CVE-2010-3636

Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.adobe.com/support/security/bulletins/apsb10-26.html	Patch Vendor Advisory
http://support.apple.com/kb/HT4435	Third Party Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/44691	Third Party Advisory VDB Entry
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html	Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2010/2918	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0834.html	Third Party Advisory
http://secunia.com/advisories/42183	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0829.html	Third Party Advisory
http://www.vupen.com/english/advisories/2010/2903	Third Party Advisory
http://jvn.jp/en/jp/JVN48425028/index.html	Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2010/2906	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0867.html	Third Party Advisory
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1	Broken Link
http://secunia.com/advisories/42926	Third Party Advisory
http://security.gentoo.org/glsa/glsa-201101-09.xml	Third Party Advisory
http://www.vupen.com/english/advisories/2011/0173	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html	Third Party Advisory
http://secunia.com/advisories/43026	Third Party Advisory
http://www.vupen.com/english/advisories/2011/0192	Third Party Advisory
http://marc.info/?l=bugtraq&m=130331642631603&w=2	Mailing List Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:adobe:flash_player::::::::
	cpe:2.3:a:adobe:flash_player::::::::

OR	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:linux:linux:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*
	cpe:2.3:o:sun:solaris:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

Information

Published : 2010-11-07 14:00

Updated : 2019-10-09 16:01

NVD link : CVE-2010-3636

Mitre link : CVE-2010-3636

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

google

android

microsoft

windows

sun

solaris

linux

linux

apple

mac_os_x

adobe

flash_player

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html", "name": "http://www.adobe.com/support/security/bulletins/apsb10-26.html", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://support.apple.com/kb/HT4435", "name": "http://support.apple.com/kb/HT4435", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html", "name": "APPLE-SA-2010-11-10-1", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "APPLE"}, {"url": "http://www.securityfocus.com/bid/44691", "name": "44691", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html", "name": "JVNDB-2010-000054", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "JVNDB"}, {"url": "http://www.vupen.com/english/advisories/2010/2918", "name": "ADV-2010-2918", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0834.html", "name": "RHSA-2010:0834", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/42183", "name": "42183", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0829.html", "name": "RHSA-2010:0829", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.vupen.com/english/advisories/2010/2903", "name": "ADV-2010-2903", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "http://jvn.jp/en/jp/JVN48425028/index.html", "name": "JVN#48425028", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "JVN"}, {"url": "http://www.vupen.com/english/advisories/2010/2906", "name": "ADV-2010-2906", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0867.html", "name": "RHSA-2010:0867", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1", "name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1", "tags": ["Broken Link"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/42926", "name": "42926", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml", "name": "GLSA-201101-09", "tags": ["Third Party Advisory"], "refsource": "GENTOO"}, {"url": "http://www.vupen.com/english/advisories/2011/0173", "name": "ADV-2011-0173", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html", "name": "SUSE-SA:2010:055", "tags": ["Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/43026", "name": "43026", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2011/0192", "name": "ADV-2011-0192", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2", "name": "SSRT100428", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "HP"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913", "name": "oval:org.mitre.oval:def:15913", "tags": ["Third Party Advisory"], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142", "name": "oval:org.mitre.oval:def:12142", "tags": ["Third Party Advisory"], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-3636", "ASSIGNER": "psirt@adobe.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-11-07T22:00Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "9.0.289.0", "versionStartIncluding": "9.0"}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "10.1.102.64", "versionStartIncluding": "10.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:sun:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "10.1.95.1"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-10-09T23:01Z"}

9.3 /10