CVE-2010-3636 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2010-3636?

CVE-2010-3636 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-3636?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Apple Mac Os X, Linux Linux Kernel, Microsoft Windows, Sun Solaris.

Vulnerability Description

Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Adobe	Flash Player	>= 9.0, < 9.0.289.0
Apple	Mac Os X	-
Linux	Linux Kernel	-
Microsoft	Windows	-
Sun	Solaris	-
Google	Android	-

Related Weaknesses (CWE)

CWE-264

References

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1Broken Link
http://jvn.jp/en/jp/JVN48425028/index.htmlThird Party AdvisoryVDB Entry
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.htmlThird Party AdvisoryVDB Entry
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.htmlThird Party Advisory
http://marc.info/?l=bugtraq&m=130331642631603&w=2Mailing ListThird Party Advisory
http://secunia.com/advisories/42183Third Party Advisory
http://secunia.com/advisories/42926Third Party Advisory
http://secunia.com/advisories/43026Third Party Advisory
http://security.gentoo.org/glsa/glsa-201101-09.xmlThird Party Advisory
http://support.apple.com/kb/HT4435Third Party Advisory
http://www.adobe.com/support/security/bulletins/apsb10-26.htmlPatchVendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0829.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0834.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0867.htmlThird Party Advisory

FAQ

What is CVE-2010-3636?

CVE-2010-3636 is a vulnerability with a CVSS score of 9.3 (HIGH). Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of...

How severe is CVE-2010-3636?

CVE-2010-3636 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-3636?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Apple Mac Os X, Linux Linux Kernel, Microsoft Windows, Sun Solaris.