ] CVE-2011-0559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559\n[ 10 ] CVE-2011-0560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560\n[ 11 ] CVE-2011-0561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561\n[ 12 ] CVE-2011-0571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571\n[ 13 ] CVE-2011-0572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572\n[ 14 ] CVE-2011-0573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573\n[ 15 ] CVE-2011-0574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574\n[ 16 ] CVE-2011-0575\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575\n[ 17 ] CVE-2011-0577\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577\n[ 18 ] CVE-2011-0578\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578\n[ 19 ] CVE-2011-0579\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579\n[ 20 ] CVE-2011-0589\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589\n[ 21 ] CVE-2011-0607\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607\n[ 22 ] CVE-2011-0608\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608\n[ 23 ] CVE-2011-0609\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609\n[ 24 ] CVE-2011-0611\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611\n[ 25 ] CVE-2011-0618\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618\n[ 26 ] CVE-2011-0619\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619\n[ 27 ] CVE-2011-0620\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620\n[ 28 ] CVE-2011-0621\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621\n[ 29 ] CVE-2011-0622\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622\n[ 30 ] CVE-2011-0623\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623\n[ 31 ] CVE-2011-0624\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624\n[ 32 ] CVE-2011-0625\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625\n[ 33 ] CVE-2011-0626\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626\n[ 34 ] CVE-2011-0627\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627\n[ 35 ] CVE-2011-0628\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628\n[ 36 ] CVE-2011-2107\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107\n[ 37 ] CVE-2011-2110\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110\n[ 38 ] CVE-2011-2125\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135\n[ 39 ] CVE-2011-2130\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130\n[ 40 ] CVE-2011-2134\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134\n[ 41 ] CVE-2011-2136\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136\n[ 42 ] CVE-2011-2137\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137\n[ 43 ] CVE-2011-2138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138\n[ 44 ] CVE-2011-2139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139\n[ 45 ] CVE-2011-2140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140\n[ 46 ] CVE-2011-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414\n[ 47 ] CVE-2011-2415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415\n[ 48 ] CVE-2011-2416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416\n[ 49 ] CVE-2011-2417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417\n[ 50 ] CVE-2011-2424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424\n[ 51 ] CVE-2011-2425\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425\n[ 52 ] CVE-2011-2426\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426\n[ 53 ] CVE-2011-2427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427\n[ 54 ] CVE-2011-2428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428\n[ 55 ] CVE-2011-2429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429\n[ 56 ] CVE-2011-2430\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430\n[ 57 ] CVE-2011-2444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201110-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. ----------------------------------------------------------------------\n\n\nJoin Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria\nSee to the presentation \"The Dynamics and Threats of End-Point Software Portfolios\" by Secunia\u0027s Research Analyst Director, Stefan Frei. \nRead more:\nhttp://conference.first.org/ \n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Reader / Acrobat Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA43269\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43269/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269\n\nRELEASE DATE:\n2011-06-16\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43269/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43269/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Adobe Reader /\nAcrobat, which can be exploited by malicious people to conduct\ncross-site scripting attacks, disclose potentially sensitive\ninformation, bypass certain security restrictions, and compromise a\nuser\u0027s system. \n\n1) An error in 3difr.x3d due to the component trusting the provided\nstring length when processing certain files can be exploited to cause\na stack-based buffer overflow. \n\n2) An error in tesselate.x3d due to the component trusting the\nprovided string length when processing certain files can be exploited\nto cause a stack-based buffer overflow. \n\n3) An unspecified error can be exploited to cause a heap-based buffer\noverflow. \n\n4) An integer overflow error in ACE.dll when parsing the \"desc\" ICC\nchunk can be exploited to corrupt memory via a specially crafted PDF\nfile. \n\n5) An unspecified error can be exploited to corrupt memory. \n\n6) An unspecified error can be exploited to corrupt memory. \n\n7) An error due to the application loading certain unspecified\nlibraries in an insecure manner can be exploited to load arbitrary\nlibraries by tricking a user into e.g. opening a file located on a\nremote WebDAV or SMB share. \n\n9) An unspecified error can be exploited to bypass certain security\nrestrictions. \n\nThis vulnerability affects Adobe Reader and Acrobat X 10.x only. \n\n10) An unspecified error can be exploited to corrupt memory. \n\nThis vulnerability affects 8.x versions only. \n\n11) An unspecified error can be exploited to corrupt memory. \n\n12) An unspecified error can be exploited to corrupt memory. \n\n13) An unspecified error can be exploited to corrupt memory. \n\nFor more information:\nSA44590\nSA44846\n\nThe vulnerabilities are reported in the following products:\n* Adobe Reader X (10.0.1) and earlier for Windows. \n* Adobe Reader X (10.0.3) and earlier for Macintosh. \n* Adobe Reader 9.4.4 and earlier for Windows and Macintosh. \n* Adobe Reader 8.2.6 and earlier for Windows and Macintosh. \n* Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. \n* Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. \n* Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh. \n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\n1, 2) An anonymous person via ZDI. \n4) Secunia Research. \n\nThe vendor also credits:\n3, 6) Tarjei Mandt, Norman. \n5) Rodrigo Rubira Branco. \n7) Mila Parkour. \n8) Billy Rios, Google Security Team. \n9) Christian Navarrete, CubilFelino Security Research Lab. \n10) Tavis Ormandy, Google Security Team. \n11) Brett Gervasoni, Sense of Security. \n12) Will Dormann, CERT/CC. \n13) James Quirk, Los Alamos, New Mexico. \n\nORIGINAL ADVISORY:\nAdobe (APSB11-16):\nhttp://www.adobe.com/support/security/bulletins/apsb11-16.html\n\nSecunia Research:\nhttp://secunia.com/secunia_research/2011-41/\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-218/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-219/\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2011-0627" }, { "db": "JVNDB", "id": "JVNDB-2011-001653" }, { "db": "BID", "id": "47810" }, { "db": "VULHUB", "id": "VHN-48572" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-0627", "trust": 3.0 }, { "db": "BID", "id": "47810", "trust": 1.2 }, { "db": "SECUNIA", "id": "43269", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2011-001653", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201105-180", "trust": 0.7 }, { "db": "SECUNIA", "id": "44568", "trust": 0.7 }, { "db": "SECUNIA", "id": "44591", "trust": 0.7 }, { "db": "SECUNIA", "id": "44590", "trust": 0.7 }, { "db": "NSFOCUS", "id": "16829", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-48572", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101520", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101403", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101417", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105802", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-218", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-219", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "102309", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101414", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48572" }, { "db": "BID", "id": "47810" }, { "db": "JVNDB", "id": "JVNDB-2011-001653" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0627" }, { "db": "CNNVD", "id": "CNNVD-201105-180" } ] }, "id": "VAR-201105-0014", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-48572" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T10:44:28.333000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB11-12", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "title": "cpsid_90300", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/903/cpsid_90300.html" }, { "title": "APSB11-12", "trust": 0.8, "url": "http://www.adobe.com/jp/support/security/bulletins/apsb11-12.html" }, { "title": "RHSA-2011:0511", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2011-0511.html" }, { "title": "Multiple vulnerabilities in Adobe Flashplayer", "trust": 0.8, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer" }, { "title": "install_flashplayer11x32ax_gtba_chra_dy_aih", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=44945" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001653" }, { "db": "CNNVD", "id": "CNNVD-201105-180" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48572" }, { "db": "JVNDB", "id": "JVNDB-2011-001653" }, { "db": "NVD", "id": "CVE-2011-0627" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a13914" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16053" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0627" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20110513-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2011/at110013.txt" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0627" }, { "trust": 0.8, "url": "http://secunia.com/advisories/43269" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/47810" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44568" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44590" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44591" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/16829" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.4, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.4, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.3, "url": "http://www.adobe.com" }, { "trust": 0.3, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/127e996-10b83-4ab94539ab540/cert_xrx11-003_v1.0.pdf" }, { "trust": 0.3, "url": "http://twitter.com/secunia" }, { "trust": 0.3, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.3, "url": "http://www.facebook.com/secunia" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0624" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0627" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0619" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0626" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0622" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0618" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0625" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0589" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0621" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0623" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0620" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm" }, { "trust": 0.1, "url": "http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm" }, { "trust": 0.1, "url": "http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44568/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44568" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44568/" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-0511.html" }, { "trust": 0.1, "url": "http://feeds.feedburner.com/googlechromereleases" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44591/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44591/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44591" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0579" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0626" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2414" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2417" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0575" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0607" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2135" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0621" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0624" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2425" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2107" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2416" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-02.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2110" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0575" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2424" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0559" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-21.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2426" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0620" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0579" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-13.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0578" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2130" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2134" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0619" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2137" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2138" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2136" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0578" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0623" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0577" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0589" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0627" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2428" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-26.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0607" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2430" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2427" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201110-11.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2140" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0559" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0625" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-01.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0622" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0618" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0577" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43269/" }, { "trust": 0.1, "url": "http://conference.first.org/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43269/#comments" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-16.html" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-218/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-219/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_research/2011-41/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44590/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44590/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44590" } ], "sources": [ { "db": "VULHUB", "id": "VHN-48572" }, { "db": "BID", "id": "47810" }, { "db": "JVNDB", "id": "JVNDB-2011-001653" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0627" }, { "db": "CNNVD", "id": "CNNVD-201105-180" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-48572" }, { "db": "BID", "id": "47810" }, { "db": "JVNDB", "id": "JVNDB-2011-001653" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0627" }, { "db": "CNNVD", "id": "CNNVD-201105-180" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-05-13T00:00:00", "db": "VULHUB", "id": "VHN-48572" }, { "date": "2011-05-12T00:00:00", "db": "BID", "id": "47810" }, { "date": "2011-05-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001653" }, { "date": "2011-05-18T14:23:49", "db": "PACKETSTORM", "id": "101520" }, { "date": "2011-05-13T05:29:19", "db": "PACKETSTORM", "id": "101403" }, { "date": "2011-05-15T11:28:00", "db": "PACKETSTORM", "id": "101417" }, { "date": "2011-10-14T06:16:06", "db": "PACKETSTORM", "id": "105802" }, { "date": "2011-06-16T02:14:44", "db": "PACKETSTORM", "id": "102309" }, { "date": "2011-05-15T11:27:52", "db": "PACKETSTORM", "id": "101414" }, { "date": "2011-05-13T22:55:01.580000", "db": "NVD", "id": "CVE-2011-0627" }, { "date": "2011-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201105-180" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-30T00:00:00", "db": "VULHUB", "id": "VHN-48572" }, { "date": "2013-06-20T09:40:00", "db": "BID", "id": "47810" }, { "date": "2011-08-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001653" }, { "date": "2018-10-30T16:26:24.687000", "db": "NVD", "id": "CVE-2011-0627" }, { "date": "2014-06-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201105-180" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "105802" }, { "db": "CNNVD", "id": "CNNVD-201105-180" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001653" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation", "sources": [ { "db": "CNNVD", "id": "CNNVD-201105-180" } ], "trust": 0.6 } }
var-201105-0041
Vulnerability from variot
Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors. Adobe Flash Player is prone to a remote integer-overflow vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUSE Security Announcement
Package: flash-player
Announcement ID: SUSE-SA:2011:025
Date: Tue, 17 May 2011 12:00:00 +0000
Affected Products: openSUSE 11.3
openSUSE 11.4
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 10 SP4
Vulnerability Type: remote code execution
CVSS v2 Base Score: 6.8
SUSE Default Package: yes
Cross-References: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619
CVE-2011-0620, CVE-2011-0621, CVE-2011-0622
CVE-2011-0623, CVE-2011-0624, CVE-2011-0625
CVE-2011-0626, CVE-2011-0627
Content of This Advisory:
1) Problem Description
flash-player security update to 10.3
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
6) Authenticity Verification and Additional Information
1) Problem Description and Brief Discussion
Flash Player has been updated to version 10.3, fixing bugs and security issues. - CVE-2011-0589: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0618: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Numeric Errors (CWE-189) - CVE-2011-0619: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0620: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0621: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0622: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0623: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0624: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0625: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0626: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0627: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20)
More information can be found on: http://www.adobe.com/support/security/bulletins/apsb11-12.html
2) Solution or Work-Around
If supported by the browser, you can disable the flash plugin.
3) Special Instructions and Notes
After the flash player update has been installed, all programs utilizing the flash plugin should be restarted. In particular web browser sessions should be restarted.a
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST "Online Update" module or the "zypper" commandline tool. The package and patch management stack will detect which updates are required and automatically perform the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing
x86 Platform:
openSUSE 11.4: http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm
openSUSE 11.3: http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm
Sources:
openSUSE 11.4: http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm
openSUSE 11.3: http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm
Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web:
SUSE Linux Enterprise Desktop 10 SP4 http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69
SUSE Linux Enterprise Desktop 11 SP1 http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
-
Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file and run the command
gpg --verify
replacing
with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made
using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team security@suse.de" where
is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
-
Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with.
The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command
rpm -v --checksig
to verify the signature of the package, replacing
with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement.
-
SUSE runs two security mailing lists to which any interested party may subscribe:
opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to opensuse-security+subscribe@opensuse.org.
opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to opensuse-security-announce+subscribe@opensuse.org. The security@suse.de public key is listed below. =====================================================================
The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team security@suse.de pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key build@suse.de
- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux)
iQEVAwUBTdOSuney5gA9JdPZAQITxQf/Y5fPRPXZbk6J7KRCjiGoJ+zIfmIijKeh fF4WiLL02eRbTKbn/gVtb/bmxoRGRO6Np5q1XDjj253EWUc0Zn/oDWiXQzRvmir6 3os2rjBfUGirpfVzAv0qSAiD7XbMUo/ohvcUwhAxb2PaWipRnynMzUANcARSJ924 6YMitvr1IF+i8xDF8yThCFkkyjkDuBPzgomB6zs1/Fd+ku04mMFHLVYpf22DQcGh wYvHo46lMWURt+aLEu0TJ07OEocaARYfzwqUYuY/4FZ4ias+I1GjCjL1WldQxeA9 rQ3AGEZ9YVARnkg4CwRHWcYlyYwobanDykmODfu20DWM0FOofrH6xw== =mivB -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
For more information: SA44590
SOLUTION: Updated packages are available via Red Hat Network.
For more information: SA44590
2) An error within WebKit glue may result in an incorrect type cast.
3) Multiple integer overflow errors exist within the handling of SVG filters.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers and Adobe Security Advisories and Bulletins referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10"
References
[ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201110-11.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/
TITLE: Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA43269
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43269/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43269
RELEASE DATE: 2011-06-16
DISCUSS ADVISORY: http://secunia.com/advisories/43269/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43269/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43269
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Reader / Acrobat, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
1) An error in 3difr.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
2) An error in tesselate.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
3) An unspecified error can be exploited to cause a heap-based buffer overflow.
4) An integer overflow error in ACE.dll when parsing the "desc" ICC chunk can be exploited to corrupt memory via a specially crafted PDF file.
5) An unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to corrupt memory.
7) An error due to the application loading certain unspecified libraries in an insecure manner can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share.
9) An unspecified error can be exploited to bypass certain security restrictions.
This vulnerability affects Adobe Reader and Acrobat X 10.x only.
10) An unspecified error can be exploited to corrupt memory.
This vulnerability affects 8.x versions only.
11) An unspecified error can be exploited to corrupt memory.
12) An unspecified error can be exploited to corrupt memory.
13) An unspecified error can be exploited to corrupt memory.
For more information: SA44590 SA44846
The vulnerabilities are reported in the following products: * Adobe Reader X (10.0.1) and earlier for Windows. * Adobe Reader X (10.0.3) and earlier for Macintosh. * Adobe Reader 9.4.4 and earlier for Windows and Macintosh. * Adobe Reader 8.2.6 and earlier for Windows and Macintosh. * Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. * Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. * Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh.
SOLUTION: Apply updates (please see the vendor's advisory for details).
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: 1, 2) An anonymous person via ZDI. 4) Secunia Research.
The vendor also credits: 3, 6) Tarjei Mandt, Norman. 5) Rodrigo Rubira Branco. 7) Mila Parkour. 8) Billy Rios, Google Security Team. 9) Christian Navarrete, CubilFelino Security Research Lab. 10) Tavis Ormandy, Google Security Team. 11) Brett Gervasoni, Sense of Security. 12) Will Dormann, CERT/CC. 13) James Quirk, Los Alamos, New Mexico.
