| VID |
28287 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Adobe Flash Player that is earlier than 10.1.102.64 / 9.0.289. Such versions are affected by multiple vulnerabilities.
- A memory corruption vulnerability exists that could lead to code execution. Note that there are reports that this is being actively exploited in the wild. (CVE-2010-3654)
- An input validation issue exists that could lead to a bypass of cross-domain policy file restrictions with certain server encodings. (CVE-2010-3636)
- A memory corruption vulnerability exists in the ActiveX component. (CVE-2010-3637)
- An unspecified issue exists which could lead to a denial-of-service or potentially arbitrary code execution. (CVE-2010-3639)
- Multiple memory corruption issues exist that could lead to arbitrary code execution. (CVE-2010-3640,CVE-2010-3641, CVE-2010-3642, CVE-2010-3643,CVE-2010-3644, CVE-2010-3645, CVE-2010-3646,CVE-2010-3647, CVE-2010-3648, CVE-2010-3649,CVE-2010-3650, CVE-2010-3652)
- A library-loading vulnerability could lead to code execution. (CVE-2010-3976)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.adobe.com/support/security/bulletins/apsb10-26.html
* Platforms Affected:
Adobe Flash Player 9.0.289 and 10.1.102.64 and earlier 9.x and 10.x versions.
Apple Mac OS X Any version
Linux Any version
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Adobe Flash Player (9.0.289.0 or 10.1.102.64 or later), available from the Adobe Web site at http://get.adobe.com/kr/air/ |
| Related URL |
CVE-2010-3636,CVE-2010-3637,CVE-2010-3639,CVE-2010-3640,CVE-2010-3641,CVE-2010-3642,CVE-2010-3643,CVE-2010-3644,CVE-2010-3645,CVE-2010-3646 (CVE) |
| Related URL |
44504,44671,44691,44692 (SecurityFocus) |
| Related URL |
(ISS) |
|
