Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2010-AVI-551
Vulnerability from certfr_avis
Deux vulnérabilités dans Adobe Reader et Acrobat permettent à un utilisateur malveillant d'exécuter du code arbitraire. Leur exploitation peut se faire à distance par l'intermédiaire des greffons dans les navigateurs.
Description
Deux vulnérabilités permettent à un utilisateur malveillant d'exécuter du code arbitraire :
- une corruption de la mémoire affecte uniquement les versions 9.x d'Adobe Reader et d'Acrobat ;
- une autre corruption de la mémoire n'affecte qu'Adobe Reader.
L'exploitation de ces vulnérabilités peut se faire à distance par l'intermédiaire des greffons dans les navigateurs.
Solution
La version 9.4.1 des deux logiciels remédie à ces problèmes.
Le correctif pour Acrobat sur Unix sera publié le 30 novembre 2010.
Le correctif pour la version 8 sera publié ultérieurement.
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adobe Reader et Acrobat 9.x \u00e0 partir de la version 9.2 pour les syst\u00e8mes UNIX.",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Reader et Acrobat 9.x \u00e0 partir de la version 9.2 et 8.x \u00e0 partir de la version 8.1.7, pour les syst\u00e8mes Windows et Macintosh ;",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s permettent \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter\ndu code arbitraire\u00a0:\n\n- une corruption de la m\u00e9moire affecte uniquement les versions 9.x\n d\u0027Adobe Reader et d\u0027Acrobat\u00a0;\n- une autre corruption de la m\u00e9moire n\u0027affecte qu\u0027Adobe Reader.\n\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s peut se faire \u00e0 distance par\nl\u0027interm\u00e9diaire des greffons dans les navigateurs.\n\n## Solution\n\nLa version 9.4.1 des deux logiciels rem\u00e9die \u00e0 ces probl\u00e8mes.\n\nLe correctif pour Acrobat sur Unix sera publi\u00e9 le 30 novembre 2010.\n\nLe correctif pour la version 8 sera publi\u00e9 ult\u00e9rieurement.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-3654",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3654"
},
{
"name": "CVE-2010-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4091"
}
],
"initial_release_date": "2010-11-17T00:00:00",
"last_revision_date": "2010-11-17T00:00:00",
"links": [
{
"title": "Document du CERTA CERTA-2010-ALE-020 du 17 novembre 2010 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-ALE-020/index.html"
}
],
"reference": "CERTA-2010-AVI-551",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-11-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s dans Adobe Reader et Acrobat permettent \u00e0 un\nutilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire. Leur exploitation\npeut se faire \u00e0 distance par l\u0027interm\u00e9diaire des greffons dans les\nnavigateurs.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans Adobe Reader et Acrobat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb10-28 du 16 novembre 2010",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-28.html"
}
]
}
CVE-2010-4091 (GCVE-0-2010-4091)
Vulnerability from cvelistv5
Published
2010-11-07 21:00
Modified
2024-08-07 03:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42095",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42095"
},
{
"name": "69005",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/69005"
},
{
"name": "ADV-2011-0191",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0191"
},
{
"name": "43025",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43025"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html"
},
{
"name": "ADV-2010-3111",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3111"
},
{
"name": "ADV-2010-2890",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2890"
},
{
"name": "GLSA-201101-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201101-08.xml"
},
{
"name": "44638",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/44638"
},
{
"name": "RHSA-2010:0934",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0934.html"
},
{
"name": "20101103 [0dayz] Acrobat Reader Memory Corruption Remote Arbitrary Code Execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.html"
},
{
"name": "ADV-2011-0337",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0337"
},
{
"name": "1025033",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025033"
},
{
"name": "42401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42401"
},
{
"name": "1024684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024684"
},
{
"name": "oval:org.mitre.oval:def:12527",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12527"
},
{
"name": "15419",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15419"
},
{
"name": "adobe-reader-pdf-file-ce(62996)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62996"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-28.html"
},
{
"name": "SUSE-SA:2010:058",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "42095",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42095"
},
{
"name": "69005",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/69005"
},
{
"name": "ADV-2011-0191",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0191"
},
{
"name": "43025",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43025"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html"
},
{
"name": "ADV-2010-3111",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3111"
},
{
"name": "ADV-2010-2890",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2890"
},
{
"name": "GLSA-201101-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201101-08.xml"
},
{
"name": "44638",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/44638"
},
{
"name": "RHSA-2010:0934",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0934.html"
},
{
"name": "20101103 [0dayz] Acrobat Reader Memory Corruption Remote Arbitrary Code Execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.html"
},
{
"name": "ADV-2011-0337",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0337"
},
{
"name": "1025033",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025033"
},
{
"name": "42401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42401"
},
{
"name": "1024684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024684"
},
{