ORIGINAL ADVISORY: Adobe (APSB11-16): http://www.adobe.com/support/security/bulletins/apsb11-16.html
Secunia Research: http://secunia.com/secunia_research/2011-41/
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-218/ http://www.zerodayinitiative.com/advisories/ZDI-11-219/
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201105-0041", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "flash player", "scope": "lte", "trust": 1.8, "vendor": "adobe", "version": "10.2.159.1" }, { "model": "flash player", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "10.1.52.15" }, { "model": "flash player", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "6.0.21.0" }, { "model": "flash player", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "8.0.34.0" }, { "model": "flash player", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "6.0.79" }, { "model": "flash player", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "7.0.70.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.2.154.25" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.2.156.12" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.2.152.33" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.2.154.13" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.106.16" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.24.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.63" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.35.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.14.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.28" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.1.52.14.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.67.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.33.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.0.584" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.2" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.262.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.112.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.2.152" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.69.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.68.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.25" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.22.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.16" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.61.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.12.10" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.53.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.18d60" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.66.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.155.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.45.2" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.1.92.8" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.283.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.24.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.42.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.39.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.19.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.31" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.73.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.2.152.32" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.114.0" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.2.157.51" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.60.0" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs4 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.2.154.28 for chrome users" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.2.157.51 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary eus", "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "rhel supplementary eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6.z (server)" }, { "model": "rhel supplementary long life", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6 (server)" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "freeflow print server 73.b0.73", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.152.21" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.157.51" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.3.185.21" }, { "model": "hat enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "in motion blackberry playbook tablet software", "scope": "ne", "trust": 0.3, "vendor": "research", "version": "1.0.6" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "freeflow print server 73.a3.31", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "in motion blackberry playbook tablet software", "scope": "eq", "trust": 0.3, "vendor": "research", "version": "1.0.5.2342" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.159.1" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "flash cs4 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.3.181.14" }, { "model": "flash cs5 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" }, { "model": "solaris express", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.24" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.4" }, { "model": "hat enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.27" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.18" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.28" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.153.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "hat enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.65" } ], "sources": [ { "db": "BID", "id": "47815" }, { "db": "JVNDB", "id": "JVNDB-2011-001644" }, { "db": "NVD", "id": "CVE-2011-0618" }, { "db": "CNNVD", "id": "CNNVD-201105-171" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.277.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2.159.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.102.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.283.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.154.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.154.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.105.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.106.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.156.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2.157.51", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2011-0618" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Secunia", "sources": [ { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" } ], "trust": 0.4 }, "cve": "CVE-2011-0618", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2011-0618", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-48563", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2011-0618", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201105-171", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-48563", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-48563" }, { "db": "JVNDB", "id": "JVNDB-2011-001644" }, { "db": "NVD", "id": "CVE-2011-0618" }, { "db": "CNNVD", "id": "CNNVD-201105-171" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors. Adobe Flash Player is prone to a remote integer-overflow vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n______________________________________________________________________________\n\n SUSE Security Announcement\n\n Package: flash-player\n Announcement ID: SUSE-SA:2011:025\n Date: Tue, 17 May 2011 12:00:00 +0000\n Affected Products: openSUSE 11.3\n openSUSE 11.4\n SUSE Linux Enterprise Desktop 11 SP1\n SUSE Linux Enterprise Desktop 10 SP4\n Vulnerability Type: remote code execution\n CVSS v2 Base Score: 6.8\n SUSE Default Package: yes\n Cross-References: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619\n CVE-2011-0620, CVE-2011-0621, CVE-2011-0622\n CVE-2011-0623, CVE-2011-0624, CVE-2011-0625\n CVE-2011-0626, CVE-2011-0627\n\n Content of This Advisory:\n 1) Problem Description\n flash-player security update to 10.3\n 2) Solution or Work-Around\n 3) Special Instructions and Notes\n 4) Package Location and Checksums\n 5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n 6) Authenticity Verification and Additional Information\n\n______________________________________________________________________________\n\n1) Problem Description and Brief Discussion\n\n Flash Player has been updated to version 10.3, fixing bugs\n and security issues. \n - CVE-2011-0589: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0618: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Numeric Errors (CWE-189)\n - CVE-2011-0619: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0620: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0621: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0622: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0623: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0624: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0625: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0626: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0627: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n \n More information can be found on:\n http://www.adobe.com/support/security/bulletins/apsb11-12.html\n\n2) Solution or Work-Around\n\n If supported by the browser, you can disable the flash plugin. \n\n3) Special Instructions and Notes\n\n After the flash player update has been installed, all programs utilizing\n the flash plugin should be restarted. In particular web browser sessions\n should be restarted.a\n\n4) Package Location and Checksums\n\n The preferred method for installing security updates is to use the YaST\n \"Online Update\" module or the \"zypper\" commandline tool. The package and\n patch management stack will detect which updates are required and\n automatically perform the necessary steps to verify and install them. \n\n Alternatively, download the update packages for your distribution manually\n and verify their integrity by the methods listed in Section 6 of this\n announcement. Then install the packages using the command\n\n rpm -Fhv \u003cfile.rpm\u003e\n\n to apply the update, replacing \u003cfile.rpm\u003e with the filename of the\n downloaded RPM package. \n\n \n x86 Platform:\n \n openSUSE 11.4:\n http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm\n \n openSUSE 11.3:\n http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm\n \n Sources:\n \n openSUSE 11.4:\n http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm\n \n openSUSE 11.3:\n http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm\n \n Our maintenance customers are notified individually. The packages are\n offered for installation from the maintenance web:\n \n SUSE Linux Enterprise Desktop 10 SP4\n http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69\n \n SUSE Linux Enterprise Desktop 11 SP1\n http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad\n\n______________________________________________________________________________\n\n5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n\n See SUSE Security Summary Report. \n\n______________________________________________________________________________\n\n6) Authenticity Verification and Additional Information\n\n - Announcement authenticity verification:\n\n SUSE security announcements are published via mailing lists and on Web\n sites. The authenticity and integrity of a SUSE security announcement is\n guaranteed by a cryptographic signature in each announcement. All SUSE\n security announcements are published with a valid signature. \n\n To verify the signature of the announcement, save it as text into a file\n and run the command\n\n gpg --verify \u003cfile\u003e\n\n replacing \u003cfile\u003e with the name of the file where you saved the\n announcement. The output for a valid signature looks like:\n\n gpg: Signature made \u003cDATE\u003e using RSA key ID 3D25D3D9\n gpg: Good signature from \"SuSE Security Team \u003csecurity@suse.de\u003e\"\n\n where \u003cDATE\u003e is replaced by the date the document was signed. \n\n If the security team\u0027s key is not contained in your key ring, you can\n import it from the first installation CD. To import the key, use the\n command\n\n gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc\n\n - Package authenticity verification:\n\n SUSE update packages are available on many mirror FTP servers all over the\n world. While this service is considered valuable and important to the free\n and open source software community, the authenticity and the integrity of\n a package needs to be verified to ensure that it has not been tampered\n with. \n\n The internal rpm package signatures provide an easy way to verify the\n authenticity of an RPM package. Use the command\n\n rpm -v --checksig \u003cfile.rpm\u003e\n\n to verify the signature of the package, replacing \u003cfile.rpm\u003e with the\n filename of the RPM package downloaded. The package is unmodified if it\n contains a valid signature from build@suse.de with the key ID 9C800ACA. \n\n This key is automatically imported into the RPM database (on\n RPMv4-based distributions) and the gpg key ring of \u0027root\u0027 during\n installation. You can also find it on the first installation CD and at\n the end of this announcement. \n\n - SUSE runs two security mailing lists to which any interested party may\n subscribe:\n\n opensuse-security@opensuse.org\n - General Linux and SUSE security discussion. \n All SUSE security announcements are sent to this list. \n To subscribe, send an e-mail to\n \u003copensuse-security+subscribe@opensuse.org\u003e. \n\n opensuse-security-announce@opensuse.org\n - SUSE\u0027s announce-only mailing list. \n Only SUSE\u0027s security announcements are sent to this list. \n To subscribe, send an e-mail to\n \u003copensuse-security-announce+subscribe@opensuse.org\u003e. \n The \u003csecurity@suse.de\u003e public key is listed below. \n =====================================================================\n______________________________________________________________________________\n\n The information in this advisory may be distributed or reproduced,\n provided that the advisory is not modified in any way. In particular, the\n clear text signature should show proof of the authenticity of the text. \n\n SUSE Linux Products GmbH provides no warranties of any kind whatsoever\n with respect to the information contained in this security advisory. \n\nType Bits/KeyID Date User ID\npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team \u003csecurity@suse.de\u003e\npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key \u003cbuild@suse.de\u003e\n\n- -----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1.4.2 (GNU/Linux)\n\nmQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA\nBqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz\nJR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh\n1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U\nP7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+\ncZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg\nVGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b\nyHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7\ntQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ\nxG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63\nOm8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo\nchoXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI\nBkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u\nv/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+\nx9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0\nIx30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq\nMkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2\nsaqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o\nL0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU\nF7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS\nFQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW\ntp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It\nKlj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF\nAjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+\n3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk\nYS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP\n+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR\n8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U\n8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S\ncZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh\nELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB\nUVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo\nAqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n\nKFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi\nBBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro\nnIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg\nKL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx\nyoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn\nB/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV\nwM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh\nUzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF\n5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3\nD3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu\nzgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd\n9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi\na5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13\nCNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp\n271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE\nt5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG\nB/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw\nrbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt\nIJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL\nrWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H\nRKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa\ng8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA\nCspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO\n=ypVs\n- -----END PGP PUBLIC KEY BLOCK-----\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.9 (GNU/Linux)\n\niQEVAwUBTdOSuney5gA9JdPZAQITxQf/Y5fPRPXZbk6J7KRCjiGoJ+zIfmIijKeh\nfF4WiLL02eRbTKbn/gVtb/bmxoRGRO6Np5q1XDjj253EWUc0Zn/oDWiXQzRvmir6\n3os2rjBfUGirpfVzAv0qSAiD7XbMUo/ohvcUwhAxb2PaWipRnynMzUANcARSJ924\n6YMitvr1IF+i8xDF8yThCFkkyjkDuBPzgomB6zs1/Fd+ku04mMFHLVYpf22DQcGh\nwYvHo46lMWURt+aLEu0TJ07OEocaARYfzwqUYuY/4FZ4ias+I1GjCjL1WldQxeA9\nrQ3AGEZ9YVARnkg4CwRHWcYlyYwobanDykmODfu20DWM0FOofrH6xw==\n=mivB\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\nFor more information:\nSA44590\n\nSOLUTION:\nUpdated packages are available via Red Hat Network. \n\nFor more information:\nSA44590\n\n2) An error within WebKit glue may result in an incorrect type cast. \n\n3) Multiple integer overflow errors exist within the handling of SVG\nfilters. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers and Adobe Security Advisories and\nBulletins referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=www-plugins/adobe-flash-10.3.183.10\"\n\nReferences\n==========\n\n[ 1 ] APSA11-01\n http://www.adobe.com/support/security/advisories/apsa11-01.html\n[ 2 ] APSA11-02\n http://www.adobe.com/support/security/advisories/apsa11-02.html\n[ 3 ] APSB11-02\n http://www.adobe.com/support/security/bulletins/apsb11-02.html\n[ 4 ] APSB11-12\n http://www.adobe.com/support/security/bulletins/apsb11-12.html\n[ 5 ] APSB11-13\n http://www.adobe.com/support/security/bulletins/apsb11-13.html\n[ 6 ] APSB11-21\n https://www.adobe.com/support/security/bulletins/apsb11-21.html\n[ 7 ] APSB11-26\n https://www.adobe.com/support/security/bulletins/apsb11-26.html\n[ 8 ] CVE-2011-0558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558\n[ 9 ] CVE-2011-0559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559\n[ 10 ] CVE-2011-0560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560\n[ 11 ] CVE-2011-0561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561\n[ 12 ] CVE-2011-0571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571\n[ 13 ] CVE-2011-0572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572\n[ 14 ] CVE-2011-0573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573\n[ 15 ] CVE-2011-0574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574\n[ 16 ] CVE-2011-0575\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575\n[ 17 ] CVE-2011-0577\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577\n[ 18 ] CVE-2011-0578\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578\n[ 19 ] CVE-2011-0579\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579\n[ 20 ] CVE-2011-0589\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589\n[ 21 ] CVE-2011-0607\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607\n[ 22 ] CVE-2011-0608\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608\n[ 23 ] CVE-2011-0609\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609\n[ 24 ] CVE-2011-0611\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611\n[ 25 ] CVE-2011-0618\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618\n[ 26 ] CVE-2011-0619\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619\n[ 27 ] CVE-2011-0620\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620\n[ 28 ] CVE-2011-0621\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621\n[ 29 ] CVE-2011-0622\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622\n[ 30 ] CVE-2011-0623\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623\n[ 31 ] CVE-2011-0624\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624\n[ 32 ] CVE-2011-0625\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625\n[ 33 ] CVE-2011-0626\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626\n[ 34 ] CVE-2011-0627\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627\n[ 35 ] CVE-2011-0628\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628\n[ 36 ] CVE-2011-2107\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107\n[ 37 ] CVE-2011-2110\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110\n[ 38 ] CVE-2011-2125\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135\n[ 39 ] CVE-2011-2130\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130\n[ 40 ] CVE-2011-2134\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134\n[ 41 ] CVE-2011-2136\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136\n[ 42 ] CVE-2011-2137\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137\n[ 43 ] CVE-2011-2138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138\n[ 44 ] CVE-2011-2139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139\n[ 45 ] CVE-2011-2140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140\n[ 46 ] CVE-2011-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414\n[ 47 ] CVE-2011-2415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415\n[ 48 ] CVE-2011-2416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416\n[ 49 ] CVE-2011-2417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417\n[ 50 ] CVE-2011-2424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424\n[ 51 ] CVE-2011-2425\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425\n[ 52 ] CVE-2011-2426\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426\n[ 53 ] CVE-2011-2427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427\n[ 54 ] CVE-2011-2428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428\n[ 55 ] CVE-2011-2429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429\n[ 56 ] CVE-2011-2430\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430\n[ 57 ] CVE-2011-2444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201110-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. ----------------------------------------------------------------------\n\n\nJoin Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria\nSee to the presentation \"The Dynamics and Threats of End-Point Software Portfolios\" by Secunia\u0027s Research Analyst Director, Stefan Frei. \nRead more:\nhttp://conference.first.org/ \n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Reader / Acrobat Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA43269\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43269/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269\n\nRELEASE DATE:\n2011-06-16\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43269/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43269/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Adobe Reader /\nAcrobat, which can be exploited by malicious people to conduct\ncross-site scripting attacks, disclose potentially sensitive\ninformation, bypass certain security restrictions, and compromise a\nuser\u0027s system. \n\n1) An error in 3difr.x3d due to the component trusting the provided\nstring length when processing certain files can be exploited to cause\na stack-based buffer overflow. \n\n2) An error in tesselate.x3d due to the component trusting the\nprovided string length when processing certain files can be exploited\nto cause a stack-based buffer overflow. \n\n3) An unspecified error can be exploited to cause a heap-based buffer\noverflow. \n\n4) An integer overflow error in ACE.dll when parsing the \"desc\" ICC\nchunk can be exploited to corrupt memory via a specially crafted PDF\nfile. \n\n5) An unspecified error can be exploited to corrupt memory. \n\n6) An unspecified error can be exploited to corrupt memory. \n\n7) An error due to the application loading certain unspecified\nlibraries in an insecure manner can be exploited to load arbitrary\nlibraries by tricking a user into e.g. opening a file located on a\nremote WebDAV or SMB share. \n\n9) An unspecified error can be exploited to bypass certain security\nrestrictions. \n\nThis vulnerability affects Adobe Reader and Acrobat X 10.x only. \n\n10) An unspecified error can be exploited to corrupt memory. \n\nThis vulnerability affects 8.x versions only. \n\n11) An unspecified error can be exploited to corrupt memory. \n\n12) An unspecified error can be exploited to corrupt memory. \n\n13) An unspecified error can be exploited to corrupt memory. \n\nFor more information:\nSA44590\nSA44846\n\nThe vulnerabilities are reported in the following products:\n* Adobe Reader X (10.0.1) and earlier for Windows. \n* Adobe Reader X (10.0.3) and earlier for Macintosh. \n* Adobe Reader 9.4.4 and earlier for Windows and Macintosh. \n* Adobe Reader 8.2.6 and earlier for Windows and Macintosh. \n* Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. \n* Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. \n* Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh. \n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\n1, 2) An anonymous person via ZDI. \n4) Secunia Research. \n\nThe vendor also credits:\n3, 6) Tarjei Mandt, Norman. \n5) Rodrigo Rubira Branco. \n7) Mila Parkour. \n8) Billy Rios, Google Security Team. \n9) Christian Navarrete, CubilFelino Security Research Lab. \n10) Tavis Ormandy, Google Security Team. \n11) Brett Gervasoni, Sense of Security. \n12) Will Dormann, CERT/CC. \n13) James Quirk, Los Alamos, New Mexico. \n\nORIGINAL ADVISORY:\nAdobe (APSB11-16):\nhttp://www.adobe.com/support/security/bulletins/apsb11-16.html\n\nSecunia Research:\nhttp://secunia.com/secunia_research/2011-41/\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-218/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-219/\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2011-0618" }, { "db": "JVNDB", "id": "JVNDB-2011-001644" }, { "db": "BID", "id": "47815" }, { "db": "VULHUB", "id": "VHN-48563" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-0618", "trust": 3.0 }, { "db": "BID", "id": "47815", "trust": 1.2 }, { "db": "SECUNIA", "id": "43269", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2011-001644", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201105-171", "trust": 0.7 }, { "db": "SECUNIA", "id": "44568", "trust": 0.7 }, { "db": "SECUNIA", "id": "44591", "trust": 0.7 }, { "db": "SECUNIA", "id": "44590", "trust": 0.7 }, { "db": "NSFOCUS", "id": "16829", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-48563", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101520", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101403", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101417", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105802", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-218", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-219", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "102309", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101414", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48563" }, { "db": "BID", "id": "47815" }, { "db": "JVNDB", "id": "JVNDB-2011-001644" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0618" }, { "db": "CNNVD", "id": "CNNVD-201105-171" } ] }, "id": "VAR-201105-0041", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-48563" } ], "trust": 0.24074074 }, "last_update_date": "2023-12-18T10:57:41.708000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB11-12", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "title": "cpsid_90300", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/903/cpsid_90300.html" }, { "title": "APSB11-12", "trust": 0.8, "url": "http://www.adobe.com/jp/support/security/bulletins/apsb11-12.html" }, { "title": "RHSA-2011:0511", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2011-0511.html" }, { "title": "Multiple vulnerabilities in Adobe Flashplayer", "trust": 0.8, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001644" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-189", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48563" }, { "db": "JVNDB", "id": "JVNDB-2011-001644" }, { "db": "NVD", "id": "CVE-2011-0618" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14106" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16041" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0618" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20110513-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2011/at110013.txt" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0618" }, { "trust": 0.8, "url": "http://secunia.com/advisories/43269" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/47815" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44568" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44590" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44591" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/16829" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.4, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.4, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.3, "url": "http://www.adobe.com" }, { "trust": 0.3, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer" }, { "trust": 0.3, "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=902" }, { "trust": 0.3, "url": "http://www.blackberry.com/btsc/kb27365" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/127e996-10b83-4ab94539ab540/cert_xrx11-003_v1.0.pdf" }, { "trust": 0.3, "url": "http://twitter.com/secunia" }, { "trust": 0.3, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.3, "url": "http://www.facebook.com/secunia" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0624" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0627" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0619" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0626" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0622" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0618" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0625" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0589" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0621" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0623" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0620" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm" }, { "trust": 0.1, "url": "http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm" }, { "trust": 0.1, "url": "http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44568/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44568" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44568/" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-0511.html" }, { "trust": 0.1, "url": "http://feeds.feedburner.com/googlechromereleases" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44591/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44591/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44591" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0579" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0626" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2414" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2417" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0575" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0607" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2135" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0621" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0624" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2425" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2107" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2416" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-02.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2110" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0575" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2424" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0559" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-21.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2426" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0620" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0579" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-13.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0578" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2130" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2134" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0619" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2137" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2138" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2136" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0578" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0623" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0577" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0589" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0627" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2428" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-26.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0607" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2430" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2427" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201110-11.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2140" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0559" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0625" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-01.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0622" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0618" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0577" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43269/" }, { "trust": 0.1, "url": "http://conference.first.org/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43269/#comments" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-16.html" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-218/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-219/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_research/2011-41/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44590/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44590/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44590" } ], "sources": [ { "db": "VULHUB", "id": "VHN-48563" }, { "db": "BID", "id": "47815" }, { "db": "JVNDB", "id": "JVNDB-2011-001644" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0618" }, { "db": "CNNVD", "id": "CNNVD-201105-171" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-48563" }, { "db": "BID", "id": "47815" }, { "db": "JVNDB", "id": "JVNDB-2011-001644" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0618" }, { "db": "CNNVD", "id": "CNNVD-201105-171" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-05-13T00:00:00", "db": "VULHUB", "id": "VHN-48563" }, { "date": "2011-05-12T00:00:00", "db": "BID", "id": "47815" }, { "date": "2011-05-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001644" }, { "date": "2011-05-18T14:23:49", "db": "PACKETSTORM", "id": "101520" }, { "date": "2011-05-13T05:29:19", "db": "PACKETSTORM", "id": "101403" }, { "date": "2011-05-15T11:28:00", "db": "PACKETSTORM", "id": "101417" }, { "date": "2011-10-14T06:16:06", "db": "PACKETSTORM", "id": "105802" }, { "date": "2011-06-16T02:14:44", "db": "PACKETSTORM", "id": "102309" }, { "date": "2011-05-15T11:27:52", "db": "PACKETSTORM", "id": "101414" }, { "date": "2011-05-13T22:55:01.220000", "db": "NVD", "id": "CVE-2011-0618" }, { "date": "2011-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201105-171" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-30T00:00:00", "db": "VULHUB", "id": "VHN-48563" }, { "date": "2013-06-20T09:39:00", "db": "BID", "id": "47815" }, { "date": "2011-08-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001644" }, { "date": "2018-10-30T16:26:24.687000", "db": "NVD", "id": "CVE-2011-0618" }, { "date": "2011-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201105-171" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "105802" }, { "db": "CNNVD", "id": "CNNVD-201105-171" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player Integer overflow vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001644" }, { "db": "CNNVD", "id": "CNNVD-201105-171" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "digital error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201105-171" } ], "trust": 0.6 } }
var-201105-0008
Vulnerability from variot
Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array object. Adobe Flash Player is prone to a remote integer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers and Adobe Security Advisories and Bulletins referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10"
References
[ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201110-11.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/
TITLE: Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA43269
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43269/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43269
RELEASE DATE: 2011-06-16
DISCUSS ADVISORY: http://secunia.com/advisories/43269/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43269/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43269
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Reader / Acrobat, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
1) An error in 3difr.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
2) An error in tesselate.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
3) An unspecified error can be exploited to cause a heap-based buffer overflow.
