CVE-2010-3636

high

Description

Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors.

References

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1

http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html

http://jvn.jp/en/jp/JVN48425028/index.html

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html

http://marc.info/?l=bugtraq&m=130331642631603&w=2

http://secunia.com/advisories/42183

http://secunia.com/advisories/42926

http://secunia.com/advisories/43026

http://security.gentoo.org/glsa/glsa-201101-09.xml

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913

http://support.apple.com/kb/HT4435

http://www.adobe.com/support/security/bulletins/apsb10-26.html

http://www.redhat.com/support/errata/RHSA-2010-0829.html

http://www.redhat.com/support/errata/RHSA-2010-0834.html

http://www.redhat.com/support/errata/RHSA-2010-0867.html

http://www.vupen.com/english/advisories/2010/2903

http://www.vupen.com/english/advisories/2010/2906

http://www.vupen.com/english/advisories/2010/2918

http://www.vupen.com/english/advisories/2011/0173

http://www.vupen.com/english/advisories/2011/0192

Details

Published: 2010-11-07

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High