CVE-2010-3976
First published: Tue Oct 19 2010(Updated: )
Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Macromedia Flash Player | <=9.0.277.0 | |
| Macromedia Flash Player | =9.0.16 | |
| Macromedia Flash Player | =9.0.18d60 | |
| Macromedia Flash Player | =9.0.20 | |
| Macromedia Flash Player | =9.0.20.0 | |
| Macromedia Flash Player | =9.0.28 | |
| Macromedia Flash Player | =9.0.28.0 | |
| Macromedia Flash Player | =9.0.31 | |
| Macromedia Flash Player | =9.0.31.0 | |
| Macromedia Flash Player | =9.0.45.0 | |
| Macromedia Flash Player | =9.0.47.0 | |
| Macromedia Flash Player | =9.0.48.0 | |
| Macromedia Flash Player | =9.0.112.0 | |
| Macromedia Flash Player | =9.0.114.0 | |
| Macromedia Flash Player | =9.0.115.0 | |
| Macromedia Flash Player | =9.0.124.0 | |
| Macromedia Flash Player | =9.0.125.0 | |
| Macromedia Flash Player | =9.0.151.0 | |
| Macromedia Flash Player | =9.0.152.0 | |
| Macromedia Flash Player | =9.0.155.0 | |
| Macromedia Flash Player | =9.0.159.0 | |
| Macromedia Flash Player | =9.0.246.0 | |
| Macromedia Flash Player | =9.0.260.0 | |
| Macromedia Flash Player | =9.0.262.0 | |
| Microsoft Windows Operating System | ||
| Macromedia Flash Player | <=10.1.92.10 | |
| Macromedia Flash Player | =10.0.0.584 | |
| Macromedia Flash Player | =10.0.12.10 | |
| Macromedia Flash Player | =10.0.12.36 | |
| Macromedia Flash Player | =10.0.15.3 | |
| Macromedia Flash Player | =10.0.22.87 | |
| Macromedia Flash Player | =10.0.32.18 | |
| Macromedia Flash Player | =10.0.42.34 | |
| Macromedia Flash Player | =10.0.45.2 | |
| Macromedia Flash Player | =10.1.52.14.1 | |
| Macromedia Flash Player | =10.1.52.15 | |
| Macromedia Flash Player | =10.1.53.64 | |
| Macromedia Flash Player | =10.1.82.76 | |
| Macromedia Flash Player | =10.1.85.3 | |
| Macromedia Flash Player | =10.1.92.8 | |
| Macromedia Flash Player | =10.1.95.1 | |
| Macromedia Flash Player | =10.1.95.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29
- http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00070.html
- http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt
- http://www.securityfocus.com/bid/44671
- http://www.adobe.com/support/security/bulletins/apsb10-26.html
- http://support.apple.com/kb/HT4435
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
- http://www.vupen.com/english/advisories/2010/2903
- http://security.gentoo.org/glsa/glsa-201101-09.xml
- http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html
- http://www.vupen.com/english/advisories/2011/0192
- http://secunia.com/advisories/43026
- http://marc.info/?l=bugtraq&m=130331642631603&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6926
- http://www.securityfocus.com/archive/1/514653/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2010-3976?
CVE-2010-3976 is classified as a critical vulnerability due to its ability to allow arbitrary code execution through DLL hijacking.
How do I fix CVE-2010-3976?
To fix CVE-2010-3976, users should update Adobe Flash Player to the latest version that is not affected by this vulnerability.
What systems are affected by CVE-2010-3976?
CVE-2010-3976 affects Adobe Flash Player versions prior to 9.0.289.0 and 10.x versions before 10.1.102.64 running on Windows.
Can CVE-2010-3976 be exploited remotely?
Yes, CVE-2010-3976 can potentially be exploited by remote attackers if a user opens a malicious file.
What type of attacks can CVE-2010-3976 facilitate?
CVE-2010-3976 can facilitate DLL hijacking attacks, allowing attackers to execute arbitrary code on the affected machine.
- collector/nvd-historical
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/macromedia flash player
- version/macromedia flash player/9.0.277.0
- version/macromedia flash player/9.0.16
- version/macromedia flash player/9.0.18d60
- version/macromedia flash player/9.0.20
- version/macromedia flash player/9.0.20.0
- version/macromedia flash player/9.0.28
- version/macromedia flash player/9.0.28.0
- version/macromedia flash player/9.0.31
- version/macromedia flash player/9.0.31.0
- version/macromedia flash player/9.0.45.0
- version/macromedia flash player/9.0.47.0
- version/macromedia flash player/9.0.48.0
- version/macromedia flash player/9.0.112.0
- version/macromedia flash player/9.0.114.0
- version/macromedia flash player/9.0.115.0
- version/macromedia flash player/9.0.124.0
- version/macromedia flash player/9.0.125.0
- version/macromedia flash player/9.0.151.0
- version/macromedia flash player/9.0.152.0
- version/macromedia flash player/9.0.155.0
- version/macromedia flash player/9.0.159.0
- version/macromedia flash player/9.0.246.0
- version/macromedia flash player/9.0.260.0
- version/macromedia flash player/9.0.262.0
- vendor/microsoft
- canonical/microsoft windows operating system
- version/macromedia flash player/10.1.92.10
- version/macromedia flash player/10.0.0.584
- version/macromedia flash player/10.0.12.10
- version/macromedia flash player/10.0.12.36
- version/macromedia flash player/10.0.15.3
- version/macromedia flash player/10.0.22.87
- version/macromedia flash player/10.0.32.18
- version/macromedia flash player/10.0.42.34
- version/macromedia flash player/10.0.45.2
- version/macromedia flash player/10.1.52.14.1
- version/macromedia flash player/10.1.52.15
- version/macromedia flash player/10.1.53.64
- version/macromedia flash player/10.1.82.76
- version/macromedia flash player/10.1.85.3
- version/macromedia flash player/10.1.92.8
- version/macromedia flash player/10.1.95.1
- version/macromedia flash player/10.1.95.2