CVE-2010-2188: Buffer Overflow
First published: Tue Jun 15 2010(Updated: )
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Macromedia Flash Player | =9.0.16 | |
| Macromedia Flash Player | =9.0.20 | |
| Macromedia Flash Player | =9.0.20.0 | |
| Macromedia Flash Player | =9.0.28 | |
| Macromedia Flash Player | =9.0.28.0 | |
| Macromedia Flash Player | =9.0.31 | |
| Macromedia Flash Player | =9.0.31.0 | |
| Macromedia Flash Player | =9.0.45.0 | |
| Macromedia Flash Player | =9.0.47.0 | |
| Macromedia Flash Player | =9.0.48.0 | |
| Macromedia Flash Player | =9.0.115.0 | |
| Macromedia Flash Player | =9.0.124.0 | |
| Macromedia Flash Player | =9.0.125.0 | |
| Macromedia Flash Player | =9.0.151.0 | |
| Macromedia Flash Player | =9.0.152.0 | |
| Macromedia Flash Player | =9.0.159.0 | |
| Macromedia Flash Player | =9.0.246.0 | |
| Macromedia Flash Player | =9.0.260.0 | |
| Macromedia Flash Player | =9.0.262.0 | |
| Macromedia Flash Player | <=10.0.45.2 | |
| Macromedia Flash Player | =10.0.0.584 | |
| Macromedia Flash Player | =10.0.12.10 | |
| Macromedia Flash Player | =10.0.12.36 | |
| Macromedia Flash Player | =10.0.15.3 | |
| Macromedia Flash Player | =10.0.22.87 | |
| Macromedia Flash Player | =10.0.32.18 | |
| Macromedia Flash Player | =10.0.42.34 | |
| Macromedia Flash Player | =6.0.79 | |
| Macromedia Flash Player | =7.0 | |
| Macromedia Flash Player | =7.0.1 | |
| Macromedia Flash Player | =7.0.14.0 | |
| Macromedia Flash Player | =7.0.19.0 | |
| Macromedia Flash Player | =7.0.24.0 | |
| Macromedia Flash Player | =7.0.25 | |
| Macromedia Flash Player | =7.0.53.0 | |
| Macromedia Flash Player | =7.0.60.0 | |
| Macromedia Flash Player | =7.0.61.0 | |
| Macromedia Flash Player | =7.0.63 | |
| Macromedia Flash Player | =7.0.66.0 | |
| Macromedia Flash Player | =7.0.67.0 | |
| Macromedia Flash Player | =7.0.68.0 | |
| Macromedia Flash Player | =7.0.69.0 | |
| Macromedia Flash Player | =7.0.70.0 | |
| Macromedia Flash Player | =7.0.73.0 | |
| Macromedia Flash Player | =7.1 | |
| Macromedia Flash Player | =7.1.1 | |
| Macromedia Flash Player | =7.2 | |
| Macromedia Flash Player | =8.0 | |
| Macromedia Flash Player | =8.0.22.0 | |
| Macromedia Flash Player | =8.0.24.0 | |
| Macromedia Flash Player | =8.0.33.0 | |
| Macromedia Flash Player | =8.0.34.0 | |
| Macromedia Flash Player | =8.0.35.0 | |
| Macromedia Flash Player | =8.0.39.0 | |
| Macromedia Flash Player | =8.0.42.0 | |
| Adobe Flash Player | =5.0 | |
| Adobe Flash Player | =5.0.30.0 | |
| Adobe Flash Player | =5.0.41.0 | |
| Adobe Flash Player | =5.0.42.0 | |
| Adobe Flash Player | =5.0.58.0 | |
| Adobe | <=1.5.3.9130 | |
| Adobe | =1.0 | |
| Adobe | =1.1 | |
| Adobe | =1.5 | |
| Adobe | =1.5.1 | |
| Adobe | =1.5.2 | |
| Adobe | =1.5.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/40759
- http://securitytracker.com/id?1024085
- http://www.adobe.com/support/security/bulletins/apsb10-14.html
- http://securitytracker.com/id?1024086
- http://www.redhat.com/support/errata/RHSA-2010-0464.html
- http://www.redhat.com/support/errata/RHSA-2010-0470.html
- http://www.securityfocus.com/bid/40798
- http://www.us-cert.gov/cas/techalerts/TA10-162A.html
- http://www.vupen.com/english/advisories/2010/1453
- http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html
- http://www.vupen.com/english/advisories/2010/1421
- http://www.vupen.com/english/advisories/2010/1432
- http://www.vupen.com/english/advisories/2010/1434
- http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
- http://www.vupen.com/english/advisories/2010/1482
- http://secunia.com/advisories/40144
- http://www.vupen.com/english/advisories/2010/1522
- http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt
- http://www.zerodayinitiative.com/advisories/ZDI-10-111
- http://secunia.com/advisories/40545
- http://www.vupen.com/english/advisories/2010/1793
- http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
- http://www.adobe.com/support/security/bulletins/apsb10-16.html
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
- http://support.apple.com/kb/HT4435
- http://security.gentoo.org/glsa/glsa-201101-09.xml
- http://secunia.com/advisories/43026
- http://www.vupen.com/english/advisories/2011/0192
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59337
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6946
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16271
- http://www.securityfocus.com/archive/1/511924/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2010-2188?
