cvelistv5 - cve-2010-3976

CVE-2010-3976 (GCVE-0-2010-3976)

Vulnerability from cvelistv5

Published

2010-10-19 20:00

Modified

2024-08-07 03:26

Severity ?

CWE

Summary

Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player.

References

URL

Tags

psirt@adobe.com	http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29
psirt@adobe.com	http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html	Vendor Advisory
psirt@adobe.com	http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html
psirt@adobe.com	http://marc.info/?l=bugtraq&m=130331642631603&w=2
psirt@adobe.com	http://marc.info/?l=bugtraq&m=130331642631603&w=2
psirt@adobe.com	http://secunia.com/advisories/43026	Vendor Advisory
psirt@adobe.com	http://security.gentoo.org/glsa/glsa-201101-09.xml
psirt@adobe.com	http://support.apple.com/kb/HT4435	Vendor Advisory
psirt@adobe.com	http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt
psirt@adobe.com	http://www.adobe.com/support/security/bulletins/apsb10-26.html	Vendor Advisory
psirt@adobe.com	http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00070.html	Exploit
psirt@adobe.com	http://www.securityfocus.com/archive/1/514653/100/0/threaded
psirt@adobe.com	http://www.securityfocus.com/bid/44671
psirt@adobe.com	http://www.vupen.com/english/advisories/2010/2903	Vendor Advisory
psirt@adobe.com	http://www.vupen.com/english/advisories/2011/0192	Vendor Advisory
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6926
af854a3a-2127-422b-91ae-364da2661108	http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=130331642631603&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=130331642631603&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43026	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201101-09.xml
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4435	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb10-26.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00070.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/514653/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/44671
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2903	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0192	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6926

