CVE-2010-3636

high

Description

Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142

http://www.vupen.com/english/advisories/2011/0192

http://www.vupen.com/english/advisories/2011/0173

http://www.vupen.com/english/advisories/2010/2918

http://www.vupen.com/english/advisories/2010/2906

http://www.vupen.com/english/advisories/2010/2903

http://www.securityfocus.com/bid/44691

http://www.redhat.com/support/errata/RHSA-2010-0867.html

http://www.redhat.com/support/errata/RHSA-2010-0834.html

http://www.redhat.com/support/errata/RHSA-2010-0829.html

http://www.adobe.com/support/security/bulletins/apsb10-26.html

http://support.apple.com/kb/HT4435

http://security.gentoo.org/glsa/glsa-201101-09.xml

http://secunia.com/advisories/43026

http://secunia.com/advisories/42926

http://secunia.com/advisories/42183

http://marc.info/?l=bugtraq&m=130331642631603&w=2

http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html

http://jvn.jp/en/jp/JVN48425028/index.html

Details

Source: Mitre, NVD

Published: 2010-11-07

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High