CVE-2010-0186

MEDIUM

Description

Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors.

References

http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html

http://secunia.com/advisories/38547

http://secunia.com/advisories/38639

http://secunia.com/advisories/38915

http://secunia.com/advisories/40220

http://secunia.com/advisories/43026

http://security.gentoo.org/glsa/glsa-201101-09.xml

http://securitytracker.com/id?1023585

http://support.apple.com/kb/HT4188

http://www.adobe.com/support/security/bulletins/apsb10-06.html

http://www.adobe.com/support/security/bulletins/apsb10-07.html

http://www.osvdb.org/62300

http://www.redhat.com/support/errata/RHSA-2010-0114.html

http://www.securityfocus.com/bid/38198

http://www.vupen.com/english/advisories/2010/1481

http://www.vupen.com/english/advisories/2011/0192

https://bugzilla.redhat.com/show_bug.cgi?id=563819

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8518

https://rhn.redhat.com/errata/RHSA-2010-0102.html

https://rhn.redhat.com/errata/RHSA-2010-0103.html

Details

Source: MITRE

Published: 2010-02-15

Updated: 2018-10-30

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:1.5.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:* versions up to 1.5.3.9120 (inclusive)

cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* versions up to 10.0.42.34 (inclusive)

Configuration 2

OR

cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:* versions up to 9.3 (inclusive)

Configuration 3

OR

cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:* versions up to 9.3 (inclusive)

Tenable Plugins

View all (27 total)

IDNameProductFamilySeverity
63918RHEL 3 / 4 : flash-plugin (RHSA-2010:0103)NessusRed Hat Local Security Checks
medium
63917RHEL 5 : flash-plugin (RHSA-2010:0102)NessusRed Hat Local Security Checks
medium
51735SuSE 10 Security Update : flash-player (ZYPP Patch Number 6845)NessusSuSE Local Security Checks
medium
51734SuSE 10 Security Update : flash-player (ZYPP Patch Number 6844)NessusSuSE Local Security Checks
medium
51698SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6881)NessusSuSE Local Security Checks
high
51697SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6879)NessusSuSE Local Security Checks
high
51658GLSA-201101-09 : Adobe Flash Player: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
49126GLSA-201009-05 : Adobe Reader: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
800793Mac OS X 10.6 < 10.6.4 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5571Mac OS X 10.6 < 10.6.4 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
47024Mac OS X Multiple Vulnerabilities (Security Update 2010-004)NessusMacOS X Local Security Checks
high
47023Mac OS X 10.6.x < 10.6.4 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
44984SuSE 11 Security Update : Acrobat Reader (SAT Patch Number 2065)NessusSuSE Local Security Checks
high
44981openSUSE Security Update : acroread (acroread-2068)NessusSuSE Local Security Checks
high
44978openSUSE Security Update : acroread (acroread-2068)NessusSuSE Local Security Checks
high
44975openSUSE Security Update : acroread (acroread-2068)NessusSuSE Local Security Checks
high
44665RHEL 4 / 5 : acroread (RHSA-2010:0114)NessusRed Hat Local Security Checks
high
44644Adobe Reader < 9.3.1 / 8.2.1 Multiple Vulnerabilities (APSB10-07)NessusWindows
high
44643Adobe Acrobat < 9.3.1 / 8.2.1 Multiple Vulnerabilities (APSB10-07)NessusWindows
high
44639SuSE 11 Security Update : flash-player (SAT Patch Number 1977)NessusSuSE Local Security Checks
medium
44638openSUSE Security Update : flash-player (flash-player-1970)NessusSuSE Local Security Checks
medium
44637openSUSE Security Update : flash-player (flash-player-1970)NessusSuSE Local Security Checks
medium
44636openSUSE Security Update : flash-player (flash-player-1970)NessusSuSE Local Security Checks
medium
44602FreeBSD : linux-flashplugin -- multiple vulnerabilities (ff6519ad-18e5-11df-9bdd-001b2134ef46)NessusFreeBSD Local Security Checks
medium
5338Flash Player < 10.0.45.2 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
44596Flash Player < 10.0.45.2 Multiple Vulnerabilities (APSB10-06)NessusWindows
medium
44595Adobe AIR < 1.5.3.9130 Multiple Vulnerabilities (APSB10-06)NessusWindows
medium