4) An integer overflow error in ACE.dll when parsing the "desc" ICC chunk can be exploited to corrupt memory via a specially crafted PDF file.
5) An unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to corrupt memory.
7) An error due to the application loading certain unspecified libraries in an insecure manner can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share.
9) An unspecified error can be exploited to bypass certain security restrictions.
This vulnerability affects Adobe Reader and Acrobat X 10.x only.
10) An unspecified error can be exploited to corrupt memory.
This vulnerability affects 8.x versions only.
11) An unspecified error can be exploited to corrupt memory.
12) An unspecified error can be exploited to corrupt memory.
13) An unspecified error can be exploited to corrupt memory.
For more information: SA44590 SA44846
The vulnerabilities are reported in the following products: * Adobe Reader X (10.0.1) and earlier for Windows. * Adobe Reader X (10.0.3) and earlier for Macintosh. * Adobe Reader 9.4.4 and earlier for Windows and Macintosh. * Adobe Reader 8.2.6 and earlier for Windows and Macintosh. * Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. * Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. * Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh.
SOLUTION: Apply updates (please see the vendor's advisory for details).
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: 1, 2) An anonymous person via ZDI. 4) Secunia Research.
The vendor also credits: 3, 6) Tarjei Mandt, Norman. 5) Rodrigo Rubira Branco. 7) Mila Parkour. 8) Billy Rios, Google Security Team. 9) Christian Navarrete, CubilFelino Security Research Lab. 10) Tavis Ormandy, Google Security Team. 11) Brett Gervasoni, Sense of Security. 12) Will Dormann, CERT/CC. 13) James Quirk, Los Alamos, New Mexico.
ORIGINAL ADVISORY: Adobe (APSB11-16): http://www.adobe.com/support/security/bulletins/apsb11-16.html
Secunia Research: http://secunia.com/secunia_research/2011-41/
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-218/ http://www.zerodayinitiative.com/advisories/ZDI-11-219/
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201105-0008", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.154.25" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.156.12" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.154.13" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.106.16" }, { "model": "flash player", "scope": "lte", "trust": 1.8, "vendor": "adobe", "version": "10.2.159.1" }, { "model": "flash player", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "10.1.92.8" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.2.152.33" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.24.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.63" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.35.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.14.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.28" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.1.52.14.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.67.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.33.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.0.584" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.1.52.15" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.2" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.262.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.112.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.2.152" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.69.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.68.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.25" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.21.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.22.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.16" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.61.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.12.10" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.53.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.18d60" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.66.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.155.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.34.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.45.2" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.283.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.24.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.79" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.42.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.39.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.19.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.31" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.73.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.2.152.32" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.70.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.114.0" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.2.157.51" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.60.0" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.2.157.51" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.2.159.1" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs4 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.2.154.28 for chrome a user" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.2.157.51 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary eus", "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "rhel supplementary eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6.z (server)" }, { "model": "rhel supplementary long life", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6 (server)" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "freeflow print server 73.b0.73", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.152.21" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.3.185.21" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "freeflow print server 73.a3.31", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "flash cs4 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.3.181.14" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "flash cs5 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" }, { "model": "solaris express", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.24" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.27" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.18" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.28" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.153.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.65" } ], "sources": [ { "db": "BID", "id": "47961" }, { "db": "JVNDB", "id": "JVNDB-2011-001692" }, { "db": "NVD", "id": "CVE-2011-0628" }, { "db": "CNNVD", "id": "CNNVD-201105-262" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.102.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.283.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.154.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2.159.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.154.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.277.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.106.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.156.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2.157.51", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.105.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2011-0628" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vitaliy Toropov through iDefense\u0027s Vulnerability Contributor Program", "sources": [ { "db": "BID", "id": "47961" }, { "db": "CNNVD", "id": "CNNVD-201105-262" } ], "trust": 0.9 }, "cve": "CVE-2011-0628", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2011-0628", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-48573", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2011-0628", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201105-262", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-48573", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-48573" }, { "db": "JVNDB", "id": "JVNDB-2011-001692" }, { "db": "NVD", "id": "CVE-2011-0628" }, { "db": "CNNVD", "id": "CNNVD-201105-262" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array object. Adobe Flash Player is prone to a remote integer-overflow vulnerability. \nAn attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers and Adobe Security Advisories and\nBulletins referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=www-plugins/adobe-flash-10.3.183.10\"\n\nReferences\n==========\n\n[ 1 ] APSA11-01\n http://www.adobe.com/support/security/advisories/apsa11-01.html\n[ 2 ] APSA11-02\n http://www.adobe.com/support/security/advisories/apsa11-02.html\n[ 3 ] APSB11-02\n http://www.adobe.com/support/security/bulletins/apsb11-02.html\n[ 4 ] APSB11-12\n http://www.adobe.com/support/security/bulletins/apsb11-12.html\n[ 5 ] APSB11-13\n http://www.adobe.com/support/security/bulletins/apsb11-13.html\n[ 6 ] APSB11-21\n https://www.adobe.com/support/security/bulletins/apsb11-21.html\n[ 7 ] APSB11-26\n https://www.adobe.com/support/security/bulletins/apsb11-26.html\n[ 8 ] CVE-2011-0558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558\n[ 9 ] CVE-2011-0559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559\n[ 10 ] CVE-2011-0560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560\n[ 11 ] CVE-2011-0561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561\n[ 12 ] CVE-2011-0571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571\n[ 13 ] CVE-2011-0572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572\n[ 14 ] CVE-2011-0573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573\n[ 15 ] CVE-2011-0574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574\n[ 16 ] CVE-2011-0575\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575\n[ 17 ] CVE-2011-0577\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577\n[ 18 ] CVE-2011-0578\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578\n[ 19 ] CVE-2011-0579\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579\n[ 20 ] CVE-2011-0589\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589\n[ 21 ] CVE-2011-0607\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607\n[ 22 ] CVE-2011-0608\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608\n[ 23 ] CVE-2011-0609\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609\n[ 24 ] CVE-2011-0611\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611\n[ 25 ] CVE-2011-0618\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618\n[ 26 ] CVE-2011-0619\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619\n[ 27 ] CVE-2011-0620\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620\n[ 28 ] CVE-2011-0621\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621\n[ 29 ] CVE-2011-0622\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622\n[ 30 ] CVE-2011-0623\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623\n[ 31 ] CVE-2011-0624\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624\n[ 32 ] CVE-2011-0625\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625\n[ 33 ] CVE-2011-0626\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626\n[ 34 ] CVE-2011-0627\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627\n[ 35 ] CVE-2011-0628\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628\n[ 36 ] CVE-2011-2107\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107\n[ 37 ] CVE-2011-2110\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110\n[ 38 ] CVE-2011-2125\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135\n[ 39 ] CVE-2011-2130\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130\n[ 40 ] CVE-2011-2134\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134\n[ 41 ] CVE-2011-2136\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136\n[ 42 ] CVE-2011-2137\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137\n[ 43 ] CVE-2011-2138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138\n[ 44 ] CVE-2011-2139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139\n[ 45 ] CVE-2011-2140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140\n[ 46 ] CVE-2011-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414\n[ 47 ] CVE-2011-2415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415\n[ 48 ] CVE-2011-2416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416\n[ 49 ] CVE-2011-2417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417\n[ 50 ] CVE-2011-2424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424\n[ 51 ] CVE-2011-2425\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425\n[ 52 ] CVE-2011-2426\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426\n[ 53 ] CVE-2011-2427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427\n[ 54 ] CVE-2011-2428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428\n[ 55 ] CVE-2011-2429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429\n[ 56 ] CVE-2011-2430\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430\n[ 57 ] CVE-2011-2444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201110-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. ----------------------------------------------------------------------\n\n\nJoin Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria\nSee to the presentation \"The Dynamics and Threats of End-Point Software Portfolios\" by Secunia\u0027s Research Analyst Director, Stefan Frei. \nRead more:\nhttp://conference.first.org/ \n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Reader / Acrobat Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA43269\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43269/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269\n\nRELEASE DATE:\n2011-06-16\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43269/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43269/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Adobe Reader /\nAcrobat, which can be exploited by malicious people to conduct\ncross-site scripting attacks, disclose potentially sensitive\ninformation, bypass certain security restrictions, and compromise a\nuser\u0027s system. \n\n1) An error in 3difr.x3d due to the component trusting the provided\nstring length when processing certain files can be exploited to cause\na stack-based buffer overflow. \n\n2) An error in tesselate.x3d due to the component trusting the\nprovided string length when processing certain files can be exploited\nto cause a stack-based buffer overflow. \n\n3) An unspecified error can be exploited to cause a heap-based buffer\noverflow. \n\n4) An integer overflow error in ACE.dll when parsing the \"desc\" ICC\nchunk can be exploited to corrupt memory via a specially crafted PDF\nfile. \n\n5) An unspecified error can be exploited to corrupt memory. \n\n6) An unspecified error can be exploited to corrupt memory. \n\n7) An error due to the application loading certain unspecified\nlibraries in an insecure manner can be exploited to load arbitrary\nlibraries by tricking a user into e.g. opening a file located on a\nremote WebDAV or SMB share. \n\n9) An unspecified error can be exploited to bypass certain security\nrestrictions. \n\nThis vulnerability affects Adobe Reader and Acrobat X 10.x only. \n\n10) An unspecified error can be exploited to corrupt memory. \n\nThis vulnerability affects 8.x versions only. \n\n11) An unspecified error can be exploited to corrupt memory. \n\n12) An unspecified error can be exploited to corrupt memory. \n\n13) An unspecified error can be exploited to corrupt memory. \n\nFor more information:\nSA44590\nSA44846\n\nThe vulnerabilities are reported in the following products:\n* Adobe Reader X (10.0.1) and earlier for Windows. \n* Adobe Reader X (10.0.3) and earlier for Macintosh. \n* Adobe Reader 9.4.4 and earlier for Windows and Macintosh. \n* Adobe Reader 8.2.6 and earlier for Windows and Macintosh. \n* Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. \n* Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. \n* Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh. \n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\n1, 2) An anonymous person via ZDI. \n4) Secunia Research. \n\nThe vendor also credits:\n3, 6) Tarjei Mandt, Norman. \n5) Rodrigo Rubira Branco. \n7) Mila Parkour. \n8) Billy Rios, Google Security Team. \n9) Christian Navarrete, CubilFelino Security Research Lab. \n10) Tavis Ormandy, Google Security Team. \n11) Brett Gervasoni, Sense of Security. \n12) Will Dormann, CERT/CC. \n13) James Quirk, Los Alamos, New Mexico. \n\nORIGINAL ADVISORY:\nAdobe (APSB11-16):\nhttp://www.adobe.com/support/security/bulletins/apsb11-16.html\n\nSecunia Research:\nhttp://secunia.com/secunia_research/2011-41/\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-218/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-219/\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2011-0628" }, { "db": "JVNDB", "id": "JVNDB-2011-001692" }, { "db": "BID", "id": "47961" }, { "db": "VULHUB", "id": "VHN-48573" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-0628", "trust": 2.9 }, { "db": "BID", "id": "47961", "trust": 2.8 }, { "db": "SECUNIA", "id": "43269", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2011-001692", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201105-262", "trust": 0.7 }, { "db": "XF", "id": "67638", "trust": 0.6 }, { "db": "IDEFENSE", "id": "20110524 ADOBE FLASH PLAYER ACTIONSCRIPT INTEGER OVERFLOW VULNERABILITY", "trust": 0.6 }, { "db": "NSFOCUS", "id": "16865", "trust": 0.6 }, { "db": "SEEBUG", "id": "SSVID-20583", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-48573", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105802", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-218", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-219", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "102309", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48573" }, { "db": "BID", "id": "47961" }, { "db": "JVNDB", "id": "JVNDB-2011-001692" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "NVD", "id": "CVE-2011-0628" }, { "db": "CNNVD", "id": "CNNVD-201105-262" } ] }, "id": "VAR-201105-0008", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-48573" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:33:03.350000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB11-12", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "title": "cpsid_90300", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/903/cpsid_90300.html" }, { "title": "APSB11-12", "trust": 0.8, "url": "http://www.adobe.com/jp/support/security/bulletins/apsb11-12.html" }, { "title": "RHSA-2011:0511", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2011-0511.html" }, { "title": "Multiple vulnerabilities in Adobe Flashplayer", "trust": 0.8, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001692" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-189", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48573" }, { "db": "JVNDB", "id": "JVNDB-2011-001692" }, { "db": "NVD", "id": "CVE-2011-0628" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://www.securityfocus.com/bid/47961" }, { "trust": 2.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "trust": 2.0, "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=908" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a13994" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15639" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67638" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0628" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20110513-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2011/at110013.txt" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0628" }, { "trust": 0.8, "url": "http://secunia.com/advisories/43269" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.6, "url": "http://xforce.iss.net/xforce/xfdb/67638" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/16865" }, { "trust": 0.3, "url": "http://www.adobe.com" }, { "trust": 0.3, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/127e996-10b83-4ab94539ab540/cert_xrx11-003_v1.0.pdf" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0579" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0624" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0627" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0622" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0626" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2414" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0625" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2417" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0575" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0607" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0623" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2135" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0560" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0620" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0621" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0624" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0626" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2425" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2107" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2416" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-02.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2110" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0575" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2424" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0559" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-21.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2426" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0620" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0579" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-13.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0578" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2130" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2134" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0572" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0618" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0619" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2137" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2138" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0558" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0589" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2136" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0578" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0623" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0621" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0577" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0589" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0627" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2428" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0619" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-26.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0607" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2430" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2427" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201110-11.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2140" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0559" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0625" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-01.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0622" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0618" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0577" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43269/" }, { "trust": 0.1, "url": "http://conference.first.org/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43269/#comments" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-16.html" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-218/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-219/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_research/2011-41/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269" } ], "sources": [ { "db": "VULHUB", "id": "VHN-48573" }, { "db": "BID", "id": "47961" }, { "db": "JVNDB", "id": "JVNDB-2011-001692" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "NVD", "id": "CVE-2011-0628" }, { "db": "CNNVD", "id": "CNNVD-201105-262" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-48573" }, { "db": "BID", "id": "47961" }, { "db": "JVNDB", "id": "JVNDB-2011-001692" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "NVD", "id": "CVE-2011-0628" }, { "db": "CNNVD", "id": "CNNVD-201105-262" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-05-31T00:00:00", "db": "VULHUB", "id": "VHN-48573" }, { "date": "2011-05-24T00:00:00", "db": "BID", "id": "47961" }, { "date": "2011-06-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001692" }, { "date": "2011-10-14T06:16:06", "db": "PACKETSTORM", "id": "105802" }, { "date": "2011-06-16T02:14:44", "db": "PACKETSTORM", "id": "102309" }, { "date": "2011-05-31T20:55:01.687000", "db": "NVD", "id": "CVE-2011-0628" }, { "date": "1900-01-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201105-262" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-30T00:00:00", "db": "VULHUB", "id": "VHN-48573" }, { "date": "2013-06-20T09:38:00", "db": "BID", "id": "47961" }, { "date": "2011-08-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001692" }, { "date": "2018-10-30T16:26:24.687000", "db": "NVD", "id": "CVE-2011-0628" }, { "date": "2011-06-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201105-262" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "105802" }, { "db": "CNNVD", "id": "CNNVD-201105-262" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player Integer overflow vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001692" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "digital error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201105-262" } ], "trust": 0.6 } }
var-201105-0015
Vulnerability from variot
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0625, and CVE-2011-0626. Adobe Flash Player Contains a vulnerability that allows arbitrary code execution. This vulnerability CVE-2011-0623 , CVE-2011-0625 and CVE-2011-0626 Is a different vulnerability.An attacker could execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUSE Security Announcement
Package: flash-player
Announcement ID: SUSE-SA:2011:025
Date: Tue, 17 May 2011 12:00:00 +0000
Affected Products: openSUSE 11.3
openSUSE 11.4
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 10 SP4
Vulnerability Type: remote code execution
CVSS v2 Base Score: 6.8
SUSE Default Package: yes
Cross-References: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619
CVE-2011-0620, CVE-2011-0621, CVE-2011-0622
CVE-2011-0623, CVE-2011-0624, CVE-2011-0625
CVE-2011-0626, CVE-2011-0627
Content of This Advisory:
1) Problem Description
flash-player security update to 10.3
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
6) Authenticity Verification and Additional Information
1) Problem Description and Brief Discussion
Flash Player has been updated to version 10.3, fixing bugs and security issues. - CVE-2011-0589: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0618: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Numeric Errors (CWE-189) - CVE-2011-0619: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0620: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0621: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0622: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0623: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0624: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0625: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0626: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0627: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20)
More information can be found on: http://www.adobe.com/support/security/bulletins/apsb11-12.html
2) Solution or Work-Around
If supported by the browser, you can disable the flash plugin.
3) Special Instructions and Notes
After the flash player update has been installed, all programs utilizing the flash plugin should be restarted. In particular web browser sessions should be restarted.a
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST "Online Update" module or the "zypper" commandline tool. The package and patch management stack will detect which updates are required and automatically perform the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing
x86 Platform:
openSUSE 11.4: http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm
openSUSE 11.3: http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm
Sources:
openSUSE 11.4: http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm
openSUSE 11.3: http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm
Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web:
SUSE Linux Enterprise Desktop 10 SP4 http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69
SUSE Linux Enterprise Desktop 11 SP1 http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
-
Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file and run the command
gpg --verify
replacing
with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made
using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team security@suse.de" where
is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
-
Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with.
The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command
rpm -v --checksig
to verify the signature of the package, replacing
with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement.
