Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAnonymousTielei Wang, from ICST-ERCIS, Peking UniversityZDI-10-110
HistoryJun 16, 2010 - 12:00 a.m.

Adobe Flash Player Multiple Tag JPEG Parsing Remote Code Execution Vulnerability

2010-06-1600:00:00
AnonymousTielei Wang, from ICST-ERCIS, Peking University
www.zerodayinitiative.com
26

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.013 Low

EPSS

Percentile

85.9%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required in that a target must visit a malicious website. The specific flaw exists within the code for parsing embedded image data within SWF files. The DefineBits tag and several of its variations are prone to a parsing issue while handling JPEG data. Specifically, the vulnerability is due to decompression routines that do not validate image dimensions sufficiently before performing operations on heap memory. An attacker can exploit this vulnerability to execute arbitrary code under the context of the user running the browser.

Related

securityvulns 5
seebug 1
ubuntucve 13
prion 13
cve 13
openvas 14
redhat 2
nessus 14
freebsd 1
suse 1
gentoo 1
securityvulns
securityvulns
ZDI-10-110: Adobe Flash Player Multiple Tag JPEG Parsing Remote Code Execution Vulnerability
2010-06-20 00:00:00
Adobe Flash Player / Acrobat / Reader memory corruptions
2010-06-26 00:00:00
Security update available for Adobe Flash Player
2010-06-11 00:00:00
seebug
seebug
Adobe Flash Player DefineBitζ ‡η­ΎJPEGθ§£ζžε†…ε­˜η ΄εζΌζ΄ž
2010-06-23 00:00:00
ubuntucve
ubuntucve
CVE-2010-2188
2010-06-15 00:00:00
CVE-2010-2184
2010-06-15 00:00:00
CVE-2010-2166
2010-06-15 00:00:00
prion
prion
Memory corruption
2010-06-15 18:00:00
Memory corruption
2010-06-15 18:00:00
Memory corruption
2010-06-15 18:00:00
cve
cve
CVE-2010-2178
2010-06-15 18:00:00
CVE-2010-2188
2010-06-15 18:00:00
CVE-2010-2187
2010-06-15 18:00:00
openvas
openvas
FreeBSD Ports: linux-flashplugin
2010-08-21 00:00:00
FreeBSD Ports: linux-flashplugin
2010-08-21 00:00:00
Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Windows)
2010-06-22 00:00:00
redhat
redhat
(RHSA-2010:0464) Critical: flash-plugin security update
2010-06-11 00:00:00
(RHSA-2010:0470) Critical: flash-plugin security update
2010-06-14 00:00:00
nessus
nessus
RHEL 5 : flash-plugin (RHSA-2010:0464)
2013-01-24 00:00:00
Flash Player < 9.0.277.0 / 10.1.53.63 Multiple Vulnerabilities (APSB10-14)
2010-06-10 00:00:00
RHEL 3 / 4 : flash-plugin (RHSA-2010:0470)
2013-01-24 00:00:00
freebsd
freebsd
linux-flashplugin -- multiple vulnerabilities
2008-10-02 00:00:00
suse
suse
remote code execution in flash-player
2010-06-11 17:44:20
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2011-01-21 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.013 Low

EPSS

Percentile

85.9%

JSON
Related for ZDI-10-110
securityvulns5seebug1ubuntucve13prion13cve13openvas14redhat2nessus14freebsd1suse1gentoo1