CVE-2010-3636
First published: Sun Nov 07 2010(Updated: )
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors.
Credit: psirt@adobe.com psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Flash Player | >=9.0<9.0.289.0 | |
| Adobe Flash Player | >=10.0<10.1.102.64 | |
| Apple Mac OS X | ||
| Linux Linux | ||
| Microsoft Windows | ||
| Sun Solaris | ||
| Adobe Flash Player | <=10.1.95.1 | |
| Google Android | ||
| All of | ||
| Any of | ||
| Adobe Flash Player | >=9.0<9.0.289.0 | |
| Adobe Flash Player | >=10.0<10.1.102.64 | |
| Any of | ||
| Apple Mac OS X | ||
| Linux Linux kernel | ||
| Microsoft Windows | ||
| Sun Solaris | ||
| All of | ||
| Adobe Flash Player | <=10.1.95.1 | |
| Google Android |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.adobe.com/support/security/bulletins/apsb10-26.html
- http://support.apple.com/kb/HT4435
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
- http://www.securityfocus.com/bid/44691
- http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html
- http://www.vupen.com/english/advisories/2010/2918
- http://www.redhat.com/support/errata/RHSA-2010-0834.html
- http://secunia.com/advisories/42183
- http://www.redhat.com/support/errata/RHSA-2010-0829.html
- http://www.vupen.com/english/advisories/2010/2903
- http://jvn.jp/en/jp/JVN48425028/index.html
- http://www.vupen.com/english/advisories/2010/2906
- http://www.redhat.com/support/errata/RHSA-2010-0867.html
- http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1
- http://secunia.com/advisories/42926
- http://security.gentoo.org/glsa/glsa-201101-09.xml
- http://www.vupen.com/english/advisories/2011/0173
- http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html
- http://secunia.com/advisories/43026
- http://www.vupen.com/english/advisories/2011/0192
- http://marc.info/?l=bugtraq&m=130331642631603&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142
- collector/nvd-historical
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/remedy
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/description
- agent/event
- agent/type
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/adobe
- canonical/adobe flash player
- version/adobe flash player/9.0
- version/adobe flash player/10.0
- vendor/apple
- canonical/apple mac os x
- vendor/linux
- canonical/linux linux
- vendor/microsoft
- canonical/microsoft windows
- vendor/sun
- canonical/sun solaris
- version/adobe flash player/10.1.95.1
- vendor/google
- canonical/google android
- canonical/linux linux kernel