Lucene search

K
redhatRedHatRHSA-2010:0834
HistoryNov 08, 2010 - 12:00 a.m.

(RHSA-2010:0834) Critical: flash-plugin security update

2010-11-0800:00:00
access.redhat.com
15

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.

This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed on the Adobe security page APSB10-26, listed
in the References section.

Multiple security flaws were found in the way flash-plugin displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2010-3639,
CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644,
CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649,
CVE-2010-3650, CVE-2010-3652, CVE-2010-3654)

An input validation flaw was discovered in flash-plugin. Certain server
encodings could lead to a bypass of cross-domain policy file restrictions,
possibly leading to cross-domain information disclosure. (CVE-2010-3636)

All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 9.0.289.0.

OSVersionArchitecturePackageVersionFilename
RedHat4i386flash-plugin< 9.0.289.0-1.el4flash-plugin-9.0.289.0-1.el4.i386.rpm

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%