CVE-2010-2162

HIGH

Description

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2) STSZ, and (3) STCO atoms.

References

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

http://secunia.com/advisories/40144

http://secunia.com/advisories/40545

http://secunia.com/advisories/43026

http://security.gentoo.org/glsa/glsa-201101-09.xml

http://securitytracker.com/id?1024085

http://securitytracker.com/id?1024086

http://support.apple.com/kb/HT4435

http://www.adobe.com/support/security/bulletins/apsb10-14.html

http://www.redhat.com/support/errata/RHSA-2010-0464.html

http://www.redhat.com/support/errata/RHSA-2010-0470.html

http://www.securityfocus.com/archive/1/511862/100/0/threaded

http://www.securityfocus.com/bid/40759

http://www.securityfocus.com/bid/40801

http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt

http://www.us-cert.gov/cas/techalerts/TA10-162A.html

http://www.vupen.com/english/advisories/2010/1421

http://www.vupen.com/english/advisories/2010/1432

http://www.vupen.com/english/advisories/2010/1434

http://www.vupen.com/english/advisories/2010/1453

http://www.vupen.com/english/advisories/2010/1482

http://www.vupen.com/english/advisories/2010/1522

http://www.vupen.com/english/advisories/2010/1793

http://www.vupen.com/english/advisories/2011/0192

http://www.zerodayinitiative.com/advisories/ZDI-10-109

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16345

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7166

Details

Source: MITRE

Published: 2010-06-15

Updated: 2018-10-30

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* versions up to 10.0.45.2 (inclusive)

Configuration 3

OR

cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:flash_player:5.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:flash_player:5.0.30.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:flash_player:5.0.41.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:flash_player:5.0.42.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:flash_player:5.0.58.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:adobe:air:1.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:air:1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:air:1.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:air:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:air:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:air:1.5.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:* versions up to 1.5.3.9130 (inclusive)

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
63936RHEL 3 / 4 : flash-plugin (RHSA-2010:0470)NessusRed Hat Local Security Checks
high
63935RHEL 5 : flash-plugin (RHSA-2010:0464)NessusRed Hat Local Security Checks
high
51736SuSE 10 Security Update : flash-player (ZYPP Patch Number 7071)NessusSuSE Local Security Checks
high
51658GLSA-201101-09 : Adobe Flash Player: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
50901SuSE 11 / 11.1 Security Update : flash-player (SAT Patch Numbers 2539 / 2541)NessusSuSE Local Security Checks
high
800791Mac OS X 10.6 < 10.6.5 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5705Mac OS X 10.6 < 10.6.5 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
50549Mac OS X Multiple Vulnerabilities (Security Update 2010-007)NessusMacOS X Local Security Checks
high
50548Mac OS X 10.6.x < 10.6.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
47025FreeBSD : linux-flashplugin -- multiple vulnerabilities (144e524a-77eb-11df-ae06-001b2134ef46)NessusFreeBSD Local Security Checks
high
46881openSUSE Security Update : flash-player (openSUSE-SU-2010:0321-1)NessusSuSE Local Security Checks
high
46880openSUSE Security Update : flash-player (openSUSE-SU-2010:0321-1)NessusSuSE Local Security Checks
high
46879openSUSE Security Update : flash-player (openSUSE-SU-2010:0321-1)NessusSuSE Local Security Checks
high
5569Flash Player < 10.1.53.64 / 9.0.277.0 Multiple Vulnerabilities (APSB10-14)Nessus Network MonitorWeb Clients
medium
46859Flash Player < 9.0.277.0 / 10.1.53.63 Multiple Vulnerabilities (ASPB10-14)NessusWindows
high
46858Adobe AIR < 2.0.2.12610 Multiple Vulnerabilities (ASPB10-14)NessusWindows
high