"name": "oval:org.mitre.oval:def:12527",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12527"
},
{
"name": "15419",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15419"
},
{
"name": "adobe-reader-pdf-file-ce(62996)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62996"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-28.html"
},
{
"name": "SUSE-SA:2010:058",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-4091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42095",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42095"
},
{
"name": "69005",
"refsource": "OSVDB",
"url": "http://osvdb.org/69005"
},
{
"name": "ADV-2011-0191",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0191"
},
{
"name": "43025",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43025"
},
{
"name": "http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html",
"refsource": "MISC",
"url": "http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html"
},
{
"name": "ADV-2010-3111",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3111"
},
{
"name": "ADV-2010-2890",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2890"
},
{
"name": "GLSA-201101-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201101-08.xml"
},
{
"name": "44638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44638"
},
{
"name": "RHSA-2010:0934",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0934.html"
},
{
"name": "20101103 [0dayz] Acrobat Reader Memory Corruption Remote Arbitrary Code Execution",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0024.html"
},
{
"name": "ADV-2011-0337",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0337"
},
{
"name": "1025033",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025033"
},
{
"name": "42401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42401"
},
{
"name": "1024684",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024684"
},
{
"name": "oval:org.mitre.oval:def:12527",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12527"
},
{
"name": "15419",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15419"
},
{
"name": "adobe-reader-pdf-file-ce(62996)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62996"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-28.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-28.html"
},
{
"name": "SUSE-SA:2010:058",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
},
{
"name": "http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html",
"refsource": "MISC",
"url": "http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2010-4091",
"datePublished": "2010-11-07T21:00:00",
"dateReserved": "2010-10-25T00:00:00",
"dateUpdated": "2024-08-07T03:34:37.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3654 (GCVE-0-2010-3654)
Vulnerability from cvelistv5
Published
2010-10-29 18:00
Modified
2024-08-07 03:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-0192",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0192"
},
{
"name": "42183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42183"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "42030",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42030"
},
{
"name": "ADV-2011-0191",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0191"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1"
},
{
"name": "43025",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43025"
},
{
"name": "ADV-2011-0344",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0344"
},
{
"name": "43026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43026"
},
{
"name": "GLSA-201101-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"name": "ADV-2010-2918",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2918"
},
{
"name": "ADV-2010-3111",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3111"
},
{
"name": "41917",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41917"
},
{
"name": "APPLE-SA-2010-11-10-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "GLSA-201101-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201101-08.xml"
},
{
"name": "RHSA-2010:0834",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0834.html"
},
{
"name": "SUSE-SA:2010:055",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html"
},
{
"name": "1024660",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024660"
},
{
"name": "42926",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42926"
},
{
"name": "RHSA-2010:0934",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0934.html"
},
{
"name": "ADV-2010-2903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2903"
},
{
"name": "ADV-2011-0173",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0173"
},
{
"name": "42401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42401"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html"
},
{
"name": "VU#298081",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/298081"
},
{
"name": "1024659",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024659"
},
{
"name": "TLSA-2011-2",
"tags": [
"vendor-advisory",
"x_refsource_TURBO",
"x_transferred"
],
"url": "http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt"
},
{
"name": "44504",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/44504"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/advisories/apsa10-05.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-28.html"
},
{
"name": "SUSE-SA:2010:058",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html"
},
{
"name": "8210",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8210"
},
{
"name": "ADV-2010-2906",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2906"
},
{
"name": "RHSA-2010:0867",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0867.html"
},
{
"name": "RHSA-2010:0829",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0829.html"
},
{
"name": "oval:org.mitre.oval:def:13294",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13294"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "ADV-2011-0192",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0192"
},
{
"name": "42183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42183"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "42030",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42030"
},
{