-
SUSE runs two security mailing lists to which any interested party may subscribe:
opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to opensuse-security+subscribe@opensuse.org.
opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to opensuse-security-announce+subscribe@opensuse.org. The security@suse.de public key is listed below. =====================================================================
The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team security@suse.de pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key build@suse.de
- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux)
iQEVAwUBTdOSuney5gA9JdPZAQITxQf/Y5fPRPXZbk6J7KRCjiGoJ+zIfmIijKeh fF4WiLL02eRbTKbn/gVtb/bmxoRGRO6Np5q1XDjj253EWUc0Zn/oDWiXQzRvmir6 3os2rjBfUGirpfVzAv0qSAiD7XbMUo/ohvcUwhAxb2PaWipRnynMzUANcARSJ924 6YMitvr1IF+i8xDF8yThCFkkyjkDuBPzgomB6zs1/Fd+ku04mMFHLVYpf22DQcGh wYvHo46lMWURt+aLEu0TJ07OEocaARYfzwqUYuY/4FZ4ias+I1GjCjL1WldQxeA9 rQ3AGEZ9YVARnkg4CwRHWcYlyYwobanDykmODfu20DWM0FOofrH6xw== =mivB -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
For more information: SA44590
SOLUTION: Updated packages are available via Red Hat Network.
For more information: SA44590
2) An error within WebKit glue may result in an incorrect type cast.
3) Multiple integer overflow errors exist within the handling of SVG filters.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers and Adobe Security Advisories and Bulletins referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10"
References
[ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201110-11.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/
TITLE: Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA43269
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43269/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43269
RELEASE DATE: 2011-06-16
DISCUSS ADVISORY: http://secunia.com/advisories/43269/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43269/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43269
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Reader / Acrobat, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
1) An error in 3difr.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
2) An error in tesselate.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
3) An unspecified error can be exploited to cause a heap-based buffer overflow.
4) An integer overflow error in ACE.dll when parsing the "desc" ICC chunk can be exploited to corrupt memory via a specially crafted PDF file.
5) An unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to corrupt memory.
7) An error due to the application loading certain unspecified libraries in an insecure manner can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share.
9) An unspecified error can be exploited to bypass certain security restrictions.
This vulnerability affects Adobe Reader and Acrobat X 10.x only.
10) An unspecified error can be exploited to corrupt memory.
This vulnerability affects 8.x versions only.
11) An unspecified error can be exploited to corrupt memory.
12) An unspecified error can be exploited to corrupt memory.
13) An unspecified error can be exploited to corrupt memory.
For more information: SA44590 SA44846
The vulnerabilities are reported in the following products: * Adobe Reader X (10.0.1) and earlier for Windows. * Adobe Reader X (10.0.3) and earlier for Macintosh. * Adobe Reader 9.4.4 and earlier for Windows and Macintosh. * Adobe Reader 8.2.6 and earlier for Windows and Macintosh. * Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. * Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. * Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh.
SOLUTION: Apply updates (please see the vendor's advisory for details).
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: 1, 2) An anonymous person via ZDI. 4) Secunia Research.
The vendor also credits: 3, 6) Tarjei Mandt, Norman. 5) Rodrigo Rubira Branco. 7) Mila Parkour. 8) Billy Rios, Google Security Team. 9) Christian Navarrete, CubilFelino Security Research Lab. 10) Tavis Ormandy, Google Security Team. 11) Brett Gervasoni, Sense of Security. 12) Will Dormann, CERT/CC. 13) James Quirk, Los Alamos, New Mexico.
ORIGINAL ADVISORY: Adobe (APSB11-16): http://www.adobe.com/support/security/bulletins/apsb11-16.html
Secunia Research: http://secunia.com/secunia_research/2011-41/
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-218/ http://www.zerodayinitiative.com/advisories/ZDI-11-219/
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201105-0015", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.154.25" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.156.12" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.154.13" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.106.16" }, { "model": "flash player", "scope": "lte", "trust": 1.8, "vendor": "adobe", "version": "10.2.159.1" }, { "model": "flash player", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "10.1.92.8" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.2.152.33" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.24.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.63" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.35.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.14.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.28" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.1.52.14.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.67.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.33.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.0.584" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.1.52.15" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.2" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.262.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.112.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.2.152" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.69.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.68.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.25" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.21.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.22.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.16" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.61.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.12.10" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.53.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.18d60" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.66.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.155.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.34.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.45.2" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.283.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.24.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.79" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.42.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.39.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.19.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.31" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.73.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.2.152.32" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.70.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.114.0" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.2.157.51" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.60.0" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.2.157.51" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.2.159.1" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs4 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.2.154.28 for chrome users" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.2.157.51 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary eus", "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "rhel supplementary eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6.z (server)" }, { "model": "rhel supplementary long life", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6 (server)" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "freeflow print server 73.b0.73", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.152.21" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.3.185.21" }, { "model": "hat enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "in motion blackberry playbook tablet software", "scope": "ne", "trust": 0.3, "vendor": "research", "version": "1.0.6" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "freeflow print server 73.a3.31", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "in motion blackberry playbook tablet software", "scope": "eq", "trust": 0.3, "vendor": "research", "version": "1.0.5.2342" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "flash cs4 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.3.181.14" }, { "model": "flash cs5 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" }, { "model": "solaris express", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.24" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.4" }, { "model": "hat enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.27" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.18" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.28" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.153.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "hat enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.65" } ], "sources": [ { "db": "BID", "id": "47812" }, { "db": "JVNDB", "id": "JVNDB-2011-001650" }, { "db": "NVD", "id": "CVE-2011-0624" }, { "db": "CNNVD", "id": "CNNVD-201105-177" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.102.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.283.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2.159.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.154.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.154.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.277.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.105.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.106.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.156.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2.157.51", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2011-0624" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Secunia", "sources": [ { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" } ], "trust": 0.4 }, "cve": "CVE-2011-0624", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2011-0624", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-48569", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2011-0624", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201105-177", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-48569", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-48569" }, { "db": "JVNDB", "id": "JVNDB-2011-001650" }, { "db": "NVD", "id": "CVE-2011-0624" }, { "db": "CNNVD", "id": "CNNVD-201105-177" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a \"bounds checking\" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0625, and CVE-2011-0626. Adobe Flash Player Contains a vulnerability that allows arbitrary code execution. This vulnerability CVE-2011-0623 , CVE-2011-0625 and CVE-2011-0626 Is a different vulnerability.An attacker could execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n______________________________________________________________________________\n\n SUSE Security Announcement\n\n Package: flash-player\n Announcement ID: SUSE-SA:2011:025\n Date: Tue, 17 May 2011 12:00:00 +0000\n Affected Products: openSUSE 11.3\n openSUSE 11.4\n SUSE Linux Enterprise Desktop 11 SP1\n SUSE Linux Enterprise Desktop 10 SP4\n Vulnerability Type: remote code execution\n CVSS v2 Base Score: 6.8\n SUSE Default Package: yes\n Cross-References: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619\n CVE-2011-0620, CVE-2011-0621, CVE-2011-0622\n CVE-2011-0623, CVE-2011-0624, CVE-2011-0625\n CVE-2011-0626, CVE-2011-0627\n\n Content of This Advisory:\n 1) Problem Description\n flash-player security update to 10.3\n 2) Solution or Work-Around\n 3) Special Instructions and Notes\n 4) Package Location and Checksums\n 5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n 6) Authenticity Verification and Additional Information\n\n______________________________________________________________________________\n\n1) Problem Description and Brief Discussion\n\n Flash Player has been updated to version 10.3, fixing bugs\n and security issues. \n - CVE-2011-0589: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0618: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Numeric Errors (CWE-189)\n - CVE-2011-0619: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0620: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0621: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0622: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0623: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0624: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0625: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0626: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0627: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n \n More information can be found on:\n http://www.adobe.com/support/security/bulletins/apsb11-12.html\n\n2) Solution or Work-Around\n\n If supported by the browser, you can disable the flash plugin. \n\n3) Special Instructions and Notes\n\n After the flash player update has been installed, all programs utilizing\n the flash plugin should be restarted. In particular web browser sessions\n should be restarted.a\n\n4) Package Location and Checksums\n\n The preferred method for installing security updates is to use the YaST\n \"Online Update\" module or the \"zypper\" commandline tool. The package and\n patch management stack will detect which updates are required and\n automatically perform the necessary steps to verify and install them. \n\n Alternatively, download the update packages for your distribution manually\n and verify their integrity by the methods listed in Section 6 of this\n announcement. Then install the packages using the command\n\n rpm -Fhv \u003cfile.rpm\u003e\n\n to apply the update, replacing \u003cfile.rpm\u003e with the filename of the\n downloaded RPM package. \n\n \n x86 Platform:\n \n openSUSE 11.4:\n http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm\n \n openSUSE 11.3:\n http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm\n \n Sources:\n \n openSUSE 11.4:\n http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm\n \n openSUSE 11.3:\n http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm\n \n Our maintenance customers are notified individually. The packages are\n offered for installation from the maintenance web:\n \n SUSE Linux Enterprise Desktop 10 SP4\n http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69\n \n SUSE Linux Enterprise Desktop 11 SP1\n http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad\n\n______________________________________________________________________________\n\n5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n\n See SUSE Security Summary Report. \n\n______________________________________________________________________________\n\n6) Authenticity Verification and Additional Information\n\n - Announcement authenticity verification:\n\n SUSE security announcements are published via mailing lists and on Web\n sites. The authenticity and integrity of a SUSE security announcement is\n guaranteed by a cryptographic signature in each announcement. All SUSE\n security announcements are published with a valid signature. \n\n To verify the signature of the announcement, save it as text into a file\n and run the command\n\n gpg --verify \u003cfile\u003e\n\n replacing \u003cfile\u003e with the name of the file where you saved the\n announcement. The output for a valid signature looks like:\n\n gpg: Signature made \u003cDATE\u003e using RSA key ID 3D25D3D9\n gpg: Good signature from \"SuSE Security Team \u003csecurity@suse.de\u003e\"\n\n where \u003cDATE\u003e is replaced by the date the document was signed. \n\n If the security team\u0027s key is not contained in your key ring, you can\n import it from the first installation CD. To import the key, use the\n command\n\n gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc\n\n - Package authenticity verification:\n\n SUSE update packages are available on many mirror FTP servers all over the\n world. While this service is considered valuable and important to the free\n and open source software community, the authenticity and the integrity of\n a package needs to be verified to ensure that it has not been tampered\n with. \n\n The internal rpm package signatures provide an easy way to verify the\n authenticity of an RPM package. Use the command\n\n rpm -v --checksig \u003cfile.rpm\u003e\n\n to verify the signature of the package, replacing \u003cfile.rpm\u003e with the\n filename of the RPM package downloaded. The package is unmodified if it\n contains a valid signature from build@suse.de with the key ID 9C800ACA. \n\n This key is automatically imported into the RPM database (on\n RPMv4-based distributions) and the gpg key ring of \u0027root\u0027 during\n installation. You can also find it on the first installation CD and at\n the end of this announcement. \n\n - SUSE runs two security mailing lists to which any interested party may\n subscribe:\n\n opensuse-security@opensuse.org\n - General Linux and SUSE security discussion. \n All SUSE security announcements are sent to this list. \n To subscribe, send an e-mail to\n \u003copensuse-security+subscribe@opensuse.org\u003e. \n\n opensuse-security-announce@opensuse.org\n - SUSE\u0027s announce-only mailing list. \n Only SUSE\u0027s security announcements are sent to this list. \n To subscribe, send an e-mail to\n \u003copensuse-security-announce+subscribe@opensuse.org\u003e. \n The \u003csecurity@suse.de\u003e public key is listed below. \n =====================================================================\n______________________________________________________________________________\n\n The information in this advisory may be distributed or reproduced,\n provided that the advisory is not modified in any way. In particular, the\n clear text signature should show proof of the authenticity of the text. \n\n SUSE Linux Products GmbH provides no warranties of any kind whatsoever\n with respect to the information contained in this security advisory. \n\nType Bits/KeyID Date User ID\npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team \u003csecurity@suse.de\u003e\npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key \u003cbuild@suse.de\u003e\n\n- -----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1.4.2 (GNU/Linux)\n\nmQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA\nBqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz\nJR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh\n1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U\nP7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+\ncZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg\nVGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b\nyHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7\ntQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ\nxG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63\nOm8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo\nchoXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI\nBkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u\nv/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+\nx9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0\nIx30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq\nMkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2\nsaqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o\nL0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU\nF7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS\nFQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW\ntp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It\nKlj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF\nAjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+\n3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk\nYS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP\n+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR\n8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U\n8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S\ncZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh\nELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB\nUVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo\nAqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n\nKFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi\nBBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro\nnIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg\nKL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx\nyoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn\nB/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV\nwM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh\nUzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF\n5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3\nD3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu\nzgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd\n9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi\na5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13\nCNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp\n271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE\nt5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG\nB/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw\nrbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt\nIJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL\nrWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H\nRKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa\ng8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA\nCspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO\n=ypVs\n- -----END PGP PUBLIC KEY BLOCK-----\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.9 (GNU/Linux)\n\niQEVAwUBTdOSuney5gA9JdPZAQITxQf/Y5fPRPXZbk6J7KRCjiGoJ+zIfmIijKeh\nfF4WiLL02eRbTKbn/gVtb/bmxoRGRO6Np5q1XDjj253EWUc0Zn/oDWiXQzRvmir6\n3os2rjBfUGirpfVzAv0qSAiD7XbMUo/ohvcUwhAxb2PaWipRnynMzUANcARSJ924\n6YMitvr1IF+i8xDF8yThCFkkyjkDuBPzgomB6zs1/Fd+ku04mMFHLVYpf22DQcGh\nwYvHo46lMWURt+aLEu0TJ07OEocaARYfzwqUYuY/4FZ4ias+I1GjCjL1WldQxeA9\nrQ3AGEZ9YVARnkg4CwRHWcYlyYwobanDykmODfu20DWM0FOofrH6xw==\n=mivB\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\nFor more information:\nSA44590\n\nSOLUTION:\nUpdated packages are available via Red Hat Network. \n\nFor more information:\nSA44590\n\n2) An error within WebKit glue may result in an incorrect type cast. \n\n3) Multiple integer overflow errors exist within the handling of SVG\nfilters. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers and Adobe Security Advisories and\nBulletins referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=www-plugins/adobe-flash-10.3.183.10\"\n\nReferences\n==========\n\n[ 1 ] APSA11-01\n http://www.adobe.com/support/security/advisories/apsa11-01.html\n[ 2 ] APSA11-02\n http://www.adobe.com/support/security/advisories/apsa11-02.html\n[ 3 ] APSB11-02\n http://www.adobe.com/support/security/bulletins/apsb11-02.html\n[ 4 ] APSB11-12\n http://www.adobe.com/support/security/bulletins/apsb11-12.html\n[ 5 ] APSB11-13\n http://www.adobe.com/support/security/bulletins/apsb11-13.html\n[ 6 ] APSB11-21\n https://www.adobe.com/support/security/bulletins/apsb11-21.html\n[ 7 ] APSB11-26\n https://www.adobe.com/support/security/bulletins/apsb11-26.html\n[ 8 ] CVE-2011-0558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558\n[ 9 ] CVE-2011-0559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559\n[ 10 ] CVE-2011-0560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560\n[ 11 ] CVE-2011-0561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561\n[ 12 ] CVE-2011-0571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571\n[ 13 ] CVE-2011-0572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572\n[ 14 ] CVE-2011-0573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573\n[ 15 ] CVE-2011-0574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574\n[ 16 ] CVE-2011-0575\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575\n[ 17 ] CVE-2011-0577\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577\n[ 18 ] CVE-2011-0578\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578\n[ 19 ] CVE-2011-0579\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579\n[ 20 ] CVE-2011-0589\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589\n[ 21 ] CVE-2011-0607\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607\n[ 22 ] CVE-2011-0608\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608\n[ 23 ] CVE-2011-0609\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609\n[ 24 ] CVE-2011-0611\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611\n[ 25 ] CVE-2011-0618\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618\n[ 26 ] CVE-2011-0619\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619\n[ 27 ] CVE-2011-0620\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620\n[ 28 ] CVE-2011-0621\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621\n[ 29 ] CVE-2011-0622\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622\n[ 30 ] CVE-2011-0623\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623\n[ 31 ] CVE-2011-0624\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624\n[ 32 ] CVE-2011-0625\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625\n[ 33 ] CVE-2011-0626\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626\n[ 34 ] CVE-2011-0627\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627\n[ 35 ] CVE-2011-0628\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628\n[ 36 ] CVE-2011-2107\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107\n[ 37 ] CVE-2011-2110\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110\n[ 38 ] CVE-2011-2125\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135\n[ 39 ] CVE-2011-2130\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130\n[ 40 ] CVE-2011-2134\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134\n[ 41 ] CVE-2011-2136\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136\n[ 42 ] CVE-2011-2137\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137\n[ 43 ] CVE-2011-2138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138\n[ 44 ] CVE-2011-2139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139\n[ 45 ] CVE-2011-2140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140\n[ 46 ] CVE-2011-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414\n[ 47 ] CVE-2011-2415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415\n[ 48 ] CVE-2011-2416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416\n[ 49 ] CVE-2011-2417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417\n[ 50 ] CVE-2011-2424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424\n[ 51 ] CVE-2011-2425\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425\n[ 52 ] CVE-2011-2426\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426\n[ 53 ] CVE-2011-2427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427\n[ 54 ] CVE-2011-2428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428\n[ 55 ] CVE-2011-2429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429\n[ 56 ] CVE-2011-2430\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430\n[ 57 ] CVE-2011-2444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201110-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. ----------------------------------------------------------------------\n\n\nJoin Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria\nSee to the presentation \"The Dynamics and Threats of End-Point Software Portfolios\" by Secunia\u0027s Research Analyst Director, Stefan Frei. \nRead more:\nhttp://conference.first.org/ \n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Reader / Acrobat Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA43269\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43269/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269\n\nRELEASE DATE:\n2011-06-16\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43269/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43269/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Adobe Reader /\nAcrobat, which can be exploited by malicious people to conduct\ncross-site scripting attacks, disclose potentially sensitive\ninformation, bypass certain security restrictions, and compromise a\nuser\u0027s system. \n\n1) An error in 3difr.x3d due to the component trusting the provided\nstring length when processing certain files can be exploited to cause\na stack-based buffer overflow. \n\n2) An error in tesselate.x3d due to the component trusting the\nprovided string length when processing certain files can be exploited\nto cause a stack-based buffer overflow. \n\n3) An unspecified error can be exploited to cause a heap-based buffer\noverflow. \n\n4) An integer overflow error in ACE.dll when parsing the \"desc\" ICC\nchunk can be exploited to corrupt memory via a specially crafted PDF\nfile. \n\n5) An unspecified error can be exploited to corrupt memory. \n\n6) An unspecified error can be exploited to corrupt memory. \n\n7) An error due to the application loading certain unspecified\nlibraries in an insecure manner can be exploited to load arbitrary\nlibraries by tricking a user into e.g. opening a file located on a\nremote WebDAV or SMB share. \n\n9) An unspecified error can be exploited to bypass certain security\nrestrictions. \n\nThis vulnerability affects Adobe Reader and Acrobat X 10.x only. \n\n10) An unspecified error can be exploited to corrupt memory. \n\nThis vulnerability affects 8.x versions only. \n\n11) An unspecified error can be exploited to corrupt memory. \n\n12) An unspecified error can be exploited to corrupt memory. \n\n13) An unspecified error can be exploited to corrupt memory. \n\nFor more information:\nSA44590\nSA44846\n\nThe vulnerabilities are reported in the following products:\n* Adobe Reader X (10.0.1) and earlier for Windows. \n* Adobe Reader X (10.0.3) and earlier for Macintosh. \n* Adobe Reader 9.4.4 and earlier for Windows and Macintosh. \n* Adobe Reader 8.2.6 and earlier for Windows and Macintosh. \n* Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. \n* Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. \n* Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh. \n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\n1, 2) An anonymous person via ZDI. \n4) Secunia Research. \n\nThe vendor also credits:\n3, 6) Tarjei Mandt, Norman. \n5) Rodrigo Rubira Branco. \n7) Mila Parkour. \n8) Billy Rios, Google Security Team. \n9) Christian Navarrete, CubilFelino Security Research Lab. \n10) Tavis Ormandy, Google Security Team. \n11) Brett Gervasoni, Sense of Security. \n12) Will Dormann, CERT/CC. \n13) James Quirk, Los Alamos, New Mexico. \n\nORIGINAL ADVISORY:\nAdobe (APSB11-16):\nhttp://www.adobe.com/support/security/bulletins/apsb11-16.html\n\nSecunia Research:\nhttp://secunia.com/secunia_research/2011-41/\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-218/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-219/\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2011-0624" }, { "db": "JVNDB", "id": "JVNDB-2011-001650" }, { "db": "BID", "id": "47812" }, { "db": "VULHUB", "id": "VHN-48569" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-0624", "trust": 3.0 }, { "db": "BID", "id": "47812", "trust": 1.2 }, { "db": "SECUNIA", "id": "43269", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2011-001650", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201105-177", "trust": 0.7 }, { "db": "SECUNIA", "id": "44568", "trust": 0.7 }, { "db": "SECUNIA", "id": "44591", "trust": 0.7 }, { "db": "SECUNIA", "id": "44590", "trust": 0.7 }, { "db": "NSFOCUS", "id": "16830", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-48569", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101520", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101403", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101417", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105802", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-218", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-219", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "102309", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101414", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48569" }, { "db": "BID", "id": "47812" }, { "db": "JVNDB", "id": "JVNDB-2011-001650" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0624" }, { "db": "CNNVD", "id": "CNNVD-201105-177" } ] }, "id": "VAR-201105-0015", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-48569" } ], "trust": 0.24074074 }, "last_update_date": "2023-12-18T11:14:15.061000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB11-12", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "title": "cpsid_90300", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/903/cpsid_90300.html" }, { "title": "APSB11-12", "trust": 0.8, "url": "http://www.adobe.com/jp/support/security/bulletins/apsb11-12.html" }, { "title": "RHSA-2011:0511", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2011-0511.html" }, { "title": "Multiple vulnerabilities in Adobe Flashplayer", "trust": 0.8, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer" }, { "title": "install_flashplayer11x32ax_gtba_chra_dy_aih", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=44945" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001650" }, { "db": "CNNVD", "id": "CNNVD-201105-177" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48569" }, { "db": "JVNDB", "id": "JVNDB-2011-001650" }, { "db": "NVD", "id": "CVE-2011-0624" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a13924" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16010" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0624" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20110513-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2011/at110013.txt" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0624" }, { "trust": 0.8, "url": "http://secunia.com/advisories/43269" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/47812" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44568" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44590" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44591" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/16830" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.4, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.4, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.3, "url": "http://www.adobe.com" }, { "trust": 0.3, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer" }, { "trust": 0.3, "url": "http://www.blackberry.com/btsc/kb27365" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/127e996-10b83-4ab94539ab540/cert_xrx11-003_v1.0.pdf" }, { "trust": 0.3, "url": "http://twitter.com/secunia" }, { "trust": 0.3, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.3, "url": "http://www.facebook.com/secunia" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0624" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0627" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0619" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0626" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0622" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0618" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0625" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0589" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0621" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0623" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0620" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm" }, { "trust": 0.1, "url": "http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm" }, { "trust": 0.1, "url": "http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44568/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44568" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44568/" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-0511.html" }, { "trust": 0.1, "url": "http://feeds.feedburner.com/googlechromereleases" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44591/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44591/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44591" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0579" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0626" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2414" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2417" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0575" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0607" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2135" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0621" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0624" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2425" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2107" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2416" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-02.