CVE-2010-3636
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
6.5 Medium
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.5%
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors.
Affected configurations
References
blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1
jvn.jp/en/jp/JVN48425028/index.html
jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html
lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html
marc.info/?l=bugtraq&m=130331642631603&w=2
secunia.com/advisories/42183
secunia.com/advisories/42926
secunia.com/advisories/43026
security.gentoo.org/glsa/glsa-201101-09.xml
support.apple.com/kb/HT4435
www.adobe.com/support/security/bulletins/apsb10-26.html
www.redhat.com/support/errata/RHSA-2010-0829.html
www.redhat.com/support/errata/RHSA-2010-0834.html
www.redhat.com/support/errata/RHSA-2010-0867.html
www.securityfocus.com/bid/44691
www.vupen.com/english/advisories/2010/2903
www.vupen.com/english/advisories/2010/2906
www.vupen.com/english/advisories/2010/2918
www.vupen.com/english/advisories/2011/0173
www.vupen.com/english/advisories/2011/0192
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
6.5 Medium
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.5%