CVE-2010-3636

Sažetak

Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors.

Reference

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1
http://jvn.jp/en/jp/JVN48425028/index.html
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html
http://marc.info/?l=bugtraq&m=130331642631603&w=2
http://secunia.com/advisories/42183
http://secunia.com/advisories/42926
http://secunia.com/advisories/43026
http://security.gentoo.org/glsa/glsa-201101-09.xml
http://support.apple.com/kb/HT4435
http://www.adobe.com/support/security/bulletins/apsb10-26.html
http://www.redhat.com/support/errata/RHSA-2010-0829.html
http://www.redhat.com/support/errata/RHSA-2010-0834.html
http://www.redhat.com/support/errata/RHSA-2010-0867.html
http://www.securityfocus.com/bid/44691
http://www.vupen.com/english/advisories/2010/2903
http://www.vupen.com/english/advisories/2010/2906
http://www.vupen.com/english/advisories/2010/2918
http://www.vupen.com/english/advisories/2011/0173
http://www.vupen.com/english/advisories/2011/0192
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

17-05-2024 - 17:27

Objavljeno

07-11-2010 - 22:00