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:26:12.314Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2011-0192",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0192"
          },
          {
            "name": "20101105 ASPR #2010-11-05-01: Remote Binary Planting in Adobe Flash Player",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/514653/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4435"
          },
          {
            "name": "oval:org.mitre.oval:def:6926",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6926"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29"
          },
          {
            "name": "43026",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43026"
          },
          {
            "name": "GLSA-201101-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
          },
          {
            "name": "APPLE-SA-2010-11-10-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt"
          },
          {
            "name": "SUSE-SA:2010:055",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html"
          },
          {
            "name": "SSRT100428",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2"
          },
          {
            "name": "ADV-2010-2903",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2903"
          },
          {
            "name": "HPSBMA02663",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html"
          },
          {
            "name": "20100910 Adobe Flash Player IE version 10.1.x Insecure DLL Hijacking Vulnerability (dwmapi.dll)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00070.html"
          },
          {
            "name": "44671",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/44671"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-09-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "name": "ADV-2011-0192",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0192"
        },
        {
          "name": "20101105 ASPR #2010-11-05-01: Remote Binary Planting in Adobe Flash Player",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/514653/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4435"
        },
        {
          "name": "oval:org.mitre.oval:def:6926",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6926"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29"
        },
        {
          "name": "43026",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43026"
        },
        {
          "name": "GLSA-201101-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
        },
        {
          "name": "APPLE-SA-2010-11-10-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt"
        },
        {
          "name": "SUSE-SA:2010:055",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html"
        },
        {
          "name": "SSRT100428",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2"
        },
        {
          "name": "ADV-2010-2903",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2903"
        },
        {
          "name": "HPSBMA02663",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html"
        },
        {
          "name": "20100910 Adobe Flash Player IE version 10.1.x Insecure DLL Hijacking Vulnerability (dwmapi.dll)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00070.html"
        },
        {
          "name": "44671",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/44671"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2010-3976",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2011-0192",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0192"
            },
            {
              "name": "20101105 ASPR #2010-11-05-01: Remote Binary Planting in Adobe Flash Player",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/514653/100/0/threaded"
            },
            {
              "name": "http://support.apple.com/kb/HT4435",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4435"
            },
            {
              "name": "oval:org.mitre.oval:def:6926",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6926"
            },
            {
              "name": "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29",
              "refsource": "MISC",
              "url": "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29"
            },
            {
              "name": "43026",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43026"
            },
            {
              "name": "GLSA-201101-09",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
            },
            {
              "name": "APPLE-SA-2010-11-10-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
            },
            {
              "name": "http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt",
              "refsource": "MISC",
              "url": "http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt"
            },
            {
              "name": "SUSE-SA:2010:055",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html"
            },
            {
              "name": "SSRT100428",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2"
            },
            {
              "name": "ADV-2010-2903",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2903"
            },
            {
              "name": "HPSBMA02663",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb10-26.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html"
            },
            {
              "name": "20100910 Adobe Flash Player IE version 10.1.x Insecure DLL Hijacking Vulnerability (dwmapi.dll)",
              "refsource": "BUGTRAQ",
              "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00070.html"
            },
            {
              "name": "44671",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/44671"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2010-3976",
    "datePublished": "2010-10-19T20:00:00",
    "dateReserved": "2010-10-14T00:00:00",
    "dateUpdated": "2024-08-07T03:26:12.314Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-3976\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2010-10-19T21:00:10.330\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ruta (path) de b\u00fasqueda no confiable en Flash Player de Adobe anterior a versi\u00f3n 9.0.289.0 y versiones 10.x anteriores a 10.1.102.64 en Windows, permite a los usuarios locales, y posiblemente atacantes remotos, ejecutar c\u00f3digo arbitrario y llevar a cabo ataques de secuestro DLL por medio de una biblioteca dwmapi.dll de tipo caballo de Troya que se encuentra en la misma carpeta que un archivo que es procesado por Flash Player.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.0.277.0\",\"matchCriteriaId\":\"BBFDF379-6774-41F0-A061-D1F83681502F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"600DDA9D-6440-48D1-8539-7127398A8678\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"934A869D-D58D-4C36-B86E-013F62790585\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACFA6611-99DA-48B0-89F7-DD99B8E30334\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59AF804B-BD7A-4AD7-AD44-B5D980443B8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5D52F86-2E38-4C66-9939-7603367B8D0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0557AA2A-FA3A-460A-8F03-DC74B149CA3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FC04ABF-6191-4AA5-90B2-E7A97E6C6005\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F22F1B02-CCF5-4770-A79B-1F58CA4321CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93957171-F1F4-43ED-A8B9-2D36C81EB1F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AE89894-E492-4380-8A2B-4CDD3A15667A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C6ED706-BAF2-4795-B597-6F7EE8CA8911\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"260E2CF6-4D15-4168-A933-3EC52D8F93FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D50BF190-2629-49A8-A377-4723C93FFB3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E59E2AD-38BB-46DF-AC0D-D36F1F259AD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD04F04C-30CE-4A8D-B254-B10DEF62CEEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96DC7742-499D-4BF5-9C5B-FCFF912A9892\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDD0A103-6D00-4D3D-9570-2DF74B6FE294\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33AC4365-576C-487A-89C5-197A26D416C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84B367AC-E1E1-4BC5-8BF4-D5B517C0CA7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0A9C054-1F82-41DD-BE13-2B71B6F87F22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CB0781E-D5B5-4576-ABD4-0EE1C0C3DF12\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.1.92.10\",\"matchCriteriaId\":\"40F70DB5-7ABD-44DD-9BC4-FDA403D009FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08E4028B-72E7-4E4A-AD0F-645F5AACAA29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63313ADA-3C52-47C8-9745-6BF6AEF0F6AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA646396-7C10-45A0-89A9-C75C5D8AFB3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"476BB487-150A-4482-8C84-E6A2995A97E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3555324F-40F8-4BF4-BE5F-52A1E22B3AFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60540FDE-8C31-4679-A85E-614B1EFE1FF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE652520-B693-47F1-A342-621C149A7430\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0EC3272-8E1E-4415-A254-BB6C7FB49BEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CF5AF16-A4F2-4E65-ADA8-DE11BE1F198D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7DF88E7-1A67-447C-BCF8-5C5564002207\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"460A0D6C-3A06-4910-B1E5-375E12F64F6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"950D8316-8117-4C09-A2A9-B34191957D32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5484DE8-3CB1-4591-BF30-0D5E255034E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02EBACEB-1266-4A2C-A47E-066D12EE5B96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCC09395-A9C7-4D7F-9B55-3120A84CB427\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C2A6BBE-6033-4EF2-B890-9BD8867CC65A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}],\"references\":[{\"url\":\"http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://secunia.com/advisories/43026\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-201101-09.xml\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://support.apple.com/kb/HT4435\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb10-26.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00070.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/514653/100/0/threaded\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.securityfocus.com/bid/44671\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/2903\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0192\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6926\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/43026\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-201101-09.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT4435\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb10-26.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00070.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/514653/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/44671\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/2903\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0192\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6926\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"Per: http://cwe.mitre.org/data/definitions/426.html\\r\\n\\r\\n\u0027CWE-426: Untrusted Search Path\u0027\"}}"
  }
}

CERTA-2010-AVI-548

Vulnerability from certfr_avis

De nombreuses vulnérabilités ont été découvertes dans le système d'exploitation Mac OS X. Leur exploitation permet, entre autres, l'exécution de code arbitraire à distance.

