CVE-2010-3654

HIGH

Description

Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.

References

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1

http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html

http://secunia.com/advisories/41917

http://secunia.com/advisories/42030

http://secunia.com/advisories/42183

http://secunia.com/advisories/42401

http://secunia.com/advisories/42926

http://secunia.com/advisories/43025

http://secunia.com/advisories/43026

http://security.gentoo.org/glsa/glsa-201101-08.xml

http://security.gentoo.org/glsa/glsa-201101-09.xml

http://securityreason.com/securityalert/8210

http://support.apple.com/kb/HT4435

http://www.adobe.com/support/security/advisories/apsa10-05.html

http://www.adobe.com/support/security/bulletins/apsb10-26.html

http://www.adobe.com/support/security/bulletins/apsb10-28.html

http://www.kb.cert.org/vuls/id/298081

http://www.redhat.com/support/errata/RHSA-2010-0829.html

http://www.redhat.com/support/errata/RHSA-2010-0834.html

http://www.redhat.com/support/errata/RHSA-2010-0867.html

http://www.redhat.com/support/errata/RHSA-2010-0934.html

http://www.securityfocus.com/bid/44504

http://www.securitytracker.com/id?1024659

http://www.securitytracker.com/id?1024660

http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt

http://www.vupen.com/english/advisories/2010/2903

http://www.vupen.com/english/advisories/2010/2906

http://www.vupen.com/english/advisories/2010/2918

http://www.vupen.com/english/advisories/2010/3111

http://www.vupen.com/english/advisories/2011/0173

http://www.vupen.com/english/advisories/2011/0191

http://www.vupen.com/english/advisories/2011/0192

http://www.vupen.com/english/advisories/2011/0344

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13294

Details

Source: MITRE

Published: 2010-10-29

Updated: 2017-09-19

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:flash_player:5.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:flash_player:5.0_r50:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:flash_player:6.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:flash_player:6.0.29.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:flash_player:6.0.40.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:flash_player:6.0.47.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:flash_player:6.0.65.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:flash_player:6.0.79.0:*:*:*:*:*:*:*

OR

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*

Configuration 2

AND

OR

cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:flash_player:5.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:flash_player:5.0_r50:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:flash_player:6.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:flash_player:6.0.29.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:flash_player:6.0.40.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:flash_player:6.0.47.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:flash_player:6.0.65.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:flash_player:6.0.79.0:*:*:*:*:*:*:*

OR

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.3.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.3.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.3.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.3.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.3.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.4:*:*:*:*:*:*:*

Tenable Plugins

View all (30 total)

IDNameProductFamilySeverity
75493openSUSE Security Update : flash-player (flash-player-3474)NessusSuSE Local Security Checks
high
75420openSUSE Security Update : acroread (openSUSE-SU-2010:1030-1)NessusSuSE Local Security Checks
high
63957RHEL 4 : flash-plugin (RHSA-2010:0834)NessusRed Hat Local Security Checks
high
63956RHEL 5 : flash-plugin (RHSA-2010:0829)NessusRed Hat Local Security Checks
high
53718openSUSE Security Update : flash-player (flash-player-3474)NessusSuSE Local Security Checks
high
53692openSUSE Security Update : acroread (openSUSE-SU-2010:1030-1)NessusSuSE Local Security Checks
high
53658openSUSE Security Update : flash-player (flash-player-3474)NessusSuSE Local Security Checks
high
53651openSUSE Security Update : acroread (openSUSE-SU-2010:1030-1)NessusSuSE Local Security Checks
high
51739SuSE 10 Security Update : flash-player (ZYPP Patch Number 7223)NessusSuSE Local Security Checks
high
51716SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 7267)NessusSuSE Local Security Checks
high
51704SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 7266)NessusSuSE Local Security Checks
high
51658GLSA-201101-09 : Adobe Flash Player: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
51657GLSA-201101-08 : Adobe Reader: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
51087SuSE 11 / 11.1 Security Update : acroread_ja (SAT Patch Numbers 3638 / 3639)NessusSuSE Local Security Checks
high
51086SuSE 11 / 11.1 Security Update : Acrobat Reader (SAT Patch Numbers 3634 / 3636)NessusSuSE Local Security Checks
high
50904SuSE 11 / 11.1 Security Update : flash-player (SAT Patch Numbers 3475 / 3477)NessusSuSE Local Security Checks
high
50869RHEL 4 / 5 / 6 : acroread (RHSA-2010:0934)NessusRed Hat Local Security Checks
high
50639RHEL 6 : flash-plugin (RHSA-2010:0867)NessusRed Hat Local Security Checks
high
50614Adobe Reader < 9.4.1 Multiple Vulnerabilities (APSB10-28)NessusWindows
high
50613Adobe Acrobat 9.x < 9.4.1 Multiple Vulnerabilities (APSB10-28)NessusWindows
high
50604Adobe AIR < 2.5.1 Multiple Vulnerabilities (APSB10-26)NessusWindows
high
800791Mac OS X 10.6 < 10.6.5 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5705Mac OS X 10.6 < 10.6.5 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
50549Mac OS X Multiple Vulnerabilities (Security Update 2010-007)NessusMacOS X Local Security Checks
high
50548Mac OS X 10.6.x < 10.6.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
50505FreeBSD : linux-flashplugin -- multiple vulnerabilities (76b597e4-e9c6-11df-9e10-001b2134ef46)NessusFreeBSD Local Security Checks
high
5699Flash Player < 9.0.289 / 10.1.102.64 Multiple Vulnerabilities (APSB10-26)Nessus Network MonitorWeb Clients
medium
50493Flash Player < 9.0.289 / 10.1.102.64 Multiple Vulnerabilities (APSB10-26)NessusWindows
high
50381Adobe Reader 9 <= 9.4 (APSA10-05)NessusWindows
high
50380Adobe Acrobat 9 <= 9.4 (APSA10-05)NessusWindows
high