CVE-2010-2179

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.adobe.com/support/security/bulletins/apsb10-14.html	Broken Link Patch Third Party Advisory Vendor Advisory
http://securitytracker.com/id?1024085	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/40759	Broken Link VDB Entry
http://securitytracker.com/id?1024086	Broken Link VDB Entry
http://www.redhat.com/support/errata/RHSA-2010-0470.html	Broken Link Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0464.html	Broken Link Third Party Advisory
http://www.securityfocus.com/bid/40808	Broken Link VDB Entry
http://www.vupen.com/english/advisories/2010/1453	Broken Link
http://www.us-cert.gov/cas/techalerts/TA10-162A.html	Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2010/1434	Broken Link
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html	Third Party Advisory
http://www.vupen.com/english/advisories/2010/1482	Broken Link
http://www.vupen.com/english/advisories/2010/1432	Broken Link
http://secunia.com/advisories/40144	Broken Link
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html	Third Party Advisory
http://www.vupen.com/english/advisories/2010/1421	Broken Link
http://www.vupen.com/english/advisories/2010/1522	Broken Link
http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt	Broken Link
http://secunia.com/advisories/40545	Broken Link
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751	Third Party Advisory
http://www.vupen.com/english/advisories/2010/1793	Broken Link
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html	Mailing List Third Party Advisory
http://support.apple.com/kb/HT4435	Broken Link
http://security.gentoo.org/glsa/glsa-201101-09.xml	Third Party Advisory
http://www.vupen.com/english/advisories/2011/0192	Broken Link
http://secunia.com/advisories/43026	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/59328	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7126	Broken Link

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:adobe:flash_player::::::::
	cpe:2.3:a:adobe:flash_player::::::::

OR	cpe:2.3:a:google:chrome:-:::::::*
	cpe:2.3:a:mozilla:firefox:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:google:chrome:-:::::::*
	cpe:2.3:a:mozilla:firefox:-:::::::*

Information

Published : 2010-06-15 11:00

Updated : 2022-09-15 06:29

NVD link : CVE-2010-2179

Mitre link : CVE-2010-2179

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

mozilla

firefox

adobe

air
flash_player

google

chrome

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html", "name": "http://www.adobe.com/support/security/bulletins/apsb10-14.html", "tags": ["Broken Link", "Patch", "Third Party Advisory", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://securitytracker.com/id?1024085", "name": "1024085", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/40759", "name": "40759", "tags": ["Broken Link", "VDB Entry"], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1024086", "name": "1024086", "tags": ["Broken Link", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html", "name": "RHSA-2010:0470", "tags": ["Broken Link", "Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html", "name": "RHSA-2010:0464", "tags": ["Broken Link", "Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.securityfocus.com/bid/40808", "name": "40808", "tags": ["Broken Link", "VDB Entry"], "refsource": "BID"}, {"url": "http://www.vupen.com/english/advisories/2010/1453", "name": "ADV-2010-1453", "tags": ["Broken Link"], "refsource": "VUPEN"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html", "name": "TA10-162A", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT"}, {"url": "http://www.vupen.com/english/advisories/2010/1434", "name": "ADV-2010-1434", "tags": ["Broken Link"], "refsource": "VUPEN"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html", "name": "SUSE-SA:2010:024", "tags": ["Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://www.vupen.com/english/advisories/2010/1482", "name": "ADV-2010-1482", "tags": ["Broken Link"], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2010/1432", "name": "ADV-2010-1432", "tags": ["Broken Link"], "refsource": "VUPEN"}, {"url": "http://secunia.com/advisories/40144", "name": "40144", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html", "name": "SUSE-SR:2010:013", "tags": ["Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://www.vupen.com/english/advisories/2010/1421", "name": "ADV-2010-1421", "tags": ["Broken Link"], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2010/1522", "name": "ADV-2010-1522", "tags": ["Broken Link"], "refsource": "VUPEN"}, {"url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt", "name": "TLSA-2010-19", "tags": ["Broken Link"], "refsource": "TURBO"}, {"url": "http://secunia.com/advisories/40545", "name": "40545", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751", "name": "SSRT100179", "tags": ["Third Party Advisory"], "refsource": "HP"}, {"url": "http://www.vupen.com/english/advisories/2010/1793", "name": "ADV-2010-1793", "tags": ["Broken Link"], "refsource": "VUPEN"}, {"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html", "name": "APPLE-SA-2010-11-10-1", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "APPLE"}, {"url": "http://support.apple.com/kb/HT4435", "name": "http://support.apple.com/kb/HT4435", "tags": ["Broken Link"], "refsource": "CONFIRM"}, {"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml", "name": "GLSA-201101-09", "tags": ["Third Party Advisory"], "refsource": "GENTOO"}, {"url": "http://www.vupen.com/english/advisories/2011/0192", "name": "ADV-2011-0192", "tags": ["Broken Link"], "refsource": "VUPEN"}, {"url": "http://secunia.com/advisories/43026", "name": "43026", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59328", "name": "adobe-player-air-url-xss(59328)", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7126", "name": "oval:org.mitre.oval:def:7126", "tags": ["Broken Link"], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-2179", "ASSIGNER": "psirt@adobe.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2010-06-15T18:00Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "9.0.277.0"}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "10.1.53.64", "versionStartIncluding": "10.0.0.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.0.2.12610"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-09-15T13:29Z"}

4.3 /10