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2110" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0575" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2424" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0559" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-21.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2426" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0620" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0579" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-13.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0578" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2130" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2134" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0619" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2137" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2138" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2136" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0578" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0623" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0577" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0589" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0627" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2428" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-26.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0607" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2430" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2427" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201110-11.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2140" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0559" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0625" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-01.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0622" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0618" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0577" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43269/" }, { "trust": 0.1, "url": "http://conference.first.org/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43269/#comments" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-16.html" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-218/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-219/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_research/2011-41/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44590/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44590/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44590" } ], "sources": [ { "db": "VULHUB", "id": "VHN-48569" }, { "db": "BID", "id": "47812" }, { "db": "JVNDB", "id": "JVNDB-2011-001650" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0624" }, { "db": "CNNVD", "id": "CNNVD-201105-177" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-48569" }, { "db": "BID", "id": "47812" }, { "db": "JVNDB", "id": "JVNDB-2011-001650" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0624" }, { "db": "CNNVD", "id": "CNNVD-201105-177" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-05-13T00:00:00", "db": "VULHUB", "id": "VHN-48569" }, { "date": "2011-05-12T00:00:00", "db": "BID", "id": "47812" }, { "date": "2011-05-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001650" }, { "date": "2011-05-18T14:23:49", "db": "PACKETSTORM", "id": "101520" }, { "date": "2011-05-13T05:29:19", "db": "PACKETSTORM", "id": "101403" }, { "date": "2011-05-15T11:28:00", "db": "PACKETSTORM", "id": "101417" }, { "date": "2011-10-14T06:16:06", "db": "PACKETSTORM", "id": "105802" }, { "date": "2011-06-16T02:14:44", "db": "PACKETSTORM", "id": "102309" }, { "date": "2011-05-15T11:27:52", "db": "PACKETSTORM", "id": "101414" }, { "date": "2011-05-13T22:55:01.470000", "db": "NVD", "id": "CVE-2011-0624" }, { "date": "2011-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201105-177" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-30T00:00:00", "db": "VULHUB", "id": "VHN-48569" }, { "date": "2015-03-19T09:34:00", "db": "BID", "id": "47812" }, { "date": "2011-08-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001650" }, { "date": "2018-10-30T16:26:24.687000", "db": "NVD", "id": "CVE-2011-0624" }, { "date": "2011-05-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201105-177" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "105802" }, { "db": "CNNVD", "id": "CNNVD-201105-177" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001650" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation", "sources": [ { "db": "CNNVD", "id": "CNNVD-201105-177" } ], "trust": 0.6 } }
var-201105-0044
Vulnerability from variot
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0621, and CVE-2011-0622. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Malware can exploit this vulnerability via .swf files embedded in .doc files or .xls file attachments in emails to attack the Windows platform. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUSE Security Announcement
Package: flash-player
Announcement ID: SUSE-SA:2011:025
Date: Tue, 17 May 2011 12:00:00 +0000
Affected Products: openSUSE 11.3
openSUSE 11.4
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 10 SP4
Vulnerability Type: remote code execution
CVSS v2 Base Score: 6.8
SUSE Default Package: yes
Cross-References: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619
CVE-2011-0620, CVE-2011-0621, CVE-2011-0622
CVE-2011-0623, CVE-2011-0624, CVE-2011-0625
CVE-2011-0626, CVE-2011-0627
Content of This Advisory:
1) Problem Description
flash-player security update to 10.3
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
6) Authenticity Verification and Additional Information
1) Problem Description and Brief Discussion
Flash Player has been updated to version 10.3, fixing bugs and security issues. - CVE-2011-0589: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0618: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Numeric Errors (CWE-189) - CVE-2011-0619: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0620: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0621: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0622: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0623: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0624: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0625: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0626: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0627: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20)
More information can be found on: http://www.adobe.com/support/security/bulletins/apsb11-12.html
2) Solution or Work-Around
If supported by the browser, you can disable the flash plugin.
3) Special Instructions and Notes
After the flash player update has been installed, all programs utilizing the flash plugin should be restarted. In particular web browser sessions should be restarted.a
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST "Online Update" module or the "zypper" commandline tool. The package and patch management stack will detect which updates are required and automatically perform the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing
x86 Platform:
openSUSE 11.4: http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm
openSUSE 11.3: http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm
Sources:
openSUSE 11.4: http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm
openSUSE 11.3: http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm
Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web:
SUSE Linux Enterprise Desktop 10 SP4 http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69
SUSE Linux Enterprise Desktop 11 SP1 http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
-
Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file and run the command
gpg --verify
replacing
with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made
using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team security@suse.de" where
is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
-
Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with.
The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command
rpm -v --checksig
to verify the signature of the package, replacing
with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement.
-
SUSE runs two security mailing lists to which any interested party may subscribe:
opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to opensuse-security+subscribe@opensuse.org.
opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to opensuse-security-announce+subscribe@opensuse.org. The security@suse.de public key is listed below. =====================================================================
The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team security@suse.de pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key build@suse.de
- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux)
iQEVAwUBTdOSuney5gA9JdPZAQITxQf/Y5fPRPXZbk6J7KRCjiGoJ+zIfmIijKeh fF4WiLL02eRbTKbn/gVtb/bmxoRGRO6Np5q1XDjj253EWUc0Zn/oDWiXQzRvmir6 3os2rjBfUGirpfVzAv0qSAiD7XbMUo/ohvcUwhAxb2PaWipRnynMzUANcARSJ924 6YMitvr1IF+i8xDF8yThCFkkyjkDuBPzgomB6zs1/Fd+ku04mMFHLVYpf22DQcGh wYvHo46lMWURt+aLEu0TJ07OEocaARYfzwqUYuY/4FZ4ias+I1GjCjL1WldQxeA9 rQ3AGEZ9YVARnkg4CwRHWcYlyYwobanDykmODfu20DWM0FOofrH6xw== =mivB -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
For more information: SA44590
SOLUTION: Updated packages are available via Red Hat Network.
For more information: SA44590
2) An error within WebKit glue may result in an incorrect type cast.
3) Multiple integer overflow errors exist within the handling of SVG filters.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers and Adobe Security Advisories and Bulletins referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10"
References
[ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201110-11.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/
TITLE: Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA43269
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43269/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43269
RELEASE DATE: 2011-06-16
DISCUSS ADVISORY: http://secunia.com/advisories/43269/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43269/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43269
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Reader / Acrobat, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
1) An error in 3difr.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
2) An error in tesselate.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
3) An unspecified error can be exploited to cause a heap-based buffer overflow.
4) An integer overflow error in ACE.dll when parsing the "desc" ICC chunk can be exploited to corrupt memory via a specially crafted PDF file.
5) An unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to corrupt memory.
7) An error due to the application loading certain unspecified libraries in an insecure manner can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share.
9) An unspecified error can be exploited to bypass certain security restrictions.
This vulnerability affects Adobe Reader and Acrobat X 10.x only.
10) An unspecified error can be exploited to corrupt memory.
This vulnerability affects 8.x versions only.
11) An unspecified error can be exploited to corrupt memory.
12) An unspecified error can be exploited to corrupt memory.
13) An unspecified error can be exploited to corrupt memory.
For more information: SA44590 SA44846
The vulnerabilities are reported in the following products: * Adobe Reader X (10.0.1) and earlier for Windows. * Adobe Reader X (10.0.3) and earlier for Macintosh. * Adobe Reader 9.4.4 and earlier for Windows and Macintosh. * Adobe Reader 8.2.6 and earlier for Windows and Macintosh. * Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. * Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. * Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh.
SOLUTION: Apply updates (please see the vendor's advisory for details).
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: 1, 2) An anonymous person via ZDI. 4) Secunia Research.
The vendor also credits: 3, 6) Tarjei Mandt, Norman. 5) Rodrigo Rubira Branco. 7) Mila Parkour. 8) Billy Rios, Google Security Team. 9) Christian Navarrete, CubilFelino Security Research Lab. 10) Tavis Ormandy, Google Security Team. 11) Brett Gervasoni, Sense of Security. 12) Will Dormann, CERT/CC. 13) James Quirk, Los Alamos, New Mexico.
ORIGINAL ADVISORY: Adobe (APSB11-16): http://www.adobe.com/support/security/bulletins/apsb11-16.html
Secunia Research: http://secunia.com/secunia_research/2011-41/
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-218/ http://www.zerodayinitiative.com/advisories/ZDI-11-219/
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201105-0044", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.154.25" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.156.12" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.154.13" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.106.16" }, { "model": "flash player", "scope": "lte", "trust": 1.8, "vendor": "adobe", "version": "10.2.159.1" }, { "model": "flash player", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "10.1.92.8" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.2.152.33" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.24.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.63" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.35.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.14.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.28" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.1.52.14.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.67.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.33.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.0.584" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.1.52.15" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.2" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.262.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.112.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.2.152" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.69.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.68.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.25" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.21.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.22.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.16" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.61.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.12.10" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.53.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.18d60" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.66.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.155.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.34.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.45.2" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.283.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.24.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.79" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.42.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.39.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.19.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.31" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.73.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.2.152.32" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.70.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.114.0" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.2.157.51" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.60.0" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.2.157.51" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.2.159.1" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs4 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.2.154.28 for chrome users" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.2.157.51 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary eus", "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "rhel supplementary eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6.z (server)" }, { "model": "rhel supplementary long life", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6 (server)" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "freeflow print server 73.b0.73", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.152.21" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.3.185.21" }, { "model": "hat enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "in motion blackberry playbook tablet software", "scope": "ne", "trust": 0.3, "vendor": "research", "version": "1.0.6" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "freeflow print server 73.a3.31", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "in motion blackberry playbook tablet software", "scope": "eq", "trust": 0.3, "vendor": "research", "version": "1.0.5.2342" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "flash cs4 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.3.181.14" }, { "model": "flash cs5 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" }, { "model": "solaris express", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.24" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.4" }, { "model": "hat enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.27" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.18" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.28" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.153.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "hat enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.65" } ], "sources": [ { "db": "BID", "id": "47807" }, { "db": "JVNDB", "id": "JVNDB-2011-001646" }, { "db": "NVD", "id": "CVE-2011-0620" }, { "db": "CNNVD", "id": "CNNVD-201105-173" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.277.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.154.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.154.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2.159.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.102.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.283.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.105.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.106.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.156.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2.157.51", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2011-0620" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Secunia", "sources": [ { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" } ], "trust": 0.4 }, "cve": "CVE-2011-0620", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2011-0620", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-48565", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2011-0620", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201105-173", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-48565", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-48565" }, { "db": "JVNDB", "id": "JVNDB-2011-001646" }, { "db": "NVD", "id": "CVE-2011-0620" }, { "db": "CNNVD", "id": "CNNVD-201105-173" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0621, and CVE-2011-0622. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Malware can exploit this vulnerability via .swf files embedded in .doc files or .xls file attachments in emails to attack the Windows platform. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n______________________________________________________________________________\n\n SUSE Security Announcement\n\n Package: flash-player\n Announcement ID: SUSE-SA:2011:025\n Date: Tue, 17 May 2011 12:00:00 +0000\n Affected Products: openSUSE 11.3\n openSUSE 11.4\n SUSE Linux Enterprise Desktop 11 SP1\n SUSE Linux Enterprise Desktop 10 SP4\n Vulnerability Type: remote code execution\n CVSS v2 Base Score: 6.8\n SUSE Default Package: yes\n Cross-References: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619\n CVE-2011-0620, CVE-2011-0621, CVE-2011-0622\n CVE-2011-0623, CVE-2011-0624, CVE-2011-0625\n CVE-2011-0626, CVE-2011-0627\n\n Content of This Advisory:\n 1) Problem Description\n flash-player security update to 10.3\n 2) Solution or Work-Around\n 3) Special Instructions and Notes\n 4) Package Location and Checksums\n 5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n 6) Authenticity Verification and Additional Information\n\n______________________________________________________________________________\n\n1) Problem Description and Brief Discussion\n\n Flash Player has been updated to version 10.3, fixing bugs\n and security issues. \n - CVE-2011-0589: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0618: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Numeric Errors (CWE-189)\n - CVE-2011-0619: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0620: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0621: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0622: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0623: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0624: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0625: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0626: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0627: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n \n More information can be found on:\n http://www.adobe.com/support/security/bulletins/apsb11-12.html\n\n2) Solution or Work-Around\n\n If supported by the browser, you can disable the flash plugin. \n\n3) Special Instructions and Notes\n\n After the flash player update has been installed, all programs utilizing\n the flash plugin should be restarted. In particular web browser sessions\n should be restarted.a\n\n4) Package Location and Checksums\n\n The preferred method for installing security updates is to use the YaST\n \"Online Update\" module or the \"zypper\" commandline tool. The package and\n patch management stack will detect which updates are required and\n automatically perform the necessary steps to verify and install them. \n\n Alternatively, download the update packages for your distribution manually\n and verify their integrity by the methods listed in Section 6 of this\n announcement. Then install the packages using the command\n\n rpm -Fhv \u003cfile.rpm\u003e\n\n to apply the update, replacing \u003cfile.rpm\u003e with the filename of the\n downloaded RPM package. \n\n \n x86 Platform:\n \n openSUSE 11.4:\n http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm\n \n openSUSE 11.3:\n http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm\n \n Sources:\n \n openSUSE 11.4:\n http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm\n \n openSUSE 11.3:\n http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm\n \n Our maintenance customers are notified individually. The packages are\n offered for installation from the maintenance web:\n \n SUSE Linux Enterprise Desktop 10 SP4\n http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69\n \n SUSE Linux Enterprise Desktop 11 SP1\n http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad\n\n______________________________________________________________________________\n\n5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n\n See SUSE Security Summary Report. \n\n______________________________________________________________________________\n\n6) Authenticity Verification and Additional Information\n\n - Announcement authenticity verification:\n\n SUSE security announcements are published via mailing lists and on Web\n sites. The authenticity and integrity of a SUSE security announcement is\n guaranteed by a cryptographic signature in each announcement. All SUSE\n security announcements are published with a valid signature. \n\n To verify the signature of the announcement, save it as text into a file\n and run the command\n\n gpg --verify \u003cfile\u003e\n\n replacing \u003cfile\u003e with the name of the file where you saved the\n announcement. The output for a valid signature looks like:\n\n gpg: Signature made \u003cDATE\u003e using RSA key ID 3D25D3D9\n gpg: Good signature from \"SuSE Security Team \u003csecurity@suse.de\u003e\"\n\n where \u003cDATE\u003e is replaced by the date the document was signed. \n\n If the security team\u0027s key is not contained in your key ring, you can\n import it from the first installation CD. To import the key, use the\n command\n\n gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc\n\n - Package authenticity verification:\n\n SUSE update packages are available on many mirror FTP servers all over the\n world. While this service is considered valuable and important to the free\n and open source software community, the authenticity and the integrity of\n a package needs to be verified to ensure that it has not been tampered\n with. \n\n The internal rpm package signatures provide an easy way to verify the\n authenticity of an RPM package. Use the command\n\n rpm -v --checksig \u003cfile.rpm\u003e\n\n to verify the signature of the package, replacing \u003cfile.rpm\u003e with the\n filename of the RPM package downloaded. The package is unmodified if it\n contains a valid signature from build@suse.de with the key ID 9C800ACA. \n\n This key is automatically imported into the RPM database (on\n RPMv4-based distributions) and the gpg key ring of \u0027root\u0027 during\n installation. You can also find it on the first installation CD and at\n the end of this announcement. \n\n - SUSE runs two security mailing lists to which any interested party may\n subscribe:\n\n opensuse-security@opensuse.org\n - General Linux and SUSE security discussion. \n All SUSE security announcements are sent to this list. \n To subscribe, send an e-mail to\n \u003copensuse-security+subscribe@opensuse.org\u003e. \n\n opensuse-security-announce@opensuse.org\n - SUSE\u0027s announce-only mailing list. \n Only SUSE\u0027s security announcements are sent to this list. \n To subscribe, send an e-mail to\n \u003copensuse-security-announce+subscribe@opensuse.org\u003e. \n The \u003csecurity@suse.de\u003e public key is listed below. \n =====================================================================\n______________________________________________________________________________\n\n The information in this advisory may be distributed or reproduced,\n provided that the advisory is not modified in any way. In particular, the\n clear text signature should show proof of the authenticity of the text. \n\n SUSE Linux Products GmbH provides no warranties of any kind whatsoever\n with respect to the information contained in this security advisory. \n\nType Bits/KeyID Date User ID\npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team \u003csecurity@suse.de\u003e\npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key \u003cbuild@suse.de\u003e\n\n- -----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1.4.2 (GNU/Linux)\n\nmQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA\nBqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz\nJR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh\n1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U\nP7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+\ncZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg\nVGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b\nyHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7\ntQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ\nxG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63\nOm8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo\nchoXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI\nBkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u\nv/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+\nx9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0\nIx30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq\nMkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2\nsaqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o\nL0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU\nF7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS\nFQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW\ntp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It\nKlj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF\nAjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+\n3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk\nYS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP\n+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR\n8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U\n8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S\ncZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh\nELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB\nUVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo\nAqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n\nKFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi\nBBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro\nnIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg\nKL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx\nyoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn\nB/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV\nwM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh\nUzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF\n5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3\nD3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu\nzgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd\n9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi\na5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13\nCNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp\n271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE\nt5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG\nB/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw\nrbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt\nIJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL\nrWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H\nRKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa\ng8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA\nCspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO\n=ypVs\n- -----END PGP PUBLIC KEY BLOCK-----\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.9 (GNU/Linux)\n\niQEVAwUBTdOSuney5gA9JdPZAQITxQf/Y5fPRPXZbk6J7KRCjiGoJ+zIfmIijKeh\nfF4WiLL02eRbTKbn/gVtb/bmxoRGRO6Np5q1XDjj253EWUc0Zn/oDWiXQzRvmir6\n3os2rjBfUGirpfVzAv0qSAiD7XbMUo/ohvcUwhAxb2PaWipRnynMzUANcARSJ924\n6YMitvr1IF+i8xDF8yThCFkkyjkDuBPzgomB6zs1/Fd+ku04mMFHLVYpf22DQcGh\nwYvHo46lMWURt+aLEu0TJ07OEocaARYfzwqUYuY/4FZ4ias+I1GjCjL1WldQxeA9\nrQ3AGEZ9YVARnkg4CwRHWcYlyYwobanDykmODfu20DWM0FOofrH6xw==\n=mivB\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\nFor more information:\nSA44590\n\nSOLUTION:\nUpdated packages are available via Red Hat Network. \n\nFor more information:\nSA44590\n\n2) An error within WebKit glue may result in an incorrect type cast. \n\n3) Multiple integer overflow errors exist within the handling of SVG\nfilters. