CVE-2010-0186

critical

Description

Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors.

References

https://rhn.redhat.com/errata/RHSA-2010-0103.html

https://rhn.redhat.com/errata/RHSA-2010-0102.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8518

https://bugzilla.redhat.com/show_bug.cgi?id=563819

http://www.vupen.com/english/advisories/2011/0192

http://www.vupen.com/english/advisories/2010/1481

http://www.securityfocus.com/bid/38198

http://www.redhat.com/support/errata/RHSA-2010-0114.html

http://www.osvdb.org/62300

http://www.adobe.com/support/security/bulletins/apsb10-07.html

http://www.adobe.com/support/security/bulletins/apsb10-06.html

http://support.apple.com/kb/HT4188

http://securitytracker.com/id?1023585

http://security.gentoo.org/glsa/glsa-201101-09.xml

http://secunia.com/advisories/43026

http://secunia.com/advisories/40220

http://secunia.com/advisories/38915

http://secunia.com/advisories/38639

http://secunia.com/advisories/38547

http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html

http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html

Details

Source: Mitre, NVD

Published: 2010-02-15

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.02923