CVE-2010-2884

HIGH

Description

Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010.

References

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

http://secunia.com/advisories/41434

http://secunia.com/advisories/41435

http://secunia.com/advisories/41443

http://secunia.com/advisories/41526

http://secunia.com/advisories/43025

http://secunia.com/advisories/43026

http://security.gentoo.org/glsa/glsa-201101-08.xml

http://security.gentoo.org/glsa/glsa-201101-09.xml

http://support.apple.com/kb/HT4435

http://www.adobe.com/support/security/advisories/apsa10-03.html

http://www.adobe.com/support/security/bulletins/apsb10-21.html

http://www.adobe.com/support/security/bulletins/apsb10-22.html

http://www.kb.cert.org/vuls/id/275289

http://www.redhat.com/support/errata/RHSA-2010-0706.html

http://www.redhat.com/support/errata/RHSA-2010-0743.html

http://www.us-cert.gov/cas/techalerts/TA10-263A.html

http://www.us-cert.gov/cas/techalerts/TA10-279A.html

http://www.vupen.com/english/advisories/2010/2348

http://www.vupen.com/english/advisories/2010/2349

http://www.vupen.com/english/advisories/2011/0191

http://www.vupen.com/english/advisories/2011/0192

https://exchange.xforce.ibmcloud.com/vulnerabilities/61771

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6852

Details

Source: MITRE

Published: 2010-09-15

Updated: 2018-10-30

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* versions up to 10.1.82.76 (inclusive)

Configuration 2

AND

OR

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:adobe:acrobat_reader:3.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:3.01:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:3.02:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:4.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:4.0.5a:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:4.0.5c:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:4.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:5.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:5.0.7:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:5.0.9:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:5.0.11:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:5.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.9:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.1.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.2.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.2.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.2.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.3.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:* versions up to 9.3.4 (inclusive)

Configuration 4

AND

OR

cpe:2.3:a:adobe:acrobat:3.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:3.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:4.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:4.0.5a:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:4.0.5c:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:5.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:6.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:6.0.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:6.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:6.0.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.9:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.1.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.1.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.1.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.1.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.2.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.2.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.2.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.3.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.3.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Tenable Plugins

View all (27 total)

IDNameProductFamilySeverity
75492openSUSE Security Update : flash-player (openSUSE-SU-2010:0647-1)NessusSuSE Local Security Checks
high
75419openSUSE Security Update : acroread (openSUSE-SU-2010:0706-1)NessusSuSE Local Security Checks
high
51738SuSE 10 Security Update : flash-player (ZYPP Patch Number 7165)NessusSuSE Local Security Checks
high
51715SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 7182)NessusSuSE Local Security Checks
high
51703SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 7181)NessusSuSE Local Security Checks
high
51658GLSA-201101-09 : Adobe Flash Player: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
51657GLSA-201101-08 : Adobe Reader: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
50903SuSE 11 / 11.1 Security Update : flash-player (SAT Patch Numbers 3155 / 3157)NessusSuSE Local Security Checks
high
50888SuSE 11 / 11.1 Security Update : acroread_ja (SAT Patch Numbers 3272 / 3273)NessusSuSE Local Security Checks
high
50884SuSE 11 / 11.1 Security Update : Acrobat Reader (SAT Patch Numbers 3268 / 3270)NessusSuSE Local Security Checks
high
800791Mac OS X 10.6 < 10.6.5 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5705Mac OS X 10.6 < 10.6.5 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
50549Mac OS X Multiple Vulnerabilities (Security Update 2010-007)NessusMacOS X Local Security Checks
high
50548Mac OS X 10.6.x < 10.6.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
49825openSUSE Security Update : acroread (openSUSE-SU-2010:0706-1)NessusSuSE Local Security Checks
high
49824openSUSE Security Update : acroread (openSUSE-SU-2010:0706-1)NessusSuSE Local Security Checks
high
49786RHEL 4 / 5 : acroread (RHSA-2010:0743)NessusRed Hat Local Security Checks
high
49652FreeBSD : linux-flashplugin -- remote code execution (8a34d9e6-c662-11df-b2e1-001b2134ef46)NessusFreeBSD Local Security Checks
high
49642openSUSE Security Update : flash-player (openSUSE-SU-2010:0647-1)NessusSuSE Local Security Checks
high
49641openSUSE Security Update : flash-player (openSUSE-SU-2010:0647-1)NessusSuSE Local Security Checks
high
49640RHEL 3 / 4 / 5 : flash-plugin (RHSA-2010:0706)NessusRed Hat Local Security Checks
high
49307Flash Player < 9.0.283 / 10.1.85.3 Unspecified Code Execution (APSB10-22)NessusWindows
high
800902Google Chrome < 6.0.472.62 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
5670Flash Player Unspecified Code Execution (APSB10-22)Nessus Network MonitorWeb Clients
medium
5669Google Chrome < 6.0.472.62 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
49173Adobe Reader < 9.4 / 8.2.5 Multiple Vulnerabilities (APSB10-21)NessusWindows
high
49172Adobe Acrobat < 9.4 / 8.2.5 Multiple Vulnerabilities (APSB10-21)NessusWindows
high