Executive Summary
Summary | |
---|---|
Title | flash-plugin security update |
Informations | |||
---|---|---|---|
Name | RHSA-2010:0624 | First vendor Publication | 2010-08-11 |
Vendor | RedHat | Last vendor Modification | 2010-08-11 |
Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3 and 4 Extras. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 3 Extras - i386 Red Hat Desktop version 4 Extras - i386 Red Hat Enterprise Linux AS version 3 Extras - i386 Red Hat Enterprise Linux AS version 4 Extras - i386 Red Hat Enterprise Linux ES version 3 Extras - i386 Red Hat Enterprise Linux ES version 4 Extras - i386 Red Hat Enterprise Linux WS version 3 Extras - i386 Red Hat Enterprise Linux WS version 4 Extras - i386 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB10-16, listed in the References section. Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2010-0209, CVE-2010-2213, CVE-2010-2214, CVE-2010-2216) A clickjacking flaw was discovered in flash-plugin. A specially-crafted SWF file could trick a user into unintentionally or mistakenly clicking a link or a dialog. (CVE-2010-2215) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 9.0.280.0. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 622947 - CVE-2010-0209 CVE-2010-2213 CVE-2010-2214 CVE-2010-2215 CVE-2010-2216 flash-plugin: multiple security flaws (APSB10-16) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2010-0624.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10983 | |||
Oval ID: | oval:org.mitre.oval:def:10983 | ||
Title: | Adobe Flash Player and AIR Unspecified Multiple Memory Corruption Vulnerabilities | ||
Description: | Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2214, and CVE-2010-2216. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2213 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | Adobe Flash Player Adobe AIR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11461 | |||
Oval ID: | oval:org.mitre.oval:def:11461 | ||
Title: | Adobe Flash Player and AIR Unspecified Memory Corruption Vulnerability | ||
Description: | Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2213, CVE-2010-2214, and CVE-2010-2216. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0209 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | Adobe Flash Player Adobe AIR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11532 | |||
Oval ID: | oval:org.mitre.oval:def:11532 | ||
Title: | Adobe Flash Player and AIR Unspecified Click-jacking Vulnerability | ||
Description: | Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "click-jacking" issue. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2215 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | Adobe Flash Player Adobe AIR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11971 | |||
Oval ID: | oval:org.mitre.oval:def:11971 | ||
Title: | Adobe Flash Player and AIR Unspecified Memory Corruption Vulnerability | ||
Description: | Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2216. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2214 | Version: | 16 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | Adobe Flash Player Adobe AIR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11977 | |||
Oval ID: | oval:org.mitre.oval:def:11977 | ||
Title: | Adobe Flash Player and AIR Unspecified Memory Corruption Vulnerability | ||
Description: | Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2214. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2216 | Version: | 16 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | Adobe Flash Player Adobe AIR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15966 | |||
Oval ID: | oval:org.mitre.oval:def:15966 | ||
Title: | Adobe Flash Player and AIR Unspecified Memory Corruption Vulnerability | ||
Description: | Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2216. | ||
Family: | macos | Class: | vulnerability |
Reference(s): | CVE-2010-2214 | Version: | 3 |
Platform(s): | Apple Mac OS X | Product(s): | Adobe Flash Player Adobe AIR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16020 | |||
Oval ID: | oval:org.mitre.oval:def:16020 | ||
Title: | Adobe Flash Player and AIR Unspecified Multiple Memory Corruption Vulnerabilities | ||
Description: | Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2214, and CVE-2010-2216. | ||
Family: | macos | Class: | vulnerability |
Reference(s): | CVE-2010-2213 | Version: | 3 |
Platform(s): | Apple Mac OS X | Product(s): | Adobe Flash Player Adobe AIR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16106 | |||
Oval ID: | oval:org.mitre.oval:def:16106 | ||
Title: | Adobe Flash Player and AIR Unspecified Memory Corruption Vulnerability | ||
Description: | Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2213, CVE-2010-2214, and CVE-2010-2216. | ||
Family: | macos | Class: | vulnerability |
Reference(s): | CVE-2010-0209 | Version: | 3 |
Platform(s): | Apple Mac OS X | Product(s): | Adobe Flash Player Adobe AIR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16177 | |||
Oval ID: | oval:org.mitre.oval:def:16177 | ||
Title: | Adobe Flash Player and AIR Unspecified Memory Corruption Vulnerability | ||
Description: | Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2214. | ||
Family: | macos | Class: | vulnerability |
Reference(s): | CVE-2010-2216 | Version: | 3 |
