Flash Player < 9.0.289 / 10.1.102.64 Multiple Vulnerabilities (APSB10-26)

2010-11-0500:00:00

Tenable

www.tenable.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.971

Percentile

99.8%

JSON

The remote host has Adobe Flash Player installed. Versions of Flash Player 9.x earlier than 9.0.289 and 10.x earlier than 10.1.102.64 are potentially affected by multiple vulnerabilities :

A memory corruption vulnerability exists that could lead to code execution. Note that there are reports that this is being actively exploited in the wild. (CVE-2010-3654)
An input validation issue exists that could lead to a bypass of cross-domain policy file restrictions with certain server encodings. (CVE-2010-3636)
A memory corruption vulnerability exists in the ActiveX component. (CVE-2010-3637)
An unspecified information disclosure vulnerability exists. Note that this issue only affects Flash Player on Safari. (CVE-2010-3638)
An unspecified issue exists which could lead to a denial-of-service or potentially arbitrary code execution. (CVE-2010-3639)
Multiple memory corruption issues exists that could lead to arbitrary code execution. (CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652)
A library-loading vulnerability could lead to code execution. (CVE-2010-3639)