Lucene search
RootSSV:19843HistoryJun 23, 2010 - 12:00 a.m.
Adobe Flash Player DefineBit标签JPEG解析内存破坏漏洞
2010-06-2300:00:00
Root
www.seebug.org
20
0.013 Low
EPSS
Percentile
84.5%
BUGTRAQ ID: 40784
CVE ID: CVE-2010-2171
Flash Player是一款非常流行的FLASH播放器。
Flash Player负责解析SWF文件中内嵌图形数据的代码中存在安全漏洞,DefineBits标签在处理JPEG数据时存在解析问题。具体来讲,解压例程在对堆内存执行操作之前没有充分地验证图形维度,可能触发内存破坏,导致以运行浏览器用户的权限执行任意代码。
Adobe Flash Player 9.x
Adobe Flash Player 10.x
Adobe AIR <= 1.5.3.9130
厂商补丁:
Adobe
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.adobe.com/support/security/bulletins/apsb10-14.html
RedHat
RedHat已经为此发布了一个安全公告(RHSA-2010:0464-01)以及相应补丁:
RHSA-2010:0464-01:Critical: flash-plugin security update
链接:https://www.redhat.com/support/errata/RHSA-2010-0464.html
Related
securityvulns
securityvulns
ZDI-10-110: Adobe Flash Player Multiple Tag JPEG Parsing Remote Code Execution Vulnerability
2010-06-20 00:00:00
Adobe Flash Player / Acrobat / Reader memory corruptions
2010-06-26 00:00:00
Security update available for Adobe Flash Player
2010-06-11 00:00:00
zdi
zdi
ubuntucve
ubuntucve
prion
prion
Memory corruption
2010-06-15 18:00:00
Memory corruption
2010-06-15 18:00:00
Memory corruption
2010-06-15 18:00:00
cve
cve
openvas
openvas
FreeBSD Ports: linux-flashplugin
2010-08-21 00:00:00
FreeBSD Ports: linux-flashplugin
2010-08-21 00:00:00
Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Windows)
2010-06-22 00:00:00
redhat
redhat
(RHSA-2010:0464) Critical: flash-plugin security update
2010-06-11 00:00:00
(RHSA-2010:0470) Critical: flash-plugin security update
2010-06-14 00:00:00
nessus
nessus
RHEL 5 : flash-plugin (RHSA-2010:0464)
2013-01-24 00:00:00
Flash Player < 9.0.277.0 / 10.1.53.63 Multiple Vulnerabilities (APSB10-14)
2010-06-10 00:00:00
Adobe AIR < 2.0.2.12610 Multiple Vulnerabilities (APSB10-14)
2010-06-10 00:00:00
freebsd
freebsd
linux-flashplugin -- multiple vulnerabilities
2008-10-02 00:00:00
suse
suse
remote code execution in flash-player
2010-06-11 17:44:20
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2011-01-21 00:00:00