CVE-2010-3636
First published: Sun Nov 07 2010(Updated: )
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Macromedia Flash Player | >=9.0<9.0.289.0 | |
| Macromedia Flash Player | >=10.0<10.1.102.64 | |
| Apple iOS and macOS | ||
| Linux | ||
| Microsoft Windows | ||
| Oracle Solaris SPARC | ||
| Macromedia Flash Player | <=10.1.95.1 | |
| Android | ||
| All of | ||
| Any of | ||
| Macromedia Flash Player | >=9.0<9.0.289.0 | |
| Macromedia Flash Player | >=10.0<10.1.102.64 | |
| Any of | ||
| Apple iOS and macOS | ||
| Linux kernel | ||
| Microsoft Windows | ||
| Oracle Solaris SPARC | ||
| All of | ||
| Macromedia Flash Player | <=10.1.95.1 | |
| Android |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.adobe.com/support/security/bulletins/apsb10-26.html
- http://support.apple.com/kb/HT4435
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
- http://www.securityfocus.com/bid/44691
- http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html
- http://www.vupen.com/english/advisories/2010/2918
- http://www.redhat.com/support/errata/RHSA-2010-0834.html
- http://secunia.com/advisories/42183
- http://www.redhat.com/support/errata/RHSA-2010-0829.html
- http://www.vupen.com/english/advisories/2010/2903
- http://jvn.jp/en/jp/JVN48425028/index.html
- http://www.vupen.com/english/advisories/2010/2906
- http://www.redhat.com/support/errata/RHSA-2010-0867.html
- http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1
- http://secunia.com/advisories/42926
- http://security.gentoo.org/glsa/glsa-201101-09.xml
- http://www.vupen.com/english/advisories/2011/0173
- http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html
- http://secunia.com/advisories/43026
- http://www.vupen.com/english/advisories/2011/0192
- http://marc.info/?l=bugtraq&m=130331642631603&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142
Frequently Asked Questions
What is the severity of CVE-2010-3636?
CVE-2010-3636 has a medium severity rating due to its potential for allowing remote web servers to bypass access restrictions.
How do I fix CVE-2010-3636?
To fix CVE-2010-3636, users should update Adobe Flash Player to version 10.1.102.64 or later.
What versions of Adobe Flash Player are affected by CVE-2010-3636?
CVE-2010-3636 affects Adobe Flash Player versions before 9.0.289.0 and those in the 10.x series earlier than 10.1.102.64.
Which operating systems are impacted by CVE-2010-3636?
CVE-2010-3636 impacts multiple operating systems including Windows, Mac OS X, Linux, and Solaris.
Are any mobile versions of Adobe Flash Player vulnerable to CVE-2010-3636?
Yes, Adobe Flash Player version 10.1.95.1 on Android is also affected by CVE-2010-3636.
- collector/nvd-historical
- agent/first-publish-date
- agent/event
- agent/type
- agent/references
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/severity
- agent/description
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/adobe
- canonical/macromedia flash player
- version/macromedia flash player/9.0
- version/macromedia flash player/10.0
- vendor/apple
- canonical/apple ios and macos
- vendor/linux
- canonical/linux
- vendor/microsoft
- canonical/microsoft windows
- vendor/sun
- canonical/oracle solaris sparc
- version/macromedia flash player/10.1.95.1
- vendor/google
- canonical/android
- canonical/linux kernel