Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-3636

Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors.

Published

2010-11-07T22:00:01.863

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	adobe	flash_player	< 9.0.289.0	Yes
Application	adobe	flash_player	< 10.1.102.64	Yes
Operating System	apple	mac_os_x	-	No
Operating System	linux	linux_kernel	-	No
Operating System	microsoft	windows	-	No
Operating System	sun	solaris	-	No
Application	adobe	flash_player	≤ 10.1.95.1	Yes
Operating System	google	android	-	No

References

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1 Broken Link ([email protected])
http://jvn.jp/en/jp/JVN48425028/index.html Third Party Advisory, VDB Entry ([email protected])
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html Third Party Advisory, VDB Entry ([email protected])
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=130331642631603&w=2 Mailing List, Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=130331642631603&w=2 Mailing List, Third Party Advisory ([email protected])
http://secunia.com/advisories/42183 Third Party Advisory ([email protected])
http://secunia.com/advisories/42926 Third Party Advisory ([email protected])
http://secunia.com/advisories/43026 Third Party Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-201101-09.xml Third Party Advisory ([email protected])
http://support.apple.com/kb/HT4435 Third Party Advisory ([email protected])
http://www.adobe.com/support/security/bulletins/apsb10-26.html Patch, Vendor Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2010-0829.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2010-0834.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2010-0867.html Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/44691 Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2010/2903 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2010/2906 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2010/2918 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2011/0173 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2011/0192 Third Party Advisory ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142 Third Party Advisory ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913 Third Party Advisory ([email protected])
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://jvn.jp/en/jp/JVN48425028/index.html Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=130331642631603&w=2 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=130331642631603&w=2 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42183 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42926 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43026 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-201101-09.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT4435 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.adobe.com/support/security/bulletins/apsb10-26.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0829.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0834.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0867.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/44691 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/2903 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/2906 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/2918 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0173 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0192 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)