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers and Adobe Security Advisories and\nBulletins referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=www-plugins/adobe-flash-10.3.183.10\"\n\nReferences\n==========\n\n[ 1 ] APSA11-01\n http://www.adobe.com/support/security/advisories/apsa11-01.html\n[ 2 ] APSA11-02\n http://www.adobe.com/support/security/advisories/apsa11-02.html\n[ 3 ] APSB11-02\n http://www.adobe.com/support/security/bulletins/apsb11-02.html\n[ 4 ] APSB11-12\n http://www.adobe.com/support/security/bulletins/apsb11-12.html\n[ 5 ] APSB11-13\n http://www.adobe.com/support/security/bulletins/apsb11-13.html\n[ 6 ] APSB11-21\n https://www.adobe.com/support/security/bulletins/apsb11-21.html\n[ 7 ] APSB11-26\n https://www.adobe.com/support/security/bulletins/apsb11-26.html\n[ 8 ] CVE-2011-0558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558\n[ 9 ] CVE-2011-0559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559\n[ 10 ] CVE-2011-0560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560\n[ 11 ] CVE-2011-0561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561\n[ 12 ] CVE-2011-0571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571\n[ 13 ] CVE-2011-0572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572\n[ 14 ] CVE-2011-0573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573\n[ 15 ] CVE-2011-0574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574\n[ 16 ] CVE-2011-0575\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575\n[ 17 ] CVE-2011-0577\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577\n[ 18 ] CVE-2011-0578\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578\n[ 19 ] CVE-2011-0579\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579\n[ 20 ] CVE-2011-0589\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589\n[ 21 ] CVE-2011-0607\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607\n[ 22 ] CVE-2011-0608\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608\n[ 23 ] CVE-2011-0609\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609\n[ 24 ] CVE-2011-0611\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611\n[ 25 ] CVE-2011-0618\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618\n[ 26 ] CVE-2011-0619\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619\n[ 27 ] CVE-2011-0620\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620\n[ 28 ] CVE-2011-0621\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621\n[ 29 ] CVE-2011-0622\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622\n[ 30 ] CVE-2011-0623\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623\n[ 31 ] CVE-2011-0624\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624\n[ 32 ] CVE-2011-0625\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625\n[ 33 ] CVE-2011-0626\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626\n[ 34 ] CVE-2011-0627\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627\n[ 35 ] CVE-2011-0628\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628\n[ 36 ] CVE-2011-2107\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107\n[ 37 ] CVE-2011-2110\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110\n[ 38 ] CVE-2011-2125\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135\n[ 39 ] CVE-2011-2130\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130\n[ 40 ] CVE-2011-2134\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134\n[ 41 ] CVE-2011-2136\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136\n[ 42 ] CVE-2011-2137\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137\n[ 43 ] CVE-2011-2138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138\n[ 44 ] CVE-2011-2139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139\n[ 45 ] CVE-2011-2140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140\n[ 46 ] CVE-2011-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414\n[ 47 ] CVE-2011-2415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415\n[ 48 ] CVE-2011-2416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416\n[ 49 ] CVE-2011-2417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417\n[ 50 ] CVE-2011-2424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424\n[ 51 ] CVE-2011-2425\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425\n[ 52 ] CVE-2011-2426\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426\n[ 53 ] CVE-2011-2427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427\n[ 54 ] CVE-2011-2428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428\n[ 55 ] CVE-2011-2429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429\n[ 56 ] CVE-2011-2430\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430\n[ 57 ] CVE-2011-2444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201110-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. ----------------------------------------------------------------------\n\n\nJoin Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria\nSee to the presentation \"The Dynamics and Threats of End-Point Software Portfolios\" by Secunia\u0027s Research Analyst Director, Stefan Frei. \nRead more:\nhttp://conference.first.org/ \n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Reader / Acrobat Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA43269\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43269/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269\n\nRELEASE DATE:\n2011-06-16\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43269/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43269/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Adobe Reader /\nAcrobat, which can be exploited by malicious people to conduct\ncross-site scripting attacks, disclose potentially sensitive\ninformation, bypass certain security restrictions, and compromise a\nuser\u0027s system. \n\n1) An error in 3difr.x3d due to the component trusting the provided\nstring length when processing certain files can be exploited to cause\na stack-based buffer overflow. \n\n2) An error in tesselate.x3d due to the component trusting the\nprovided string length when processing certain files can be exploited\nto cause a stack-based buffer overflow. \n\n3) An unspecified error can be exploited to cause a heap-based buffer\noverflow. \n\n4) An integer overflow error in ACE.dll when parsing the \"desc\" ICC\nchunk can be exploited to corrupt memory via a specially crafted PDF\nfile. \n\n5) An unspecified error can be exploited to corrupt memory. \n\n6) An unspecified error can be exploited to corrupt memory. \n\n7) An error due to the application loading certain unspecified\nlibraries in an insecure manner can be exploited to load arbitrary\nlibraries by tricking a user into e.g. opening a file located on a\nremote WebDAV or SMB share. \n\n9) An unspecified error can be exploited to bypass certain security\nrestrictions. \n\nThis vulnerability affects Adobe Reader and Acrobat X 10.x only. \n\n10) An unspecified error can be exploited to corrupt memory. \n\nThis vulnerability affects 8.x versions only. \n\n11) An unspecified error can be exploited to corrupt memory. \n\n12) An unspecified error can be exploited to corrupt memory. \n\n13) An unspecified error can be exploited to corrupt memory. \n\nFor more information:\nSA44590\nSA44846\n\nThe vulnerabilities are reported in the following products:\n* Adobe Reader X (10.0.1) and earlier for Windows. \n* Adobe Reader X (10.0.3) and earlier for Macintosh. \n* Adobe Reader 9.4.4 and earlier for Windows and Macintosh. \n* Adobe Reader 8.2.6 and earlier for Windows and Macintosh. \n* Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. \n* Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. \n* Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh. \n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\n1, 2) An anonymous person via ZDI. \n4) Secunia Research. \n\nThe vendor also credits:\n3, 6) Tarjei Mandt, Norman. \n5) Rodrigo Rubira Branco. \n7) Mila Parkour. \n8) Billy Rios, Google Security Team. \n9) Christian Navarrete, CubilFelino Security Research Lab. \n10) Tavis Ormandy, Google Security Team. \n11) Brett Gervasoni, Sense of Security. \n12) Will Dormann, CERT/CC. \n13) James Quirk, Los Alamos, New Mexico. \n\nORIGINAL ADVISORY:\nAdobe (APSB11-16):\nhttp://www.adobe.com/support/security/bulletins/apsb11-16.html\n\nSecunia Research:\nhttp://secunia.com/secunia_research/2011-41/\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-218/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-219/\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2011-0620" }, { "db": "JVNDB", "id": "JVNDB-2011-001646" }, { "db": "BID", "id": "47807" }, { "db": "VULHUB", "id": "VHN-48565" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-0620", "trust": 3.0 }, { "db": "BID", "id": "47807", "trust": 1.2 }, { "db": "SECUNIA", "id": "43269", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2011-001646", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201105-173", "trust": 0.7 }, { "db": "SECUNIA", "id": "44568", "trust": 0.7 }, { "db": "SECUNIA", "id": "44591", "trust": 0.7 }, { "db": "SECUNIA", "id": "44590", "trust": 0.7 }, { "db": "NSFOCUS", "id": "16829", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-48565", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101520", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101403", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101417", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105802", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-218", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-219", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "102309", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101414", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48565" }, { "db": "BID", "id": "47807" }, { "db": "JVNDB", "id": "JVNDB-2011-001646" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0620" }, { "db": "CNNVD", "id": "CNNVD-201105-173" } ] }, "id": "VAR-201105-0044", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-48565" } ], "trust": 0.24074074 }, "last_update_date": "2023-12-18T10:58:27.502000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB11-12", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "title": "cpsid_90300", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/903/cpsid_90300.html" }, { "title": "APSB11-12", "trust": 0.8, "url": "http://www.adobe.com/jp/support/security/bulletins/apsb11-12.html" }, { "title": "RHSA-2011:0511", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2011-0511.html" }, { "title": "Multiple vulnerabilities in Adobe Flashplayer", "trust": 0.8, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001646" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48565" }, { "db": "JVNDB", "id": "JVNDB-2011-001646" }, { "db": "NVD", "id": "CVE-2011-0620" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a13832" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16248" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0620" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20110513-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2011/at110013.txt" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0620" }, { "trust": 0.8, "url": "http://secunia.com/advisories/43269" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/47807" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44568" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44590" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44591" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/16829" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.4, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.4, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.3, "url": "http://www.adobe.com" }, { "trust": 0.3, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer" }, { "trust": 0.3, "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=903" }, { "trust": 0.3, "url": "http://www.blackberry.com/btsc/kb27365" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/127e996-10b83-4ab94539ab540/cert_xrx11-003_v1.0.pdf" }, { "trust": 0.3, "url": "http://twitter.com/secunia" }, { "trust": 0.3, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.3, "url": "http://www.facebook.com/secunia" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0624" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0627" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0619" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0626" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0622" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0618" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0625" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0589" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0621" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0623" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0620" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm" }, { "trust": 0.1, "url": "http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm" }, { "trust": 0.1, "url": "http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44568/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44568" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44568/" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-0511.html" }, { "trust": 0.1, "url": "http://feeds.feedburner.com/googlechromereleases" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44591/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44591/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44591" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0579" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0626" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2414" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2417" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0575" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0607" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2135" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0621" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0624" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2425" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2107" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2416" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-02.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2110" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0575" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2424" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0559" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-21.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2426" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0620" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0579" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-13.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0578" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2130" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2134" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0619" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2137" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2138" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2136" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0578" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0623" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0577" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0589" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0627" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2428" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-26.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0607" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2430" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2427" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201110-11.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2140" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0559" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0625" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-01.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0622" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0618" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0577" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43269/" }, { "trust": 0.1, "url": "http://conference.first.org/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43269/#comments" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-16.html" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-218/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-219/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_research/2011-41/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44590/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44590/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44590" } ], "sources": [ { "db": "VULHUB", "id": "VHN-48565" }, { "db": "BID", "id": "47807" }, { "db": "JVNDB", "id": "JVNDB-2011-001646" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0620" }, { "db": "CNNVD", "id": "CNNVD-201105-173" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-48565" }, { "db": "BID", "id": "47807" }, { "db": "JVNDB", "id": "JVNDB-2011-001646" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "NVD", "id": "CVE-2011-0620" }, { "db": "CNNVD", "id": "CNNVD-201105-173" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-05-13T00:00:00", "db": "VULHUB", "id": "VHN-48565" }, { "date": "2011-05-12T00:00:00", "db": "BID", "id": "47807" }, { "date": "2011-05-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001646" }, { "date": "2011-05-18T14:23:49", "db": "PACKETSTORM", "id": "101520" }, { "date": "2011-05-13T05:29:19", "db": "PACKETSTORM", "id": "101403" }, { "date": "2011-05-15T11:28:00", "db": "PACKETSTORM", "id": "101417" }, { "date": "2011-10-14T06:16:06", "db": "PACKETSTORM", "id": "105802" }, { "date": "2011-06-16T02:14:44", "db": "PACKETSTORM", "id": "102309" }, { "date": "2011-05-15T11:27:52", "db": "PACKETSTORM", "id": "101414" }, { "date": "2011-05-13T22:55:01.300000", "db": "NVD", "id": "CVE-2011-0620" }, { "date": "2011-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201105-173" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-30T00:00:00", "db": "VULHUB", "id": "VHN-48565" }, { "date": "2015-03-19T09:31:00", "db": "BID", "id": "47807" }, { "date": "2011-08-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001646" }, { "date": "2018-10-30T16:26:24.687000", "db": "NVD", "id": "CVE-2011-0620" }, { "date": "2011-05-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201105-173" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "105802" }, { "db": "CNNVD", "id": "CNNVD-201105-173" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001646" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer overflow", "sources": [ { "db": "CNNVD", "id": "CNNVD-201105-173" } ], "trust": 0.6 } }
cve-2009-1863
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:27:54.692Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "266108", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "name": "APPLE-SA-2009-09-10-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "name": "GLSA-200908-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3864" }, { "name": "35900", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/35900" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "name": "1022629", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1022629" }, { "name": "APPLE-SA-2009-09-10-2", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "name": "oval:org.mitre.oval:def:16391", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16391" }, { "name": "ADV-2009-2086", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "name": "35890", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/35890" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "name": "36374", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36374" }, { "name": "oval:org.mitre.oval:def:6961", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6961" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3865" }, { "name": "36193", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36193" }, { "name": "36701", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36701" }, { "name": "adobe-flash-air-code-execution(52179)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52179" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-07-30T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to a \"privilege escalation vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "266108", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "name": "APPLE-SA-2009-09-10-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "name": "GLSA-200908-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3864" }, { "name": "35900", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/35900" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "name": "1022629", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1022629" }, { "name": "APPLE-SA-2009-09-10-2", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "name": "oval:org.mitre.oval:def:16391", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16391" }, { "name": "ADV-2009-2086", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "name": "35890", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/35890" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "name": "36374", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36374" }, { "name": "oval:org.mitre.oval:def:6961", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6961" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3865" }, { "name": "36193", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36193" }, { "name": "36701", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36701" }, { "name": "adobe-flash-air-code-execution(52179)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52179" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1863", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to a \"privilege escalation vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "266108", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "name": "APPLE-SA-2009-09-10-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "name": "GLSA-200908-04", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "name": "http://support.apple.com/kb/HT3864", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3864" }, { "name": "35900", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35900" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb09-13.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "name": "1022629", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022629" }, { "name": "APPLE-SA-2009-09-10-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "name": "oval:org.mitre.oval:def:16391", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16391" }, { "name": "ADV-2009-2086", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "name": "35890", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35890" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb09-10.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "name": "36374", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36374" }, { "name": "oval:org.mitre.oval:def:6961", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6961" }, { "name": "http://support.apple.com/kb/HT3865", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3865" }, { "name": "36193", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36193" }, { "name": "36701", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36701" }, { "name": "adobe-flash-air-code-execution(52179)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52179" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1863", "datePublished": "2009-07-31T19:00:00", "dateReserved": "2009-06-01T00:00:00", "dateUpdated": "2024-08-07T05:27:54.692Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-1869
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:27:54.709Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "266108", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "name": "APPLE-SA-2009-09-10-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "name": "GLSA-200908-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3864" }, { "name": "35907", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/35907" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "name": "1022629", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1022629" }, { "name": "APPLE-SA-2009-09-10-2", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "name": "20090802 Advisory: Adobe Flash Player and AIR AVM2 intf_count Integer Overflow Remote Code Execution (CVE-2009-1869)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/505467/100/0/threaded" }, { "name": "flash-air-code-execution(52181)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52181" }, { "name": "ADV-2009-2086", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "name": "35890", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/35890" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "name": "36374", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36374" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://roeehay.blogspot.com/2009/08/exploitation-of-cve-2009-1869.html" }, { "name": "oval:org.mitre.oval:def:6998", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6998" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3865" }, { "name": "36193", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36193" }, { "name": "56777", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/56777" }, { "name": "36701", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36701" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://roeehay.blogspot.com/2009/08/advisory-adobe-flash-player-avm2.html" }, { "name": "oval:org.mitre.oval:def:15994", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15994" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-07-30T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "266108", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "name": "APPLE-SA-2009-09-10-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "name": "GLSA-200908-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3864" }, { "name": "35907", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/35907" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "name": "1022629", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1022629" }, { "name": "APPLE-SA-2009-09-10-2", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "name": "20090802 Advisory: Adobe Flash Player and AIR AVM2 intf_count Integer Overflow Remote Code Execution (CVE-2009-1869)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/505467/100/0/threaded" }, { "name": "flash-air-code-execution(52181)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52181" }, { "name": "ADV-2009-2086", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "name": "35890", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/35890" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "name": "36374", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36374" }, { "tags": [ "x_refsource_MISC" ], "url": "http://roeehay.blogspot.com/2009/08/exploitation-of-cve-2009-1869.html" }, { "name": "oval:org.mitre.oval:def:6998", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6998" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3865" }, { "name": "36193", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36193" }, { "name": "56777", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/56777" }, { "name": "36701", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36701" }, { "tags": [ "x_refsource_MISC" ], "url": "http://roeehay.blogspot.com/2009/08/advisory-adobe-flash-player-avm2.html" }, { "name": "oval:org.mitre.oval:def:15994", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15994" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1869", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "266108", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "name": "APPLE-SA-2009-09-10-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "name": "GLSA-200908-04", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "name": "http://support.apple.com/kb/HT3864", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3864" }, { "name": "35907", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35907" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb09-13.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "name": "1022629", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022629" }, { "name": "APPLE-SA-2009-09-10-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "name": "20090802 Advisory: Adobe Flash Player and AIR AVM2 intf_count Integer Overflow Remote Code Execution (CVE-2009-1869)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/505467/100/0/threaded" }, { "name": "flash-air-code-execution(52181)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52181" }, { "name": "ADV-2009-2086", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "name": "35890", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35890" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb09-10.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "name": "36374", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36374" }, { "name": "http://roeehay.blogspot.com/2009/08/exploitation-of-cve-2009-1869.html", "refsource": "MISC", "url": "http://roeehay.blogspot.com/2009/08/exploitation-of-cve-2009-1869.html" }, { "name": "oval:org.mitre.oval:def:6998", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6998" }, { "name": "http://support.apple.com/kb/HT3865", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3865" }, { "name": "36193", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36193" }, { "name": "56777", "refsource": "OSVDB", "url": "http://osvdb.org/56777" }, { "name": "36701", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36701" }, { "name": "http://roeehay.blogspot.com/2009/08/advisory-adobe-flash-player-avm2.html", "refsource": "MISC", "url": "http://roeehay.blogspot.com/2009/08/advisory-adobe-flash-player-avm2.html" }, { "name": "oval:org.mitre.oval:def:15994", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15994" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1869", "datePublished": "2009-07-31T19:00:00", "dateReserved": "2009-06-01T00:00:00", "dateUpdated": "2024-08-07T05:27:54.709Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-1868
