CVE-2010-3637 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2010-3637?

CVE-2010-3637 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-3637?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Microsoft Windows.

Vulnerability Description

An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 (Flash10h.ocx) on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FLV video.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Adobe	Flash Player	>= 9.0, < 9.0.289.0
Microsoft	Windows	-

Related Weaknesses (CWE)

CWE-119

References

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1Broken Link
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.htmlThird Party Advisory
http://marc.info/?l=bugtraq&m=130331642631603&w=2Mailing ListThird Party Advisory
http://secunia.com/advisories/42926Third Party Advisory
http://www.adobe.com/support/security/bulletins/apsb10-26.htmlPatchVendor Advisory
http://www.securityfocus.com/archive/1/514652/100/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/44690Third Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2010/2903Third Party Advisory
http://www.vupen.com/english/advisories/2011/0173Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1Broken Link
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.htmlThird Party Advisory
http://marc.info/?l=bugtraq&m=130331642631603&w=2Mailing ListThird Party Advisory
http://secunia.com/advisories/42926Third Party Advisory
http://www.adobe.com/support/security/bulletins/apsb10-26.htmlPatchVendor Advisory

FAQ

What is CVE-2010-3637?

CVE-2010-3637 is a vulnerability with a CVSS score of 9.3 (HIGH). An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 (Flash10h.ocx) on Windows allows remote attackers to execute arbitrary code or cause a denial of servi...

How severe is CVE-2010-3637?

CVE-2010-3637 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-3637?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Microsoft Windows.