CVE-2010-2188

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187.

References

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

http://secunia.com/advisories/40144

http://secunia.com/advisories/40545

http://secunia.com/advisories/43026

http://security.gentoo.org/glsa/glsa-201101-09.xml

http://securitytracker.com/id?1024085

http://securitytracker.com/id?1024086

http://support.apple.com/kb/HT4435

http://www.adobe.com/support/security/bulletins/apsb10-14.html

http://www.adobe.com/support/security/bulletins/apsb10-16.html

http://www.redhat.com/support/errata/RHSA-2010-0464.html

http://www.redhat.com/support/errata/RHSA-2010-0470.html

http://www.securityfocus.com/archive/1/511924/100/0/threaded

http://www.securityfocus.com/bid/40759

http://www.securityfocus.com/bid/40798

http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt

http://www.us-cert.gov/cas/techalerts/TA10-162A.html

http://www.vupen.com/english/advisories/2010/1421

http://www.vupen.com/english/advisories/2010/1432

http://www.vupen.com/english/advisories/2010/1434

http://www.vupen.com/english/advisories/2010/1453

http://www.vupen.com/english/advisories/2010/1482

http://www.vupen.com/english/advisories/2010/1522

http://www.vupen.com/english/advisories/2010/1793

http://www.vupen.com/english/advisories/2011/0192

http://www.zerodayinitiative.com/advisories/ZDI-10-111

https://exchange.xforce.ibmcloud.com/vulnerabilities/59337

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16271

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6946

Details

Source: MITRE

Published: 2010-06-15

Updated: 2018-10-30

Type: CWE-119

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* versions up to 10.0.45.2 (inclusive)

Configuration 3

OR

cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:flash_player:5.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:flash_player:5.0.30.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:flash_player:5.0.41.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:flash_player:5.0.42.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:flash_player:5.0.58.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:adobe:air:1.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:air:1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:air:1.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:air:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:air:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:air:1.5.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:* versions up to 1.5.3.9130 (inclusive)

Tenable Plugins

View all (32 total)

IDNameProductFamilySeverity
75491openSUSE Security Update : flash-player (openSUSE-SU-2010:0502-1)NessusSuSE Local Security Checks
high
75418openSUSE Security Update : acroread (openSUSE-SU-2010:0573-1)NessusSuSE Local Security Checks
high
63936RHEL 3 / 4 : flash-plugin (RHSA-2010:0470)NessusRed Hat Local Security Checks
high
63935RHEL 5 : flash-plugin (RHSA-2010:0464)NessusRed Hat Local Security Checks
high
51737SuSE 10 Security Update : flash-player (ZYPP Patch Number 7119)NessusSuSE Local Security Checks
high
51736SuSE 10 Security Update : flash-player (ZYPP Patch Number 7071)NessusSuSE Local Security Checks
high
51714SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 7132)NessusSuSE Local Security Checks
high
51702SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 7131)NessusSuSE Local Security Checks
high
51658GLSA-201101-09 : Adobe Flash Player: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
50902SuSE 11 / 11.1 Security Update : flash-player (SAT Patch Numbers 2900 / 2901)NessusSuSE Local Security Checks
high
50901SuSE 11 / 11.1 Security Update : flash-player (SAT Patch Numbers 2539 / 2541)NessusSuSE Local Security Checks
high
50887SuSE 11 / 11.1 Security Update : acroread_ja (SAT Patch Numbers 3004 / 3005)NessusSuSE Local Security Checks
high
50883SuSE 11 / 11.1 Security Update : Acrobat Reader (SAT Patch Numbers 3008 / 3009)NessusSuSE Local Security Checks
high
800791Mac OS X 10.6 < 10.6.5 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5705Mac OS X 10.6 < 10.6.5 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
50549Mac OS X Multiple Vulnerabilities (Security Update 2010-007)NessusMacOS X Local Security Checks
high
50548Mac OS X 10.6.x < 10.6.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
49084openSUSE Security Update : acroread (openSUSE-SU-2010:0573-1)NessusSuSE Local Security Checks
high
49083openSUSE Security Update : acroread (openSUSE-SU-2010:0573-1)NessusSuSE Local Security Checks
high
48375Adobe Reader < 9.3.4 / 8.2.4 Multiple Vulnerabilities (APSB10-17)NessusWindows
high
48374Adobe Acrobat < 9.3.4 / 8.2.4 Multiple Vulnerabilities (APSB10-17)NessusWindows
high
48333FreeBSD : linux-flashplugin -- multiple vulnerabilities (e19e74a4-a712-11df-b234-001b2134ef46)NessusFreeBSD Local Security Checks
high
48321openSUSE Security Update : flash-player (openSUSE-SU-2010:0502-1)NessusSuSE Local Security Checks
high
48320openSUSE Security Update : flash-player (openSUSE-SU-2010:0502-1)NessusSuSE Local Security Checks
high
5625Flash Player Multiple Vulnerabilities (APSB10-16)Nessus Network MonitorWeb Clients
medium
48300Flash Player < 9.0.280 / 10.1.82.76 Multiple Vulnerabilities (APSB10-16)NessusWindows
high
48299Adobe AIR < 2.0.3 Multiple Vulnerabilities (APSB10-16)NessusWindows
high
47025FreeBSD : linux-flashplugin -- multiple vulnerabilities (144e524a-77eb-11df-ae06-001b2134ef46)NessusFreeBSD Local Security Checks
high
46881openSUSE Security Update : flash-player (openSUSE-SU-2010:0321-1)NessusSuSE Local Security Checks
high
46880openSUSE Security Update : flash-player (openSUSE-SU-2010:0321-1)NessusSuSE Local Security Checks
high
46879openSUSE Security Update : flash-player (openSUSE-SU-2010:0321-1)NessusSuSE Local Security Checks
high
5569Flash Player < 10.1.53.64 / 9.0.277.0 Multiple Vulnerabilities (APSB10-14)Nessus Network MonitorWeb Clients
medium