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:27:54.513Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "266108", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "name": "flash-air-unspecified-bo-var1(52185)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52185" }, { "name": "APPLE-SA-2009-09-10-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "name": "GLSA-200908-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3864" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "name": "oval:org.mitre.oval:def:15955", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15955" }, { "name": "35902", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/35902" }, { "name": "1022629", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1022629" }, { "name": "APPLE-SA-2009-09-10-2", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "name": "ADV-2009-2086", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "name": "35890", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/35890" }, { "name": "56776", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/56776" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "name": "36374", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36374" }, { "name": "oval:org.mitre.oval:def:6865", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6865" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3865" }, { "name": "36193", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36193" }, { "name": "36701", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36701" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-07-30T00:00:00", "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "266108", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "name": "flash-air-unspecified-bo-var1(52185)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52185" }, { "name": "APPLE-SA-2009-09-10-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "name": "GLSA-200908-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3864" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "name": "oval:org.mitre.oval:def:15955", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15955" }, { "name": "35902", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/35902" }, { "name": "1022629", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1022629" }, { "name": "APPLE-SA-2009-09-10-2", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "name": "ADV-2009-2086", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "name": "35890", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/35890" }, { "name": "56776", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/56776" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "name": "36374", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36374" }, { "name": "oval:org.mitre.oval:def:6865", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6865" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3865" }, { "name": "36193", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36193" }, { "name": "36701", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36701" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1868", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "266108", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "name": "flash-air-unspecified-bo-var1(52185)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52185" }, { "name": "APPLE-SA-2009-09-10-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "name": "GLSA-200908-04", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "name": "http://support.apple.com/kb/HT3864", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3864" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb09-13.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "name": "oval:org.mitre.oval:def:15955", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15955" }, { "name": "35902", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35902" }, { "name": "1022629", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022629" }, { "name": "APPLE-SA-2009-09-10-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "name": "ADV-2009-2086", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "name": "35890", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35890" }, { "name": "56776", "refsource": "OSVDB", "url": "http://osvdb.org/56776" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb09-10.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "name": "36374", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36374" }, { "name": "oval:org.mitre.oval:def:6865", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6865" }, { "name": "http://support.apple.com/kb/HT3865", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3865" }, { "name": "36193", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36193" }, { "name": "36701", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36701" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1868", "datePublished": "2009-07-31T19:00:00", "dateReserved": "2009-06-01T00:00:00", "dateUpdated": "2024-08-07T05:27:54.513Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-2640
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.adobe.com/support/security/bulletins/apsb08-14.html | x_refsource_CONFIRM | |
http://securitytracker.com/id?1020301 | vdb-entry, x_refsource_SECTRACK | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/43150 | vdb-entry, x_refsource_XF | |
http://secunia.com/advisories/30746 | third-party-advisory, x_refsource_SECUNIA | |
http://www.vupen.com/english/advisories/2008/1862 | vdb-entry, x_refsource_VUPEN | |
http://blog.watchfire.com/wfblog/2008/06/javascript-code.html | x_refsource_MISC | |
http://www.securityfocus.com/bid/29778 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T09:05:30.302Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb08-14.html" }, { "name": "1020301", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1020301" }, { "name": "adobeflex-historymanagement-xss(43150)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43150" }, { "name": "30746", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30746" }, { "name": "ADV-2008-1862", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1862" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://blog.watchfire.com/wfblog/2008/06/javascript-code.html" }, { "name": "29778", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/29778" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-06-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 History Management feature in Adobe Flex 3.0.1 SDK and Flex Builder 3, and generated applications, allow remote attackers to inject arbitrary web script or HTML via the anchor identifier to (1) client-side-detection-with-history/history/historyFrame.html, (2) express-installation-with-history/history/historyFrame.html, or (3) no-player-detection-with-history/history/historyFrame.html in templates/html-templates/. NOTE: Firefox 2.0 and possibly other browsers prevent exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb08-14.html" }, { "name": "1020301", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1020301" }, { "name": "adobeflex-historymanagement-xss(43150)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43150" }, { "name": "30746", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30746" }, { "name": "ADV-2008-1862", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1862" }, { "tags": [ "x_refsource_MISC" ], "url": "http://blog.watchfire.com/wfblog/2008/06/javascript-code.html" }, { "name": "29778", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/29778" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-2640", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 History Management feature in Adobe Flex 3.0.1 SDK and Flex Builder 3, and generated applications, allow remote attackers to inject arbitrary web script or HTML via the anchor identifier to (1) client-side-detection-with-history/history/historyFrame.html, (2) express-installation-with-history/history/historyFrame.html, or (3) no-player-detection-with-history/history/historyFrame.html in templates/html-templates/. NOTE: Firefox 2.0 and possibly other browsers prevent exploitation." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.adobe.com/support/security/bulletins/apsb08-14.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb08-14.html" }, { "name": "1020301", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1020301" }, { "name": "adobeflex-historymanagement-xss(43150)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43150" }, { "name": "30746", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30746" }, { "name": "ADV-2008-1862", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1862" }, { "name": "http://blog.watchfire.com/wfblog/2008/06/javascript-code.html", "refsource": "MISC", "url": "http://blog.watchfire.com/wfblog/2008/06/javascript-code.html" }, { "name": "29778", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29778" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2640", "datePublished": "2008-06-18T19:29:00", "dateReserved": "2008-06-09T00:00:00", "dateUpdated": "2024-08-07T09:05:30.302Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-6019
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T15:54:25.719Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "29865", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29865" }, { "name": "oval:org.mitre.oval:def:10160", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160" }, { "name": "30507", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30507" }, { "name": "1019810", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1019810" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html" }, { "name": "ADV-2008-1724", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1724/references" }, { "name": "adobe-flash-declarefunction2-bo(41717)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41717" }, { "name": "RHSA-2008:0221", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html" }, { "name": "3805", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/3805" }, { "name": "TA08-150A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" }, { "name": "30430", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30430" }, { "name": "APPLE-SA-2008-05-28", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" }, { "name": "SUSE-SA:2008:022", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html" }, { "name": "20080414 Secunia Research: Adobe Flash Player \"Declare Function (V7)\" HeapOverflow", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/490824/100/0/threaded" }, { "name": "29763", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29763" }, { "name": "238305", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1" }, { "name": "20080408 ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/490623/100/0/threaded" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-021" }, { "name": "GLSA-200804-21", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml" }, { "name": "ADV-2008-1697", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "name": "28694", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/28694" }, { "name": "TA08-100A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-04-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-15T20:57:01", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera" }, "references": [ { "name": "29865", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29865" }, { "name": "oval:org.mitre.oval:def:10160", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160" }, { "name": "30507", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30507" }, { "name": "1019810", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1019810" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html" }, { "name": "ADV-2008-1724", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1724/references" }, { "name": "adobe-flash-declarefunction2-bo(41717)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41717" }, { "name": "RHSA-2008:0221", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html" }, { "name": "3805", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/3805" }, { "name": "TA08-150A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" }, { "name": "30430", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30430" }, { "name": "APPLE-SA-2008-05-28", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" }, { "name": "SUSE-SA:2008:022", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html" }, { "name": "20080414 Secunia Research: Adobe Flash Player \"Declare Function (V7)\" HeapOverflow", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/490824/100/0/threaded" }, { "name": "29763", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29763" }, { "name": "238305", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1" }, { "name": "20080408 ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/490623/100/0/threaded" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-021" }, { "name": "GLSA-200804-21", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml" }, { "name": "ADV-2008-1697", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "name": "28694", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/28694" }, { "name": "TA08-100A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2007-6019", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "29865", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29865" }, { "name": "oval:org.mitre.oval:def:10160", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160" }, { "name": "30507", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30507" }, { "name": "1019810", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019810" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb08-11.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html" }, { "name": "ADV-2008-1724", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1724/references" }, { "name": "adobe-flash-declarefunction2-bo(41717)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41717" }, { "name": "RHSA-2008:0221", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html" }, { "name": "3805", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3805" }, { "name": "TA08-150A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" }, { "name": "30430", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30430" }, { "name": "APPLE-SA-2008-05-28", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" }, { "name": "SUSE-SA:2008:022", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html" }, { "name": "20080414 Secunia Research: Adobe Flash Player \"Declare Function (V7)\" HeapOverflow", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/490824/100/0/threaded" }, { "name": "29763", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29763" }, { "name": "238305", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1" }, { "name": "20080408 ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/490623/100/0/threaded" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-021", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-021" }, { "name": "GLSA-200804-21", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml" }, { "name": "ADV-2008-1697", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "name": "28694", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28694" }, { "name": "TA08-100A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2007-6019", "datePublished": "2008-04-09T21:00:00", "dateReserved": "2007-11-19T00:00:00", "dateUpdated": "2024-08-07T15:54:25.719Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-1655
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T08:32:01.257Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "29865", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29865" }, { "name": "oval:org.mitre.oval:def:10724", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10724" }, { "name": "1019808", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1019808" }, { "name": "30507", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30507" }, { "name": "adobe-flash-dnsrebinding-security-bypass(41807)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41807" }, { "name": "28697", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/28697" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html" }, { "name": "ADV-2008-1724", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1724/references" }, { "name": "RHSA-2008:0221", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html" }, { "name": "TA08-150A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" }, { "name": "30430", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30430" }, { "name": "APPLE-SA-2008-05-28", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" }, { "name": "SUSE-SA:2008:022", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html" }, { "name": "29763", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29763" }, { "name": "238305", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1" }, { "name": "GLSA-200804-21", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml" }, { "name": "44283", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/44283" }, { "name": "ADV-2008-1697", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "name": "TA08-100A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html#goal_dns" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-04-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "29865", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29865" }, { "name": "oval:org.mitre.oval:def:10724", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10724" }, { "name": "1019808", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1019808" }, { "name": "30507", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30507" }, { "name": "adobe-flash-dnsrebinding-security-bypass(41807)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41807" }, { "name": "28697", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/28697" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html" }, { "name": "ADV-2008-1724", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1724/references" }, { "name": "RHSA-2008:0221", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html" }, { "name": "TA08-150A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" }, { "name": "30430", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30430" }, { "name": "APPLE-SA-2008-05-28", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" }, { "name": "SUSE-SA:2008:022", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html" }, { "name": "29763", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29763" }, { "name": "238305", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1" }, { "name": "GLSA-200804-21", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml" }, { "name": "44283", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/44283" }, { "name": "ADV-2008-1697", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "name": "TA08-100A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html#goal_dns" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1655", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "29865", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29865" }, { "name": "oval:org.mitre.oval:def:10724", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10724" }, { "name": "1019808", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019808" }, { "name": "30507", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30507" }, { "name": "adobe-flash-dnsrebinding-security-bypass(41807)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41807" }, { "name": "28697", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28697" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb08-11.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html" }, { "name": "ADV-2008-1724", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1724/references" }, { "name": "RHSA-2008:0221", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html" }, { "name": "TA08-150A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" }, { "name": "30430", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30430" }, { "name": "APPLE-SA-2008-05-28", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" }, { "name": "SUSE-SA:2008:022", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html" }, { "name": "29763", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29763" }, { "name": "238305", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1" }, { "name": "GLSA-200804-21", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml" }, { "name": "44283", "refsource": "OSVDB", "url": "http://www.osvdb.org/44283" }, { "name": "ADV-2008-1697", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "name": "TA08-100A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html" }, { "name": "http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html#goal_dns", "refsource": "MISC", "url": "http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html#goal_dns" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1655", "datePublished": "2008-04-09T21:00:00", "dateReserved": "2008-04-02T00:00:00", "dateUpdated": "2024-08-07T08:32:01.257Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-1866
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:27:54.652Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:7271", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7271" }, { "name": "266108", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "name": "APPLE-SA-2009-09-10-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "name": "GLSA-200908-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3864" }, { "name": "flash-air-unspecified-bo-var2(52186)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52186" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "name": "1022629", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1022629" }, { "name": "APPLE-SA-2009-09-10-2", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "name": "35901", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/35901" }, { "name": "ADV-2009-2086", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "name": "35890", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/35890" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "name": "36374", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36374" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3865" }, { "name": "36193", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36193" }, { "name": "36701", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36701" }, { "name": "oval:org.mitre.oval:def:16198", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16198" }, { "name": "56774", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/56774" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-07-30T00:00:00", "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "oval:org.mitre.oval:def:7271", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7271" }, { "name": "266108", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "name": "APPLE-SA-2009-09-10-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "name": "GLSA-200908-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3864" }, { "name": "flash-air-unspecified-bo-var2(52186)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52186" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "name": "1022629", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1022629" }, { "name": "APPLE-SA-2009-09-10-2", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "name": "35901", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/35901" }, { "name": "ADV-2009-2086", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "name": "35890", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/35890" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "name": "36374", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36374" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3865" }, { "name": "36193", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36193" }, { "name": "36701", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36701" }, { "name": "oval:org.mitre.oval:def:16198", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16198" }, { "name": "56774", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/56774" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1866", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:7271", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7271" }, { "name": "266108", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "name": "APPLE-SA-2009-09-10-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "name": "GLSA-200908-04", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "name": "http://support.apple.com/kb/HT3864", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3864" }, { "name": "flash-air-unspecified-bo-var2(52186)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52186" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb09-13.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "name": "1022629", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022629" }, { "name": "APPLE-SA-2009-09-10-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "name": "35901", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35901" }, { "name": "ADV-2009-2086", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "name": "35890", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35890" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb09-10.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "name": "36374", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36374" }, { "name": "http://support.apple.com/kb/HT3865", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3865" }, { "name": "36193", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36193" }, { "name": "36701", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36701" }, { "name": "oval:org.mitre.oval:def:16198", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16198" }, { "name": "56774", "refsource": "OSVDB", "url": "http://osvdb.org/56774" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1866", "datePublished": "2009-07-31T19:00:00", "dateReserved": "2009-06-01T00:00:00", "dateUpdated": "2024-08-07T05:27:54.652Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-1870
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:27:54.671Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "266108", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "name": "APPLE-SA-2009-09-10-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "name": "GLSA-200908-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3864" }, { "name": "56778", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/56778" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "name": "1022629", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1022629" }, { "name": "oval:org.mitre.oval:def:6648", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6648" }, { "name": "APPLE-SA-2009-09-10-2", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "name": "35908", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/35908" }, { "name": "ADV-2009-2086", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "name": "35890", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/35890" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "name": "36374", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36374" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3865" }, { "name": "36193", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36193" }, { "name": "oval:org.mitre.oval:def:15887", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15887" }, { "name": "36701", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36701" }, { "name": "flash-air-sandbox-info-disclosure(52180)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52180" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-07-30T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a \"local sandbox vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "266108", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "name": "APPLE-SA-2009-09-10-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "name": "GLSA-200908-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3864" }, { "name": "56778", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/56778" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "name": "1022629", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1022629" }, { "name": "oval:org.mitre.oval:def:6648", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6648" }, { "name": "APPLE-SA-2009-09-10-2", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "name": "35908", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/35908" }, { "name": "ADV-2009-2086", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "name": "35890", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/35890" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "name": "36374", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36374" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3865" }, { "name": "36193", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36193" }, { "name": "oval:org.mitre.oval:def:15887", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15887" }, { "name": "36701", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36701" }, { "name": "flash-air-sandbox-info-disclosure(52180)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52180" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1870", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a \"local sandbox vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "266108", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "name": "APPLE-SA-2009-09-10-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "name": "GLSA-200908-04", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "name": "http://support.apple.com/kb/HT3864", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3864" }, { "name": "56778", "refsource": "OSVDB", "url": "http://osvdb.org/56778" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb09-13.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "name": "1022629", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022629" }, { "name": "oval:org.mitre.oval:def:6648", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6648" }, { "name": "APPLE-SA-2009-09-10-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "name": "35908", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35908" }, { "name": "ADV-2009-2086", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "name": "35890", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35890" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb09-10.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "name": "36374", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36374" }, { "name": "http://support.apple.com/kb/HT3865", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3865" }, { "name": "36193", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36193" }, { "name": "oval:org.mitre.oval:def:15887", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15887" }, { "name": "36701", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36701" }, { "name": "flash-air-sandbox-info-disclosure(52180)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52180" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1870", "datePublished": "2009-07-31T19:00:00", "dateReserved": "2009-06-01T00:00:00", "dateUpdated": "2024-08-07T05:27:54.671Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-1865
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:27:54.658Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "266108", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "name": "APPLE-SA-2009-09-10-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "name": "GLSA-200908-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3864" }, { "name": "oval:org.mitre.oval:def:7011", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7011" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "name": "1022629", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1022629" }, { "name": "flash-air-code-execution-var1(52182)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52182" }, { "name": "APPLE-SA-2009-09-10-2", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "name": "ADV-2009-2086", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "name": "35890", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/35890" }, { "name": "oval:org.mitre.oval:def:16338", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16338" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "name": "36374", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36374" }, { "name": "35906", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/35906" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3865" }, { "name": "36193", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36193" }, { "name": "36701", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36701" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-07-30T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a \"null pointer vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "266108", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "name": "APPLE-SA-2009-09-10-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "name": "GLSA-200908-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3864" }, { "name": "oval:org.mitre.oval:def:7011", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7011" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "name": "1022629", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1022629" }, { "name": "flash-air-code-execution-var1(52182)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52182" }, { "name": "APPLE-SA-2009-09-10-2", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "name": "ADV-2009-2086", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "name": "35890", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/35890" }, { "name": "oval:org.mitre.oval:def:16338", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16338" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "name": "36374", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36374" }, { "name": "35906", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/35906" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3865" }, { "name": "36193", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36193" }, { "name": "36701", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36701" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1865", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a \"null pointer vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "266108", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "name": "APPLE-SA-2009-09-10-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "name": "GLSA-200908-04", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "name": "http://support.apple.com/kb/HT3864", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3864" }, { "name": "oval:org.mitre.oval:def:7011", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7011" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb09-13.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "name": "1022629", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022629" }, { "name": "flash-air-code-execution-var1(52182)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52182" }, { "name": "APPLE-SA-2009-09-10-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "name": "ADV-2009-2086", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "name": "35890", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35890" }, { "name": "oval:org.mitre.oval:def:16338", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16338" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb09-10.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "name": "36374", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36374" }, { "name": "35906", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35906" }, { "name": "http://support.apple.com/kb/HT3865", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3865" }, { "name": "36193", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36193" }, { "name": "36701", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36701" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1865", "datePublished": "2009-07-31T19:00:00", "dateReserved": "2009-06-01T00:00:00", "dateUpdated": "2024-08-07T05:27:54.658Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-0114