CVE-2010-2188 has been classified as a high severity vulnerability due to its potential to cause denial of service and allow arbitrary code execution.
How do I fix CVE-2010-2188?
To fix CVE-2010-2188, users should upgrade to Adobe Flash Player version 10.1.53.64 or later, or Adobe AIR version 2.0.2.12610 or later.
What systems are affected by CVE-2010-2188?
CVE-2010-2188 affects Adobe Flash Player versions prior to 9.0.277.0 and 10.x before 10.1.53.64, as well as Adobe AIR before version 2.0.2.12610.
Can CVE-2010-2188 lead to data loss?
Yes, exploitation of CVE-2010-2188 can potentially lead to memory corruption which may cause data loss.
Is it safe to use older versions of Adobe Flash Player with CVE-2010-2188?
Using older versions of Adobe Flash Player with CVE-2010-2188 is not safe as they are vulnerable to denial of service and arbitrary code execution.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/adobe
- canonical/macromedia flash player
- version/macromedia flash player/9.0.16
- version/macromedia flash player/9.0.20
- version/macromedia flash player/9.0.20.0
- version/macromedia flash player/9.0.28
- version/macromedia flash player/9.0.28.0
- version/macromedia flash player/9.0.31
- version/macromedia flash player/9.0.31.0
- version/macromedia flash player/9.0.45.0
- version/macromedia flash player/9.0.47.0
- version/macromedia flash player/9.0.48.0
- version/macromedia flash player/9.0.115.0
- version/macromedia flash player/9.0.124.0
- version/macromedia flash player/9.0.125.0
- version/macromedia flash player/9.0.151.0
- version/macromedia flash player/9.0.152.0
- version/macromedia flash player/9.0.159.0
- version/macromedia flash player/9.0.246.0
- version/macromedia flash player/9.0.260.0
- version/macromedia flash player/9.0.262.0
- version/macromedia flash player/10.0.45.2
- version/macromedia flash player/10.0.0.584
- version/macromedia flash player/10.0.12.10
- version/macromedia flash player/10.0.12.36
- version/macromedia flash player/10.0.15.3
- version/macromedia flash player/10.0.22.87
- version/macromedia flash player/10.0.32.18
- version/macromedia flash player/10.0.42.34
- version/macromedia flash player/6.0.79
- version/macromedia flash player/7.0
- version/macromedia flash player/7.0.1
- version/macromedia flash player/7.0.14.0
- version/macromedia flash player/7.0.19.0
- version/macromedia flash player/7.0.24.0
- version/macromedia flash player/7.0.25
- version/macromedia flash player/7.0.53.0
- version/macromedia flash player/7.0.60.0
- version/macromedia flash player/7.0.61.0
- version/macromedia flash player/7.0.63
- version/macromedia flash player/7.0.66.0
- version/macromedia flash player/7.0.67.0
- version/macromedia flash player/7.0.68.0
- version/macromedia flash player/7.0.69.0
- version/macromedia flash player/7.0.70.0
- version/macromedia flash player/7.0.73.0
- version/macromedia flash player/7.1
- version/macromedia flash player/7.1.1
- version/macromedia flash player/7.2
- version/macromedia flash player/8.0
- version/macromedia flash player/8.0.22.0
- version/macromedia flash player/8.0.24.0
- version/macromedia flash player/8.0.33.0
- version/macromedia flash player/8.0.34.0
- version/macromedia flash player/8.0.35.0
- version/macromedia flash player/8.0.39.0
- version/macromedia flash player/8.0.42.0
- vendor/macromedia
- canonical/adobe flash player
- version/adobe flash player/5.0
- version/adobe flash player/5.0.30.0
- version/adobe flash player/5.0.41.0
- version/adobe flash player/5.0.42.0
- version/adobe flash player/5.0.58.0
- canonical/adobe
- version/adobe/1.5.3.9130
- version/adobe/1.0
- version/adobe/1.1
- version/adobe/1.5
- version/adobe/1.5.1
- version/adobe/1.5.2
- version/adobe/1.5.3