Platform(s): | Apple Mac OS X | Product(s): | Adobe Flash Player Adobe AIR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16192 | |||
Oval ID: | oval:org.mitre.oval:def:16192 | ||
Title: | Adobe Flash Player and AIR Unspecified Click-jacking Vulnerability | ||
Description: | Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "click-jacking" issue. | ||
Family: | macos | Class: | vulnerability |
Reference(s): | CVE-2010-2215 | Version: | 3 |
Platform(s): | Apple Mac OS X | Product(s): | Adobe Flash Player Adobe AIR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22378 | |||
Oval ID: | oval:org.mitre.oval:def:22378 | ||
Title: | RHSA-2010:0623: flash-plugin security update (Critical) | ||
Description: | Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2214. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0623-01 CVE-2010-0209 CVE-2010-2213 CVE-2010-2214 CVE-2010-2215 CVE-2010-2216 | Version: | 68 |
Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | flash-plugin |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22822 | |||
Oval ID: | oval:org.mitre.oval:def:22822 | ||
Title: | ELSA-2010:0623: flash-plugin security update (Critical) | ||
Description: | Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2214. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0623-01 CVE-2010-0209 CVE-2010-2213 CVE-2010-2214 CVE-2010-2215 CVE-2010-2216 | Version: | 25 |
Platform(s): | Oracle Linux 5 | Product(s): | flash-plugin |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-09-07 | Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007) File : nvt/gb_macosx_su10-007.nasl |
2011-03-09 | Name : Gentoo Security Advisory GLSA 201101-09 (adobe-flash) File : nvt/glsa_201101_09.nasl |
2010-09-10 | Name : SuSE Update for acroread SUSE-SA:2010:037 File : nvt/gb_suse_2010_037.nasl |
2010-08-21 | Name : FreeBSD Ports: linux-flashplugin File : nvt/freebsd_linux-flashplugin9.nasl |
2010-08-16 | Name : Adobe Flash Player/Air Multiple Vulnerabilities - August10 (Linux) File : nvt/gb_adobe_prdts_mult_dos_vuln_aug10_lin.nasl |
2010-08-16 | Name : Adobe Flash Player/Air Multiple Vulnerabilities - August10 (Win) File : nvt/gb_adobe_prdts_mult_dos_vuln_aug10_win.nasl |
2010-08-16 | Name : SuSE Update for flash-player SUSE-SA:2010:034 File : nvt/gb_suse_2010_034.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
67062 | Adobe Flash Player Unspecified Memory Corruption (2010-2213) |
67061 | Adobe Flash Player Unspecified Memory Corruption (2010-2214) |
67060 | Adobe Flash Player Unspecified Clickjacking (2010-2215) |
67059 | Adobe Flash Player Multiple Unspecified Memory Corruption (2010-2216) |
67057 | Adobe Flash Player ActionScript AVM1 ActionPush Command Arbitrary Code Execution |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Adobe Flash Player undefined tag exploit attempt RuleID : 18805 - Revision : 10 - Type : FILE-FLASH |
2014-01-10 | Adobe Flash Player SWF ActionScript exploit attempt RuleID : 17142 - Revision : 12 - Type : FILE-FLASH |
2014-01-10 | Adobe Flash invalid data precision arbitrary code execution exploit attempt RuleID : 17141 - Revision : 11 - Type : FILE-FLASH |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_flash-player-100811.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_acroread-100826.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0623.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0624.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread_ja-7132.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-7131.nasl - Type : ACT_GATHER_INFO |
2011-01-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201101-09.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_flash-player-100811.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_acroread_ja-100825.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_acroread-100825.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes security issues. File : macosx_SecUpd2010-007.nasl - Type : ACT_GATHER_INFO |
2010-09-02 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_acroread-100826.nasl - Type : ACT_GATHER_INFO |
2010-09-02 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_acroread-100826.nasl - Type : ACT_GATHER_INFO |
2010-08-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0636.nasl - Type : ACT_GATHER_INFO |
2010-08-19 | Name : The version of Adobe Acrobat on the remote Windows host is affected by multip... File : adobe_acrobat_apsb10-17.nasl - Type : ACT_GATHER_INFO |
2010-08-19 | Name : The version of Adobe Reader on the remote Windows host is affected by multipl... File : adobe_reader_apsb10-17.nasl - Type : ACT_GATHER_INFO |
2010-08-14 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e19e74a4a71211dfb234001b2134ef46.nasl - Type : ACT_GATHER_INFO |
2010-08-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_flash-player-100811.nasl - Type : ACT_GATHER_INFO |
2010-08-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_flash-player-100811.nasl - Type : ACT_GATHER_INFO |
2010-08-11 | Name : The remote Windows host contains a browser plug-in that is affected by multip... File : flash_player_apsb10-16.nasl - Type : ACT_GATHER_INFO |
2010-08-11 | Name : The remote Windows host contains a version of Adobe AIR that is affected by m... File : adobe_air_apsb10-16.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:53:44 |
|