Info

Disclosure

Nov 04, 2010

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Nov 04, 2010

Description

Adobe Flash contains a flaw related to the 'Flash10h.ocx' ActiveX control that may result in memory corruption, allowing an attacker to execute arbitrary code. No further details have been provided.

Classification

Location: Location Unknown
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Upgrade Adobe Flash to version 10.1.102.64 or higher and Adobe AIR to version 2.5.1 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Adobe Systems Incorporated	Flash Player	10.1.85.3
	Flash Player for Android	10.1.95.1
	AIR	2.0.4
	Flash Professional	Flex
		CS4
		CS5
	Flash	Flex
	Flash	CS3

References

CVE ID: 2010-3637 (see also: NVD)
Secunia Advisory ID: 42127 42183 42926 44251
Related OSVDB ID: 69121 69122 69123 69124 69125 69126 69127 69128 69129 69130 69131 69132 69133 69134 69146
Other Advisory URL: http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1
Vendor Specific Advisory URL: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02738731
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html
http://www.adobe.com/support/security/bulletins/apsb10-26.html
https://rhn.redhat.com/errata/RHSA-2010-0829.html
https://rhn.redhat.com/errata/RHSA-2010-0834.html
Mail List Post: http://seclists.org/bugtraq/2011/Apr/201
http://seclists.org/fulldisclosure/2010/Nov/37
News Article: http://threatpost.com/en_us/blogs/adobe-readies-patch-critical-reader-acrobat-flaws-111210
http://www.scmagazineus.com/adobe-patches-flash-for-18-vulnerabilities/article/190265/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/69135

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Adobe Systems Incorporated

Flash Player

Flash Player for Android

AIR

Flash Professional

Flash

References

Credit