ID CVE-2010-0378
Summary Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability." Per: http://cwe.mitre.org/data/definitions/416.html CWE-416 Use-After Free Vulnerability Per: http://www.microsoft.com/technet/security/advisory/979267.mspx " Suggested Actions Perform one or both of the following steps: • Uninstall the Adobe Flash Player version 6. • Install the most current version of Flash Player available from Adobe."
References
Vulnerable Configurations
  • cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
CVSS
Base: 9.3 (as of 19-09-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2015-08-03T04:02:08.213-04:00
class vulnerability
contributors
  • name Preeti Subramanian
    organization SecPod Technologies
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Windows XP (x86) SP2 is installed
    oval oval:org.mitre.oval:def:754
  • comment Microsoft Windows XP (x86) SP3 is installed
    oval oval:org.mitre.oval:def:5631
  • comment Microsoft Windows XP x64 Edition SP2 is installed
    oval oval:org.mitre.oval:def:4193
  • comment Adobe Flash Player is installed
    oval oval:org.mitre.oval:def:6700
  • comment ActiveX Control is installed
    oval oval:org.mitre.oval:def:26707
description Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability."
family windows
id oval:org.mitre.oval:def:7580
status accepted
submitted 2010-05-18T02:23:08
title Use-after-free vulnerability in Adobe Flash Player 6.0.79
version 74
refmap via4
cert-vn VU#204889
confirm http://www.microsoft.com/technet/security/advisory/979267.mspx
misc http://secunia.com/secunia_research/2007-77/
sectrack 1023435
secunia 27105
Last major update 19-09-2017 - 01:30
Published 21-01-2010 - 23:30
Last modified 19-09-2017 - 01:30
Back to Top