Description

De multiples vulnérabilités ont été corrigées dans différents composants du système d'exploitation Mac OS X. Notamment :

AFP Server ;
AppKit ;
ATS ;
CFNetwork ;
CoreGraphics ;
CoreText ;
Directory Services ;
diskdev_cmds ;
Disk Images ;
Image Capture ;
ImageIO ;
Image RAW ;
Kernel ;
Networking ;
Password Server ;
Printing ;
QuickLook ;
QuickTime ;
Safari ;
Time Machine ;
Wiki Server ;
xar.

Cette mise à jour corrige également un grand nombre de vulnérabilités dans des logiciels inclus au système d'exploitation comme Apache, CUPS, Flash Player, gzip, MySQL, OpenLDAP, OpenSSL, PHP, python, X11.

Parmi les failles corrigées, certaines permettent l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Mac OS X Server 10.6.0 à 10.6.4.
N/A	N/A	Mac OS X 10.5.8 ;
N/A	N/A	Mac OS X 10.6.0 à 10.6.4 ;
N/A	N/A	Mac OS X Server 10.5.8 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 2010-007 du 11 novembre 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X Server 10.6.0 \u00e0 10.6.4.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.5.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.6.0 \u00e0 10.6.4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans diff\u00e9rents composants\ndu syst\u00e8me d\u0027exploitation Mac OS X. Notamment :\n\n-   AFP Server ;\n-   AppKit ;\n-   ATS ;\n-   CFNetwork ;\n-   CoreGraphics ;\n-   CoreText ;\n-   Directory Services ;\n-   diskdev_cmds ;\n-   Disk Images ;\n-   Image Capture ;\n-   ImageIO ;\n-   Image RAW ;\n-   Kernel ;\n-   Networking ;\n-   Password Server ;\n-   Printing ;\n-   QuickLook ;\n-   QuickTime ;\n-   Safari ;\n-   Time Machine ;\n-   Wiki Server ;\n-   xar.\n\nCette mise \u00e0 jour corrige \u00e9galement un grand nombre de vuln\u00e9rabilit\u00e9s\ndans des logiciels inclus au syst\u00e8me d\u0027exploitation comme Apache, CUPS,\nFlash Player, gzip, MySQL, OpenLDAP, OpenSSL, PHP, python, X11.\n\nParmi les failles corrig\u00e9es, certaines permettent l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3793"
    },
    {
      "name": "CVE-2010-2167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2167"
    },
    {
      "name": "CVE-2010-2173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2173"
    },
    {
      "name": "CVE-2010-3783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3783"
    },
    {
      "name": "CVE-2010-2163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2163"
    },
    {
      "name": "CVE-2010-3642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3642"
    },
    {
      "name": "CVE-2009-4134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4134"
    },
    {
      "name": "CVE-2010-1803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1803"
    },
    {
      "name": "CVE-2010-3788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3788"
    },
    {
      "name": "CVE-2010-3638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3638"
    },
    {
      "name": "CVE-2010-1846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1846"
    },
    {
      "name": "CVE-2010-2484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2484"
    },
    {
      "name": "CVE-2010-3640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3640"
    },
    {
      "name": "CVE-2010-0434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0434"
    },
    {
      "name": "CVE-2010-1834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1834"
    },
    {
      "name": "CVE-2010-2499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2499"
    },
    {
      "name": "CVE-2010-2519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2519"
    },
    {
      "name": "CVE-2010-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3646"
    },
    {
      "name": "CVE-2010-0211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0211"
    },
    {
      "name": "CVE-2010-2531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2531"
    },
    {
      "name": "CVE-2010-2170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2170"
    },
    {
      "name": "CVE-2010-3784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3784"
    },
    {
      "name": "CVE-2010-1840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1840"
    },
    {
      "name": "CVE-2010-1845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1845"
    },
    {
      "name": "CVE-2010-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3639"
    },
    {
      "name": "CVE-2010-3654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3654"
    },
    {
      "name": "CVE-2010-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0205"
    },
    {
      "name": "CVE-2010-1752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1752"
    },
    {
      "name": "CVE-2010-2249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2249"
    },
    {
      "name": "CVE-2010-3643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3643"
    },
    {
      "name": "CVE-2010-1849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1849"
    },
    {
      "name": "CVE-2010-1842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1842"
    },
    {
      "name": "CVE-2010-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2176"
    },
    {
      "name": "CVE-2010-3650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3650"
    },
    {
      "name": "CVE-2010-1378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1378"
    },
    {
      "name": "CVE-2010-2497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2497"
    },
    {
      "name": "CVE-2010-3798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3798"
    },
    {
      "name": "CVE-2010-2162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2162"
    },
    {
      "name": "CVE-2009-2474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2474"
    },
    {
      "name": "CVE-2010-1205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1205"
    },
    {
      "name": "CVE-2010-2172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2172"
    },
    {
      "name": "CVE-2010-2181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2181"
    },
    {
      "name": "CVE-2010-3796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3796"
    },
    {
      "name": "CVE-2010-1850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1850"
    },
    {
      "name": "CVE-2010-3795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3795"
    },
    {
      "name": "CVE-2010-2160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2160"
    },
    {
      "name": "CVE-2010-3786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3786"
    },
    {
      "name": "CVE-2010-3644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3644"
    },
    {
      "name": "CVE-2010-2179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2179"
    },
    {
      "name": "CVE-2010-1831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1831"
    },
    {
      "name": "CVE-2010-3647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3647"
    },
    {
      "name": "CVE-2010-3790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3790"
    },
    {
      "name": "CVE-2010-2214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2214"
    },
    {
      "name": "CVE-2010-1450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1450"
    },
    {
      "name": "CVE-2010-0408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0408"
    },
    {
      "name": "CVE-2010-2165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2165"
    },
    {
      "name": "CVE-2010-2171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2171"
    },
    {
      "name": "CVE-2010-1844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1844"
    },
    {
