CVE-2010-2215

MEDIUM

Description

Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "click-jacking" issue.

References

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

http://marc.info/?l=bugtraq&m=128767780602751&w=2

http://secunia.com/advisories/43026

http://security.gentoo.org/glsa/glsa-201101-09.xml

http://support.apple.com/kb/HT4435

http://www.adobe.com/support/security/bulletins/apsb10-16.html

http://www.securityfocus.com/bid/42361

http://www.securitytracker.com/id?1024621

http://www.vupen.com/english/advisories/2011/0192

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11532

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16192

Details

Source: MITRE

Published: 2010-08-11

Updated: 2018-10-30

Type: NVD-CWE-Other

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:1.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:1.5.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:1.5.3.9120:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* versions up to 10.1.53.64 (inclusive)

cpe:2.3:a:adobe:flash_player_for_linux:9.0.31:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player_for_linux:9.0.48.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player_for_linux:9.0.115.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player_for_linux:9.0.124.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player_for_linux:9.0.151.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player_for_linux:10.0.12.36:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player_for_linux:10.0.15.3:*:*:*:*:*:*:*

Tenable Plugins

View all (21 total)

ID	Name	Product	Family	Severity
75418	openSUSE Security Update : acroread (openSUSE-SU-2010:0573-1)	Nessus	SuSE Local Security Checks	high
63945	RHEL 3 / 4 : flash-plugin (RHSA-2010:0624)	Nessus	Red Hat Local Security Checks	high
63944	RHEL 5 : flash-plugin (RHSA-2010:0623)	Nessus	Red Hat Local Security Checks	high
51714	SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 7132)	Nessus	SuSE Local Security Checks	high
51702	SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 7131)	Nessus	SuSE Local Security Checks	high
51658	GLSA-201101-09 : Adobe Flash Player: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
50887	SuSE 11 / 11.1 Security Update : acroread_ja (SAT Patch Numbers 3004 / 3005)	Nessus	SuSE Local Security Checks	high
50883	SuSE 11 / 11.1 Security Update : Acrobat Reader (SAT Patch Numbers 3008 / 3009)	Nessus	SuSE Local Security Checks	high
800791	Mac OS X 10.6 < 10.6.5 Multiple Vulnerabilities	Log Correlation Engine	Operating System Detection	high
5705	Mac OS X 10.6 < 10.6.5 Multiple Vulnerabilities	Nessus Network Monitor	Generic	critical
50549	Mac OS X Multiple Vulnerabilities (Security Update 2010-007)	Nessus	MacOS X Local Security Checks	high
50548	Mac OS X 10.6.x < 10.6.5 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
49084	openSUSE Security Update : acroread (openSUSE-SU-2010:0573-1)	Nessus	SuSE Local Security Checks	high
49083	openSUSE Security Update : acroread (openSUSE-SU-2010:0573-1)	Nessus	SuSE Local Security Checks	high
48400	RHEL 4 / 5 : acroread (RHSA-2010:0636)	Nessus	Red Hat Local Security Checks	high
48375	Adobe Reader < 9.3.4 / 8.2.4 Multiple Vulnerabilities (APSB10-17)	Nessus	Windows	high
48374	Adobe Acrobat < 9.3.4 / 8.2.4 Multiple Vulnerabilities (APSB10-17)	Nessus	Windows	high
48333	FreeBSD : linux-flashplugin -- multiple vulnerabilities (e19e74a4-a712-11df-b234-001b2134ef46)	Nessus	FreeBSD Local Security Checks	high
5625	Flash Player Multiple Vulnerabilities (APSB10-16)	Nessus Network Monitor	Web Clients	medium
48300	Flash Player < 9.0.280 / 10.1.82.76 Multiple Vulnerabilities (APSB10-16)	Nessus	Windows	high
48299	Adobe AIR < 2.0.3 Multiple Vulnerabilities (APSB10-16)	Nessus	Windows	high