Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Adobe Flash Player 6 Provided in Windows XP Could Allow Remote Code Execution |
Informations | |||
---|---|---|---|
Name | KB979267 | First vendor Publication | 2010-01-12 |
Vendor | Microsoft | Last vendor Modification | 1970-01-01 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft is aware of reports of vulnerabilities in Adobe Flash Player 6 provided in Windows XP. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time but recommend that users install the latest version of Flash Player provided by Adobe. The Adobe Flash Player 6 was provided with Windows XP and contains multiple vulnerabilities that could allow remote code execution if a user views a specially crafted Web page. Adobe has addressed these vulnerabilities in newer versions of Adobe Flash Player. Microsoft recommends that users of Windows XP with Adobe Flash Player 6 installed update to the most current version of Flash Player available from Adobe. This advisory discusses the following software. What is the scope of the advisory? What is Adobe Flash Player? What causes this threat? How could an attacker exploit the vulnerability? How do I remove Adobe Flash Player 6? How do I install the latest version of Adobe Flash Player? Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of this issue. The following mitigating factors may be helpful in your situation: Perform one or both of the following steps: All customers should apply the most recent security updates released by Microsoft to help ensure that their systems are protected from attempted exploitation. Customers who have enabled Automatic Updates will automatically receive all Windows updates. For more information about Microsoft security updates, visit Microsoft Security Central. We continue to encourage customers to follow our Protect Your Computer guidance of enabling a firewall, getting software updates and installing antivirus software. Customers can learn more about these steps by visiting Protect Your Computer. All Windows users should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit Windows Update, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have Automatic Updates enabled, the updates are delivered to you when they are released, but you have to make sure you install them. |
Original Source
Url : http://www.microsoft.com/technet/security/advisory/979267.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-416 | Use After Free |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14146 | |||
Oval ID: | oval:org.mitre.oval:def:14146 | ||
Title: | Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not related to the use-after-free "Movie Unloading Vulnerability" (CVE-2010-0378). NOTE: due to lack of details, it is not clear whether this overlaps any other CVE item. | ||
Description: | Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not related to the use-after-free "Movie Unloading Vulnerability" (CVE-2010-0378). NOTE: due to lack of details, it is not clear whether this overlaps any other CVE item. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0379 | Version: | 15 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | Adobe Flash Player |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7580 | |||
Oval ID: | oval:org.mitre.oval:def:7580 | ||
Title: | Use-after-free vulnerability in Adobe Flash Player 6.0.79 | ||
Description: | Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0378 | Version: | 13 |
Platform(s): | Microsoft Windows XP Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | Adobe Flash Player |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 | |
Os | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2010-01-13 | Name : Adobe Flash Player Remote Code Execution Vulnerability (WinXP) File : nvt/gb_adobe_flash_player_remote_code_exec_vuln_winxp.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
61906 | Adobe Flash Player on Windows ActiveX Unspecified Arbitrary Remote Code Execu... |
61905 | Adobe Flash Player on Windows Use-after-free Movie Unloading Memory Corruption |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-01-18 | Name : The Flash ActiveX control installed on the remote Windows host has multiple v... File : smb_kb_979267.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:38:48 |
|