CVE-2010-2215

MEDIUM

Description

Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "click-jacking" issue.

References

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

http://marc.info/?l=bugtraq&m=128767780602751&w=2

http://secunia.com/advisories/43026

http://security.gentoo.org/glsa/glsa-201101-09.xml

http://support.apple.com/kb/HT4435

http://www.adobe.com/support/security/bulletins/apsb10-16.html

http://www.securityfocus.com/bid/42361

http://www.securitytracker.com/id?1024621

http://www.vupen.com/english/advisories/2011/0192

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11532

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16192

Details

Source: MITRE

Published: 2010-08-11

Updated: 2018-10-30

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:1.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:1.5.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:1.5.3.9120:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* versions up to 10.1.53.64 (inclusive)

cpe:2.3:a:adobe:flash_player_for_linux:9.0.31:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player_for_linux:9.0.48.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player_for_linux:9.0.115.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player_for_linux:9.0.124.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player_for_linux:9.0.151.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player_for_linux:10.0.12.36:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player_for_linux:10.0.15.3:*:*:*:*:*:*:*

Tenable Plugins

View all (21 total)

IDNameProductFamilySeverity
75418openSUSE Security Update : acroread (openSUSE-SU-2010:0573-1)NessusSuSE Local Security Checks
high
63945RHEL 3 / 4 : flash-plugin (RHSA-2010:0624)NessusRed Hat Local Security Checks
high
63944RHEL 5 : flash-plugin (RHSA-2010:0623)NessusRed Hat Local Security Checks
high
51714SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 7132)NessusSuSE Local Security Checks
high
51702SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 7131)NessusSuSE Local Security Checks
high
51658GLSA-201101-09 : Adobe Flash Player: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
50887SuSE 11 / 11.1 Security Update : acroread_ja (SAT Patch Numbers 3004 / 3005)NessusSuSE Local Security Checks
high
50883SuSE 11 / 11.1 Security Update : Acrobat Reader (SAT Patch Numbers 3008 / 3009)NessusSuSE Local Security Checks
high
800791Mac OS X 10.6 < 10.6.5 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5705Mac OS X 10.6 < 10.6.5 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
50549Mac OS X Multiple Vulnerabilities (Security Update 2010-007)NessusMacOS X Local Security Checks
high
50548Mac OS X 10.6.x < 10.6.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
49084openSUSE Security Update : acroread (openSUSE-SU-2010:0573-1)NessusSuSE Local Security Checks
high
49083openSUSE Security Update : acroread (openSUSE-SU-2010:0573-1)NessusSuSE Local Security Checks
high
48400RHEL 4 / 5 : acroread (RHSA-2010:0636)NessusRed Hat Local Security Checks
high
48375Adobe Reader < 9.3.4 / 8.2.4 Multiple Vulnerabilities (APSB10-17)NessusWindows
high
48374Adobe Acrobat < 9.3.4 / 8.2.4 Multiple Vulnerabilities (APSB10-17)NessusWindows
high
48333FreeBSD : linux-flashplugin -- multiple vulnerabilities (e19e74a4-a712-11df-b234-001b2134ef46)NessusFreeBSD Local Security Checks
high
5625Flash Player Multiple Vulnerabilities (APSB10-16)Nessus Network MonitorWeb Clients
medium
48300Flash Player < 9.0.280 / 10.1.82.76 Multiple Vulnerabilities (APSB10-16)NessusWindows
high
48299Adobe AIR < 2.0.3 Multiple Vulnerabilities (APSB10-16)NessusWindows
high