      "name": "CVE-2010-2498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2498"
    },
    {
      "name": "CVE-2010-4010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4010"
    },
    {
      "name": "CVE-2010-3793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3793"
    },
    {
      "name": "CVE-2010-0209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0209"
    },
    {
      "name": "CVE-2010-2182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2182"
    },
    {
      "name": "CVE-2010-3649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3649"
    },
    {
      "name": "CVE-2010-1847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1847"
    },
    {
      "name": "CVE-2010-1841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1841"
    },
    {
      "name": "CVE-2010-2175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2175"
    },
    {
      "name": "CVE-2010-2180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2180"
    },
    {
      "name": "CVE-2010-1828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1828"
    },
    {
      "name": "CVE-2010-0397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0397"
    },
    {
      "name": "CVE-2010-2520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2520"
    },
    {
      "name": "CVE-2008-4546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4546"
    },
    {
      "name": "CVE-2010-1297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1297"
    },
    {
      "name": "CVE-2010-2941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2941"
    },
    {
      "name": "CVE-2010-2187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2187"
    },
    {
      "name": "CVE-2010-2164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2164"
    },
    {
      "name": "CVE-2010-2884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2884"
    },
    {
      "name": "CVE-2010-3636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3636"
    },
    {
      "name": "CVE-2010-1836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1836"
    },
    {
      "name": "CVE-2010-3794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3794"
    },
    {
      "name": "CVE-2010-2161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2161"
    },
    {
      "name": "CVE-2010-1843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1843"
    },
    {
      "name": "CVE-2010-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2808"
    },
    {
      "name": "CVE-2010-2215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2215"
    },
    {
      "name": "CVE-2010-2805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2805"
    },
    {
      "name": "CVE-2010-2178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2178"
    },
    {
      "name": "CVE-2010-3787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3787"
    },
    {
      "name": "CVE-2010-1832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1832"
    },
    {
      "name": "CVE-2009-0946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0946"
    },
    {
      "name": "CVE-2010-2177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2177"
    },
    {
      "name": "CVE-2009-2473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2473"
    },
    {
      "name": "CVE-2010-3053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3053"
    },
    {
      "name": "CVE-2010-3789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3789"
    },
    {
      "name": "CVE-2010-1829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1829"
    },
    {
      "name": "CVE-2010-2166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2166"
    },
    {
      "name": "CVE-2010-1848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1848"
    },
    {
      "name": "CVE-2010-3645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3645"
    },
    {
      "name": "CVE-2010-0212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0212"
    },
    {
      "name": "CVE-2010-3054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3054"
    },
    {
      "name": "CVE-2010-2184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2184"
    },
    {
      "name": "CVE-2010-3648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3648"
    },
    {
      "name": "CVE-2010-3791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3791"
    },
    {
      "name": "CVE-2010-1449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1449"
    },
    {
      "name": "CVE-2010-3976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3976"
    },
    {
      "name": "CVE-2010-3797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3797"
    },
    {
      "name": "CVE-2010-1830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1830"
    },
    {
      "name": "CVE-2010-3641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3641"
    },
    {
      "name": "CVE-2010-2189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2189"
    },
    {
      "name": "CVE-2010-3792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3792"
    },
    {
      "name": "CVE-2010-2216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2216"
    },
    {
      "name": "CVE-2010-2174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2174"
    },
    {
      "name": "CVE-2010-2169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2169"
    },
    {
      "name": "CVE-2010-1837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1837"
    },
    {
      "name": "CVE-2010-2806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2806"
    },
    {
      "name": "CVE-2009-2624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2624"
    },
    {
      "name": "CVE-2010-2188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2188"
    },
    {
      "name": "CVE-2010-2185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2185"
    },
    {
      "name": "CVE-2010-1833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1833"
    },
    {
      "name": "CVE-2010-1811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1811"
    },
    {
      "name": "CVE-2010-2500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2500"
    },
    {
      "name": "CVE-2010-2213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2213"
    },
    {
      "name": "CVE-2009-0796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0796"
    },
    {
      "name": "CVE-2010-2186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2186"
    },
    {
      "name": "CVE-2010-1838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1838"
    },
    {
      "name": "CVE-2010-2807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2807"
    },
    {
      "name": "CVE-2010-3785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3785"
    },
    {
      "name": "CVE-2010-2183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2183"
    },
    {
      "name": "CVE-2010-0105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0105"
    },
    {
      "name": "CVE-2010-0001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0001"
    },
    {
      "name": "CVE-2010-3652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3652"
    }
  ],
  "initial_release_date": "2010-11-12T00:00:00",
  "last_revision_date": "2010-11-12T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-548",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-11-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me\nd\u0027exploitation \u003cspan class=\"textit\"\u003eMac OS X\u003c/span\u003e. Leur exploitation\npermet, entre autres, l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2010-007 du 11 novembre 2010",
      "url": "http://support.apple.com/kb/HT4435"
    }
  ]
}

CERTA-2010-AVI-538

Vulnerability from certfr_avis

De multiples vulnérabilités dans Adobe Flash Player permettent, entre autre, à une personne distante malintentionnée d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités dans Adobe Flash Player ont été découvertes :

Plusieurs corruptions de la mémoire permettent d'exécuter du code arbitraire à distance (CVE-2010-3654, CVE-2010-3637, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652) ;
une erreur de validation permet de contourner la politique de restriction d'accès à certains fichiers (CVE-2010-3636) ;
une vulnérabilité permettant de porter atteinte à la confidentialité des données existe dans la version Macintosh pour le navigateur Safari du lecteur (CVE-2010-3638) ;
une vulnérabilité peremet de provoquer à minima un déni de service (CVE-2010-3639).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Adobe	N/A	Adobe Flash Player 10.1.95.1 pour Android.
	Adobe	N/A	Adobe Flash Player 10.1.85.3 et versions antérieures pour Windows, Macintosh, Linux et Solaris ;

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB10-26 du 04 novembre 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player 10.1.95.1 pour Android.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player 10.1.85.3 et versions ant\u00e9rieures pour Windows, Macintosh, Linux et Solaris ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s dans Adobe Flash Player ont \u00e9t\u00e9 d\u00e9couvertes :\n\n-   Plusieurs corruptions de la m\u00e9moire permettent d\u0027ex\u00e9cuter du code\n    arbitraire \u00e0 distance (CVE-2010-3654, CVE-2010-3637, CVE-2010-3640,\n    CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644,\n    CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648,\n    CVE-2010-3649, CVE-2010-3650, CVE-2010-3652) ;\n-   une erreur de validation permet de contourner la politique de\n    restriction d\u0027acc\u00e8s \u00e0 certains fichiers (CVE-2010-3636) ;\n-   une vuln\u00e9rabilit\u00e9 permettant de porter atteinte \u00e0 la confidentialit\u00e9\n    des donn\u00e9es existe dans la version Macintosh pour le navigateur\n    Safari du lecteur (CVE-2010-3638) ;\n-   une vuln\u00e9rabilit\u00e9 peremet de provoquer \u00e0 minima un d\u00e9ni de service\n    (CVE-2010-3639).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-3642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3642"
    },
    {
      "name": "CVE-2010-3638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3638"
    },
    {
      "name": "CVE-2010-3640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3640"
    },
    {
      "name": "CVE-2010-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3646"
    },
    {
      "name": "CVE-2010-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3639"
    },
    {
      "name": "CVE-2010-3654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3654"
    },
    {
      "name": "CVE-2010-3643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3643"
    },
    {
      "name": "CVE-2010-3650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3650"
    },
    {
      "name": "CVE-2010-3644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3644"
    },
    {
      "name": "CVE-2010-3647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3647"
    },
    {
      "name": "CVE-2010-3637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3637"
    },
    {
      "name": "CVE-2010-3649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3649"
    },
    {
      "name": "CVE-2010-3636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3636"
    },
    {
      "name": "CVE-2010-3645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3645"
    },
    {
      "name": "CVE-2010-3648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3648"
    },
    {
      "name": "CVE-2010-3976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3976"
    },
    {
      "name": "CVE-2010-3641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3641"
    },
    {
      "name": "CVE-2010-3652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3652"
    }
  ],
  "initial_release_date": "2010-11-05T00:00:00",
  "last_revision_date": "2010-11-05T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-538",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-11-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans Adobe Flash Player permettent, entre\nautre, \u00e0 une personne distante malintentionn\u00e9e d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB10-26 du 04 novembre 2010",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html"
    }
  ]
}

CERTA-2011-AVI-241

Vulnerability from certfr_avis

Plusieurs vulnérabilités ont été corrigées dans HP Systems Insight Manager, dont certaines permettent l'exécution de code arbitraire à distance.

Description

Plusieurs vulnérabilités ont été corrigées dans HP Systems Insight Manager. Plusieurs sont des vulnérabilités connues du produit embarqué Adobe Flash Player; deux vulnérabilités non divulguées sont également corrigées.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

HP Systems Insight Manager pour HP-UX, Linux et Windows versions antérieures à 6.3.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité HP c02738731 du 19 avril 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eHP Systems Insight Manager pour HP-UX,  Linux et Windows versions ant\u00e9rieures \u00e0 6.3.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans HP Systems Insight\nManager. Plusieurs sont des vuln\u00e9rabilit\u00e9s connues du produit embarqu\u00e9\nAdobe Flash Player; deux vuln\u00e9rabilit\u00e9s non divulgu\u00e9es sont \u00e9galement\ncorrig\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-3642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3642"
    },
    {
      "name": "CVE-2010-3638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3638"
    },
    {
      "name": "CVE-2010-3640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3640"
    },
    {
      "name": "CVE-2010-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3646"
    },
    {
      "name": "CVE-2010-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3639"
    },
    {
      "name": "CVE-2010-3643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3643"
    },
    {
      "name": "CVE-2011-1542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1542"
    },
    {
      "name": "CVE-2010-3650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3650"
    },
    {
      "name": "CVE-2010-3644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3644"
    },
    {
      "name": "CVE-2010-3647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3647"
    },
    {
      "name": "CVE-2010-3637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3637"
    },
    {
      "name": "CVE-2010-3649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3649"
    },
    {
      "name": "CVE-2010-3636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3636"
    },
    {
      "name": "CVE-2011-1543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1543"
    },
    {
      "name": "CVE-2010-3645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3645"
    },
    {
      "name": "CVE-2010-3648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3648"
    },
    {
      "name": "CVE-2010-3976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3976"
    },
    {
      "name": "CVE-2010-3641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3641"
    },
    {
      "name": "CVE-2010-3652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3652"
    }
  ],
  "initial_release_date": "2011-04-21T00:00:00",
  "last_revision_date": "2011-04-21T00:00:00",
  "links": [],
  "reference": "CERTA-2011-AVI-241",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-04-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans HP Systems Insight\nManager, dont certaines permettent l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples Vuln\u00e9rabilit\u00e9s dans HP Systems Insight Manager",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c02738731 du 19 avril 2011",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02738731"
    }
  ]
}

ghsa-84w5-gxxj-77r2

Vulnerability from github

Published

2022-05-14 02:42

Modified

2022-05-14 02:42

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-3976"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-10-19T21:00:00Z",
    "severity": "HIGH"
  },
  "details": "Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player.",
  "id": "GHSA-84w5-gxxj-77r2",
  "modified": "2022-05-14T02:42:50Z",
  "published": "2022-05-14T02:42:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3976"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6926"
    },
    {
      "type": "WEB",
      "url": "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43026"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4435"
    },
    {
      "type": "WEB",
      "url": "http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html"
    },
    {
      "type": "WEB",
      "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00070.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/514653/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/44671"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/2903"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0192"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2010-3976

Vulnerability from fkie_nvd

Published

2010-10-19 21:00

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
psirt@adobe.com	http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29
psirt@adobe.com	http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html	Vendor Advisory
psirt@adobe.com	http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html
psirt@adobe.com	http://marc.info/?l=bugtraq&m=130331642631603&w=2
psirt@adobe.com	http://marc.info/?l=bugtraq&m=130331642631603&w=2
psirt@adobe.com	http://secunia.com/advisories/43026	Vendor Advisory
psirt@adobe.com	http://security.gentoo.org/glsa/glsa-201101-09.xml
psirt@adobe.com	http://support.apple.com/kb/HT4435	Vendor Advisory
psirt@adobe.com	http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt
psirt@adobe.com	http://www.adobe.com/support/security/bulletins/apsb10-26.html	Vendor Advisory
psirt@adobe.com	http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00070.html	Exploit
psirt@adobe.com	http://www.securityfocus.com/archive/1/514653/100/0/threaded
psirt@adobe.com	http://www.securityfocus.com/bid/44671
psirt@adobe.com	http://www.vupen.com/english/advisories/2010/2903	Vendor Advisory
psirt@adobe.com	http://www.vupen.com/english/advisories/2011/0192	Vendor Advisory
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6926
af854a3a-2127-422b-91ae-364da2661108	http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=130331642631603&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=130331642631603&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43026	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201101-09.xml
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4435	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb10-26.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00070.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/514653/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/44671
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2903	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0192	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6926

Impacted products

Vendor	Product	Version
adobe	flash_player	*
adobe	flash_player	9.0.16
adobe	flash_player	9.0.18d60
adobe	flash_player	9.0.20
adobe	flash_player	9.0.20.0
adobe	flash_player	9.0.28
adobe	flash_player	9.0.28.0
adobe	flash_player	9.0.31
adobe	flash_player	9.0.31.0
adobe	flash_player	9.0.45.0
adobe	flash_player	9.0.47.0
adobe	flash_player	9.0.48.0
adobe	flash_player	9.0.112.0
adobe	flash_player	9.0.114.0
adobe	flash_player	9.0.115.0
adobe	flash_player	9.0.124.0
adobe	flash_player	9.0.125.0
adobe	flash_player	9.0.151.0
adobe	flash_player	9.0.152.0
adobe	flash_player	9.0.155.0
adobe	flash_player	9.0.159.0
adobe	flash_player	9.0.246.0
adobe	flash_player	9.0.260.0
adobe	flash_player	9.0.262.0
microsoft	windows	*
adobe	flash_player	*
adobe	flash_player	10.0.0.584
adobe	flash_player	10.0.12.10
adobe	flash_player	10.0.12.36
adobe	flash_player	10.0.15.3
adobe	flash_player	10.0.22.87
adobe	flash_player	10.0.32.18
adobe	flash_player	10.0.42.34
adobe	flash_player	10.0.45.2
adobe	flash_player	10.1.52.14.1
adobe	flash_player	10.1.52.15
adobe	flash_player	10.1.53.64
adobe	flash_player	10.1.82.76
adobe	flash_player	10.1.85.3
adobe	flash_player	10.1.92.8
adobe	flash_player	10.1.95.1
adobe	flash_player	10.1.95.2
microsoft	windows	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBFDF379-6774-41F0-A061-D1F83681502F",
              "versionEndIncluding": "9.0.277.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*",
              "matchCriteriaId": "600DDA9D-6440-48D1-8539-7127398A8678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A869D-D58D-4C36-B86E-013F62790585",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACFA6611-99DA-48B0-89F7-DD99B8E30334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "59AF804B-BD7A-4AD7-AD44-B5D980443B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5D52F86-2E38-4C66-9939-7603367B8D0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0557AA2A-FA3A-460A-8F03-DC74B149CA3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC04ABF-6191-4AA5-90B2-E7A97E6C6005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F22F1B02-CCF5-4770-A79B-1F58CA4321CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "93957171-F1F4-43ED-A8B9-2D36C81EB1F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AE89894-E492-4380-8A2B-4CDD3A15667A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6ED706-BAF2-4795-B597-6F7EE8CA8911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "260E2CF6-4D15-4168-A933-3EC52D8F93FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D50BF190-2629-49A8-A377-4723C93FFB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E59E2AD-38BB-46DF-AC0D-D36F1F259AD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD04F04C-30CE-4A8D-B254-B10DEF62CEEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "96DC7742-499D-4BF5-9C5B-FCFF912A9892",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDD0A103-6D00-4D3D-9570-2DF74B6FE294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33AC4365-576C-487A-89C5-197A26D416C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84B367AC-E1E1-4BC5-8BF4-D5B517C0CA7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A9C054-1F82-41DD-BE13-2B71B6F87F22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB0781E-D5B5-4576-ABD4-0EE1C0C3DF12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40F70DB5-7ABD-44DD-9BC4-FDA403D009FB",
              "versionEndIncluding": "10.1.92.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*",
              "matchCriteriaId": "08E4028B-72E7-4E4A-AD0F-645F5AACAA29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "63313ADA-3C52-47C8-9745-6BF6AEF0F6AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA646396-7C10-45A0-89A9-C75C5D8AFB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "476BB487-150A-4482-8C84-E6A2995A97E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*",
              "matchCriteriaId": "3555324F-40F8-4BF4-BE5F-52A1E22B3AFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "60540FDE-8C31-4679-A85E-614B1EFE1FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE652520-B693-47F1-A342-621C149A7430",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0EC3272-8E1E-4415-A254-BB6C7FB49BEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF5AF16-A4F2-4E65-ADA8-DE11BE1F198D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7DF88E7-1A67-447C-BCF8-5C5564002207",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*",
              "matchCriteriaId": "460A0D6C-3A06-4910-B1E5-375E12F64F6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "950D8316-8117-4C09-A2A9-B34191957D32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5484DE8-3CB1-4591-BF30-0D5E255034E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "02EBACEB-1266-4A2C-A47E-066D12EE5B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCC09395-A9C7-4D7F-9B55-3120A84CB427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C2A6BBE-6033-4EF2-B890-9BD8867CC65A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ruta (path) de b\u00fasqueda no confiable en Flash Player de Adobe anterior a versi\u00f3n 9.0.289.0 y versiones 10.x anteriores a 10.1.102.64 en Windows, permite a los usuarios locales, y posiblemente atacantes remotos, ejecutar c\u00f3digo arbitrario y llevar a cabo ataques de secuestro DLL por medio de una biblioteca dwmapi.dll de tipo caballo de Troya que se encuentra en la misma carpeta que un archivo que es procesado por Flash Player."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n\u0027CWE-426: Untrusted Search Path\u0027",
  "id": "CVE-2010-3976",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-10-19T21:00:10.330",
  "references": [
    {
      "source": "psirt@adobe.com",
      "url": "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43026"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4435"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00070.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securityfocus.com/archive/1/514653/100/0/threaded"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securityfocus.com/bid/44671"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2903"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0192"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6926"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4435"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00070.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/514653/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/44671"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2903"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0192"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6926"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2010-3976

