Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Flash Player < 9.0.289 / Multiple Vulnerabilities (APSB10-26)



The remote host contains a browser plugin that is vulnerable to multiple attack vectors.


The remote host has Adobe Flash Player installed. Versions of Flash Player 9.x earlier than 9.0.289 and 10.x earlier than are potentially affected by multiple vulnerabilities :

- A memory corruption vulnerability exists that could lead to code execution. Note that there are reports that this is being actively exploited in the wild. (CVE-2010-3654) - An input validation issue exists that could lead to a bypass of cross-domain policy file restrictions with certain server encodings. (CVE-2010-3636) - A memory corruption vulnerability exists in the ActiveX component. (CVE-2010-3637) - An unspecified information disclosure vulnerability exists. Note that this issue only affects Flash Player on Safari. (CVE-2010-3638) - An unspecified issue exists which could lead to a denial-of-service or potentially arbitrary code execution. (CVE-2010-3639) - Multiple memory corruption issues exists that could lead to arbitrary code execution. (CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652) - A library-loading vulnerability could lead to code execution. (CVE-2010-3639)


Upgrade to Flash Player / 9.0.289 or later.