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T04:24:17.673Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://isc.sans.org/diary.html?storyid=5929" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3549" }, { "name": "oval:org.mitre.oval:def:16419", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16419" }, { "name": "35074", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/35074" }, { "name": "oval:org.mitre.oval:def:6662", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6662" }, { "name": "34226", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/34226" }, { "name": "flash-settings-manager-click-hijacking(48902)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48902" }, { "name": "APPLE-SA-2009-05-12", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" }, { "name": "1021751", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1021751" }, { "name": "ADV-2009-0743", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/0743" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html" }, { "name": "ADV-2009-0513", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/0513" }, { "name": "GLSA-200903-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml" }, { "name": "TA09-133A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" }, { "name": "ADV-2009-1297", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/1297" }, { "name": "34293", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/34293" }, { "name": "254909", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-02-24T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to \"a potential Clickjacking issue variant.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://isc.sans.org/diary.html?storyid=5929" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3549" }, { "name": "oval:org.mitre.oval:def:16419", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16419" }, { "name": "35074", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/35074" }, { "name": "oval:org.mitre.oval:def:6662", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6662" }, { "name": "34226", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/34226" }, { "name": "flash-settings-manager-click-hijacking(48902)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48902" }, { "name": "APPLE-SA-2009-05-12", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" }, { "name": "1021751", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1021751" }, { "name": "ADV-2009-0743", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/0743" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html" }, { "name": "ADV-2009-0513", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/0513" }, { "name": "GLSA-200903-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml" }, { "name": "TA09-133A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" }, { "name": "ADV-2009-1297", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/1297" }, { "name": "34293", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/34293" }, { "name": "254909", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0114", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to \"a potential Clickjacking issue variant.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://isc.sans.org/diary.html?storyid=5929", "refsource": "MISC", "url": "http://isc.sans.org/diary.html?storyid=5929" }, { "name": "http://support.apple.com/kb/HT3549", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3549" }, { "name": "oval:org.mitre.oval:def:16419", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16419" }, { "name": "35074", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35074" }, { "name": "oval:org.mitre.oval:def:6662", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6662" }, { "name": "34226", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34226" }, { "name": "flash-settings-manager-click-hijacking(48902)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48902" }, { "name": "APPLE-SA-2009-05-12", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" }, { "name": "1021751", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1021751" }, { "name": "ADV-2009-0743", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0743" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb09-01.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html" }, { "name": "ADV-2009-0513", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0513" }, { "name": "GLSA-200903-23", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml" }, { "name": "TA09-133A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" }, { "name": "ADV-2009-1297", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1297" }, { "name": "34293", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34293" }, { "name": "254909", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0114", "datePublished": "2009-02-26T16:00:00", "dateReserved": "2009-01-09T00:00:00", "dateUpdated": "2024-08-07T04:24:17.673Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-0520
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T04:40:03.744Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://isc.sans.org/diary.html?storyid=5929" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3549" }, { "name": "RHSA-2009:0332", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2009-0332.html" }, { "name": "20090224 Adobe Flash Player Invalid Object Reference Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773" }, { "name": "35074", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/35074" }, { "name": "34226", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/34226" }, { "name": "APPLE-SA-2009-05-12", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" }, { "name": "oval:org.mitre.oval:def:6593", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593" }, { "name": "flash-invalid-object-bo(48887)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48887" }, { "name": "ADV-2009-0743", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/0743" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html" }, { "name": "ADV-2009-0513", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/0513" }, { "name": "GLSA-200903-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml" }, { "name": "TA09-133A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" }, { "name": "oval:org.mitre.oval:def:16057", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057" }, { "name": "ADV-2009-1297", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/1297" }, { "name": "33880", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/33880" }, { "name": "1021750", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1021750" }, { "name": "34293", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/34293" }, { "name": "254909", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1" }, { "name": "RHSA-2009:0334", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2009-0334.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142" }, { "name": "34012", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/34012" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-02-24T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a \"buffer overflow issue.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://isc.sans.org/diary.html?storyid=5929" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3549" }, { "name": "RHSA-2009:0332", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2009-0332.html" }, { "name": "20090224 Adobe Flash Player Invalid Object Reference Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773" }, { "name": "35074", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/35074" }, { "name": "34226", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/34226" }, { "name": "APPLE-SA-2009-05-12", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" }, { "name": "oval:org.mitre.oval:def:6593", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593" }, { "name": "flash-invalid-object-bo(48887)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48887" }, { "name": "ADV-2009-0743", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/0743" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html" }, { "name": "ADV-2009-0513", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/0513" }, { "name": "GLSA-200903-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml" }, { "name": "TA09-133A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" }, { "name": "oval:org.mitre.oval:def:16057", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057" }, { "name": "ADV-2009-1297", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/1297" }, { "name": "33880", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/33880" }, { "name": "1021750", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1021750" }, { "name": "34293", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/34293" }, { "name": "254909", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1" }, { "name": "RHSA-2009:0334", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2009-0334.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142" }, { "name": "34012", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/34012" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0520", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a \"buffer overflow issue.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://isc.sans.org/diary.html?storyid=5929", "refsource": "MISC", "url": "http://isc.sans.org/diary.html?storyid=5929" }, { "name": "http://support.apple.com/kb/HT3549", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3549" }, { "name": "RHSA-2009:0332", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2009-0332.html" }, { "name": "20090224 Adobe Flash Player Invalid Object Reference Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773" }, { "name": "35074", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35074" }, { "name": "34226", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34226" }, { "name": "APPLE-SA-2009-05-12", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" }, { "name": "oval:org.mitre.oval:def:6593", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593" }, { "name": "flash-invalid-object-bo(48887)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48887" }, { "name": "ADV-2009-0743", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0743" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb09-01.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html" }, { "name": "ADV-2009-0513", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0513" }, { "name": "GLSA-200903-23", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml" }, { "name": "TA09-133A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" }, { "name": "oval:org.mitre.oval:def:16057", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057" }, { "name": "ADV-2009-1297", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1297" }, { "name": "33880", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33880" }, { "name": "1021750", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1021750" }, { "name": "34293", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34293" }, { "name": "254909", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1" }, { "name": "RHSA-2009:0334", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2009-0334.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=487142", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142" }, { "name": "34012", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34012" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0520", "datePublished": "2009-02-26T16:00:00", "dateReserved": "2009-02-10T00:00:00", "dateUpdated": "2024-08-07T04:40:03.744Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-0519
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T04:40:03.715Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://isc.sans.org/diary.html?storyid=5929" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487141" }, { "name": "oval:org.mitre.oval:def:15837", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15837" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3549" }, { "name": "RHSA-2009:0332", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2009-0332.html" }, { "name": "35074", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/35074" }, { "name": "34226", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/34226" }, { "name": "APPLE-SA-2009-05-12", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" }, { "name": "oval:org.mitre.oval:def:6470", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6470" }, { "name": "ADV-2009-0743", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/0743" }, { "name": "flash-swf-unspecified-dos(48900)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48900" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html" }, { "name": "ADV-2009-0513", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/0513" }, { "name": "GLSA-200903-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml" }, { "name": "TA09-133A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" }, { "name": "ADV-2009-1297", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/1297" }, { "name": "34293", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/34293" }, { "name": "33890", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/33890" }, { "name": "254909", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1" }, { "name": "RHSA-2009:0334", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2009-0334.html" }, { "name": "34012", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/34012" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-02-24T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://isc.sans.org/diary.html?storyid=5929" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487141" }, { "name": "oval:org.mitre.oval:def:15837", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15837" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3549" }, { "name": "RHSA-2009:0332", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2009-0332.html" }, { "name": "35074", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/35074" }, { "name": "34226", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/34226" }, { "name": "APPLE-SA-2009-05-12", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" }, { "name": "oval:org.mitre.oval:def:6470", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6470" }, { "name": "ADV-2009-0743", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/0743" }, { "name": "flash-swf-unspecified-dos(48900)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48900" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html" }, { "name": "ADV-2009-0513", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/0513" }, { "name": "GLSA-200903-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml" }, { "name": "TA09-133A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" }, { "name": "ADV-2009-1297", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/1297" }, { "name": "34293", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/34293" }, { "name": "33890", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/33890" }, { "name": "254909", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1" }, { "name": "RHSA-2009:0334", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2009-0334.html" }, { "name": "34012", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/34012" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0519", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://isc.sans.org/diary.html?storyid=5929", "refsource": "MISC", "url": "http://isc.sans.org/diary.html?storyid=5929" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=487141", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487141" }, { "name": "oval:org.mitre.oval:def:15837", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15837" }, { "name": "http://support.apple.com/kb/HT3549", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3549" }, { "name": "RHSA-2009:0332", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2009-0332.html" }, { "name": "35074", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35074" }, { "name": "34226", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34226" }, { "name": "APPLE-SA-2009-05-12", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" }, { "name": "oval:org.mitre.oval:def:6470", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6470" }, { "name": "ADV-2009-0743", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0743" }, { "name": "flash-swf-unspecified-dos(48900)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48900" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb09-01.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html" }, { "name": "ADV-2009-0513", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0513" }, { "name": "GLSA-200903-23", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml" }, { "name": "TA09-133A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" }, { "name": "ADV-2009-1297", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1297" }, { "name": "34293", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34293" }, { "name": "33890", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33890" }, { "name": "254909", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1" }, { "name": "RHSA-2009:0334", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2009-0334.html" }, { "name": "34012", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34012" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0519", "datePublished": "2009-02-26T16:00:00", "dateReserved": "2009-02-10T00:00:00", "dateUpdated": "2024-08-07T04:40:03.715Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-0522
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://isc.sans.org/diary.html?storyid=5929 | x_refsource_MISC | |
http://securitytracker.com/id?1021752 | vdb-entry, x_refsource_SECTRACK | |
http://www.adobe.com/support/security/bulletins/apsb09-01.html | x_refsource_CONFIRM | |
http://www.vupen.com/english/advisories/2009/0513 | vdb-entry, x_refsource_VUPEN | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6674 | vdb-entry, signature, x_refsource_OVAL | |
http://secunia.com/advisories/34012 | third-party-advisory, x_refsource_SECUNIA | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/48903 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T04:40:03.762Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://isc.sans.org/diary.html?storyid=5929" }, { "name": "1021752", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1021752" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html" }, { "name": "ADV-2009-0513", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/0513" }, { "name": "oval:org.mitre.oval:def:6674", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6674" }, { "name": "34012", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/34012" }, { "name": "flash-unspecified-click-hijacking(48903)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48903" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-02-24T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the \"mouse pointer display,\" related to a \"Clickjacking attack.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://isc.sans.org/diary.html?storyid=5929" }, { "name": "1021752", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1021752" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html" }, { "name": "ADV-2009-0513", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/0513" }, { "name": "oval:org.mitre.oval:def:6674", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6674" }, { "name": "34012", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/34012" }, { "name": "flash-unspecified-click-hijacking(48903)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48903" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0522", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the \"mouse pointer display,\" related to a \"Clickjacking attack.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://isc.sans.org/diary.html?storyid=5929", "refsource": "MISC", "url": "http://isc.sans.org/diary.html?storyid=5929" }, { "name": "1021752", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1021752" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb09-01.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html" }, { "name": "ADV-2009-0513", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0513" }, { "name": "oval:org.mitre.oval:def:6674", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6674" }, { "name": "34012", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34012" }, { "name": "flash-unspecified-click-hijacking(48903)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48903" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0522", "datePublished": "2009-02-26T16:00:00", "dateReserved": "2009-02-10T00:00:00", "dateUpdated": "2024-08-07T04:40:03.762Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-1864
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:27:54.813Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "266108", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "name": "APPLE-SA-2009-09-10-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "name": "GLSA-200908-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3864" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "name": "1022629", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1022629" }, { "name": "flash-air-unspecified-bo(52184)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52184" }, { "name": "oval:org.mitre.oval:def:16133", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16133" }, { "name": "APPLE-SA-2009-09-10-2", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "name": "oval:org.mitre.oval:def:6660", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6660" }, { "name": "ADV-2009-2086", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "name": "35890", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/35890" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "name": "36374", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36374" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3865" }, { "name": "36193", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36193" }, { "name": "36701", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36701" }, { "name": "35904", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/35904" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-07-30T00:00:00", "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "266108", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "name": "APPLE-SA-2009-09-10-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "name": "GLSA-200908-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3864" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "name": "1022629", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1022629" }, { "name": "flash-air-unspecified-bo(52184)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52184" }, { "name": "oval:org.mitre.oval:def:16133", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16133" }, { "name": "APPLE-SA-2009-09-10-2", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "name": "oval:org.mitre.oval:def:6660", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6660" }, { "name": "ADV-2009-2086", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "name": "35890", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/35890" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "name": "36374", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36374" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3865" }, { "name": "36193", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36193" }, { "name": "36701", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36701" }, { "name": "35904", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/35904" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1864", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "266108", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "name": "APPLE-SA-2009-09-10-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "name": "GLSA-200908-04", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "name": "http://support.apple.com/kb/HT3864", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3864" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb09-13.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "name": "1022629", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022629" }, { "name": "flash-air-unspecified-bo(52184)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52184" }, { "name": "oval:org.mitre.oval:def:16133", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16133" }, { "name": "APPLE-SA-2009-09-10-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "name": "oval:org.mitre.oval:def:6660", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6660" }, { "name": "ADV-2009-2086", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "name": "35890", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35890" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb09-10.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "name": "36374", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36374" }, { "name": "http://support.apple.com/kb/HT3865", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3865" }, { "name": "36193", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36193" }, { "name": "36701", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36701" }, { "name": "35904", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35904" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1864", "datePublished": "2009-07-31T19:00:00", "dateReserved": "2009-06-01T00:00:00", "dateUpdated": "2024-08-07T05:27:54.813Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-1867
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:27:54.670Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "266108", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "name": "flash-air-unspecified-clickjacking(52183)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52183" }, { "name": "APPLE-SA-2009-09-10-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "name": "GLSA-200908-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3864" }, { "name": "oval:org.mitre.oval:def:6694", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6694" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "name": "1022629", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1022629" }, { "name": "APPLE-SA-2009-09-10-2", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "name": "56775", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/56775" }, { "name": "ADV-2009-2086", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "name": "oval:org.mitre.oval:def:15430", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15430" }, { "name": "35890", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/35890" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "name": "36374", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36374" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3865" }, { "name": "36193", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36193" }, { "name": "36701", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36701" }, { "name": "35905", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/35905" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-07-30T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a \"clickjacking vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "266108", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "name": "flash-air-unspecified-clickjacking(52183)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52183" }, { "name": "APPLE-SA-2009-09-10-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "name": "GLSA-200908-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3864" }, { "name": "oval:org.mitre.oval:def:6694", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6694" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "name": "1022629", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1022629" }, { "name": "APPLE-SA-2009-09-10-2", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "name": "56775", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/56775" }, { "name": "ADV-2009-2086", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "name": "oval:org.mitre.oval:def:15430", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15430" }, { "name": "35890", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/35890" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "name": "36374", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36374" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3865" }, { "name": "36193", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36193" }, { "name": "36701", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36701" }, { "name": "35905", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/35905" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1867", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a \"clickjacking vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "266108", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" }, { "name": "flash-air-unspecified-clickjacking(52183)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52183" }, { "name": "APPLE-SA-2009-09-10-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" }, { "name": "GLSA-200908-04", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" }, { "name": "http://support.apple.com/kb/HT3864", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3864" }, { "name": "oval:org.mitre.oval:def:6694", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6694" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb09-13.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" }, { "name": "1022629", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022629" }, { "name": "APPLE-SA-2009-09-10-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" }, { "name": "56775", "refsource": "OSVDB", "url": "http://osvdb.org/56775" }, { "name": "ADV-2009-2086", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2086" }, { "name": "oval:org.mitre.oval:def:15430", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15430" }, { "name": "35890", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35890" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb09-10.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "name": "36374", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36374" }, { "name": "http://support.apple.com/kb/HT3865", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3865" }, { "name": "36193", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36193" }, { "name": "36701", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36701" }, { "name": "35905", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35905" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1867", "datePublished": "2009-07-31T19:00:00", "dateReserved": "2009-06-01T00:00:00", "dateUpdated": "2024-08-07T05:27:54.670Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }