Vulnerability Description
Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Adobe Air | <= 1.5.3.9120 |
| Adobe | Flash Player | <= 10.0.42.34 |
| Adobe | Acrobat | <= 9.3 |
| Adobe | Acrobat Reader | <= 9.3 |
References
- http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
- http://secunia.com/advisories/38547Vendor Advisory
- http://secunia.com/advisories/38639Vendor Advisory
- http://secunia.com/advisories/38915
- http://secunia.com/advisories/40220
- http://secunia.com/advisories/43026
- http://security.gentoo.org/glsa/glsa-201101-09.xml
- http://securitytracker.com/id?1023585
- http://support.apple.com/kb/HT4188
- http://www.adobe.com/support/security/bulletins/apsb10-06.htmlPatchVendor Advisory
- http://www.adobe.com/support/security/bulletins/apsb10-07.htmlPatchVendor Advisory
- http://www.osvdb.org/62300
- http://www.redhat.com/support/errata/RHSA-2010-0114.html
- http://www.securityfocus.com/bid/38198
FAQ
What is CVE-2010-0186?
CVE-2010-0186 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass int...
How severe is CVE-2010-0186?
CVE-2010-0186 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0186?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Adobe Air, Adobe Flash Player, Adobe Acrobat, Adobe Acrobat Reader.