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2010-3976

Aliases

CVE-2010-3976

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-3976",
    "description": "Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player.",
    "id": "GSD-2010-3976",
    "references": [
      "https://www.suse.com/security/cve/CVE-2010-3976.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-3976"
      ],
      "details": "Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player.",
      "id": "GSD-2010-3976",
      "modified": "2023-12-13T01:21:34.369884Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2010-3976",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2011-0192",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0192"
          },
          {
            "name": "20101105 ASPR #2010-11-05-01: Remote Binary Planting in Adobe Flash Player",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/514653/100/0/threaded"
          },
          {
            "name": "http://support.apple.com/kb/HT4435",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4435"
          },
          {
            "name": "oval:org.mitre.oval:def:6926",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6926"
          },
          {
            "name": "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29",
            "refsource": "MISC",
            "url": "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29"
          },
          {
            "name": "43026",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/43026"
          },
          {
            "name": "GLSA-201101-09",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
          },
          {
            "name": "APPLE-SA-2010-11-10-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
          },
          {
            "name": "http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt",
            "refsource": "MISC",
            "url": "http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt"
          },
          {
            "name": "SUSE-SA:2010:055",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html"
          },
          {
            "name": "SSRT100428",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2"
          },
          {
            "name": "ADV-2010-2903",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/2903"
          },
          {
            "name": "HPSBMA02663",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb10-26.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html"
          },
          {
            "name": "20100910 Adobe Flash Player IE version 10.1.x Insecure DLL Hijacking Vulnerability (dwmapi.dll)",
            "refsource": "BUGTRAQ",
            "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00070.html"
          },
          {
            "name": "44671",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/44671"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "9.0.277.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.1.92.10",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2010-3976"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29",
              "refsource": "MISC",
              "tags": [],
              "url": "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29"
            },
            {
              "name": "20100910 Adobe Flash Player IE version 10.1.x Insecure DLL Hijacking Vulnerability (dwmapi.dll)",
              "refsource": "BUGTRAQ",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00070.html"
            },
            {
              "name": "http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt"
            },
            {
              "name": "44671",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/44671"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb10-26.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html"
            },
            {
              "name": "http://support.apple.com/kb/HT4435",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT4435"
            },
            {
              "name": "APPLE-SA-2010-11-10-1",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
            },
            {
              "name": "ADV-2010-2903",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/2903"
            },
            {
              "name": "GLSA-201101-09",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
            },
            {
              "name": "SUSE-SA:2010:055",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html"
            },
            {
              "name": "ADV-2011-0192",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0192"
            },
            {
              "name": "43026",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/43026"
            },
            {
              "name": "SSRT100428",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:6926",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6926"
            },
            {
              "name": "20101105 ASPR #2010-11-05-01: Remote Binary Planting in Adobe Flash Player",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/514653/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-10T20:06Z",
      "publishedDate": "2010-10-19T21:00Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2010-3976 (GCVE-0-2010-3976)

Vulnerability from cvelistv5

CERTA-2010-AVI-548

Vulnerability from certfr_avis

Description

Solution

CERTA-2010-AVI-538

Vulnerability from certfr_avis

Description

Solution

CERTA-2011-AVI-241

Vulnerability from certfr_avis

Description

Solution

ghsa-84w5-gxxj-77r2

Vulnerability from github

fkie_cve-2010-3976

Vulnerability from fkie_nvd

gsd-2010-3976

Vulnerability from gsd

Tags

Sightings

Nomenclature