"name": "ADV-2011-0191",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0191"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1"
},
{
"name": "43025",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43025"
},
{
"name": "ADV-2011-0344",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0344"
},
{
"name": "43026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43026"
},
{
"name": "GLSA-201101-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"name": "ADV-2010-2918",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2918"
},
{
"name": "ADV-2010-3111",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3111"
},
{
"name": "41917",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41917"
},
{
"name": "APPLE-SA-2010-11-10-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "GLSA-201101-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201101-08.xml"
},
{
"name": "RHSA-2010:0834",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0834.html"
},
{
"name": "SUSE-SA:2010:055",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html"
},
{
"name": "1024660",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024660"
},
{
"name": "42926",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42926"
},
{
"name": "RHSA-2010:0934",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0934.html"
},
{
"name": "ADV-2010-2903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2903"
},
{
"name": "ADV-2011-0173",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0173"
},
{
"name": "42401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42401"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html"
},
{
"name": "VU#298081",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/298081"
},
{
"name": "1024659",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024659"
},
{
"name": "TLSA-2011-2",
"tags": [
"vendor-advisory",
"x_refsource_TURBO"
],
"url": "http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt"
},
{
"name": "44504",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/44504"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/advisories/apsa10-05.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-28.html"
},
{
"name": "SUSE-SA:2010:058",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html"
},
{
"name": "8210",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8210"
},
{
"name": "ADV-2010-2906",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2906"
},
{
"name": "RHSA-2010:0867",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0867.html"
},
{
"name": "RHSA-2010:0829",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0829.html"
},
{
"name": "oval:org.mitre.oval:def:13294",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13294"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-3654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0192",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0192"
},
{
"name": "42183",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42183"
},
{
"name": "http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html",
"refsource": "MISC",
"url": "http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "42030",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42030"
},
{
"name": "ADV-2011-0191",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0191"
},
{
"name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1",
"refsource": "CONFIRM",
"url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1"
},
{
"name": "43025",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43025"
},
{
"name": "ADV-2011-0344",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0344"
},
{
"name": "43026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43026"
},
{
"name": "GLSA-201101-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"name": "ADV-2010-2918",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2918"
},
{
"name": "ADV-2010-3111",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3111"
},
{
"name": "41917",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41917"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "GLSA-201101-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201101-08.xml"
},
{
"name": "RHSA-2010:0834",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0834.html"
},
{
"name": "SUSE-SA:2010:055",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html"
},
{
"name": "1024660",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024660"
},
{
"name": "42926",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42926"
},
{
"name": "RHSA-2010:0934",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0934.html"
},
{
"name": "ADV-2010-2903",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2903"
},
{
"name": "ADV-2011-0173",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0173"
},
{
"name": "42401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42401"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-26.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html"
},
{
"name": "VU#298081",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/298081"
},
{
"name": "1024659",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024659"
},
{
"name": "TLSA-2011-2",
"refsource": "TURBO",
"url": "http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt"
},
{
"name": "44504",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44504"
},
{
"name": "http://www.adobe.com/support/security/advisories/apsa10-05.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/advisories/apsa10-05.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-28.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-28.html"
},
{
"name": "SUSE-SA:2010:058",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html"
},
{
"name": "8210",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8210"
},
{
"name": "ADV-2010-2906",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2906"
},
{
"name": "RHSA-2010:0867",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0867.html"
},
{
"name": "RHSA-2010:0829",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0829.html"
},
{
"name": "oval:org.mitre.oval:def:13294",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13294"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2010-3654",
"datePublished": "2010-10-29T18:00:00",
"dateReserved": "2010-09-28T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…