VARIoT IoT vulnerabilities database
| VAR-201011-0020 | CVE-2010-4010 | Apple Mac OS X of Apple Type Services Integer sign error vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code via a crafted embedded Compact Font Format (CFF) font in a document. Apple Mac OS X is prone to a remote code-execution vulnerability that exists in the ATSServer component.
An attacker can exploit this issue by enticing an unsuspecting victim to do one of the following:
1. Create a thumbnail of an image file.
2. Open an image using the Preview application.
3. View a file that is hosted on a webserver.
4. View an embedded file contained in an email.
Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
This issue only affects Apple Mac OS X 10.5.
NOTE: This issue may be related to a vulnerability discussed in BID 42241 (FreeType Compact Font Format (CFF) Multiple Stack Based Buffer Overflow Vulnerabilities)
| VAR-201011-0225 | CVE-2010-3040 | Cisco ICM of Setup Manager of agent.exe Vulnerable to stack-based buffer overflow |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164. The problem is Bug ID CSCti45698 , CSCti45715 , CSCti45726 ,and CSCti46164 It is a problem.By a third party (1) HandleUpgradeAll , (2) AgentUpgrade , (3) HandleQueryNodeInfoReq , (4) HandleUpgradeTrace TCP Arbitrary code could be executed via overly long parameters in the packet. Authentication is not required to exploit this vulnerability. The flaw exists within the Agent.exe component which listens by default on TCP port 40078. When processing the HandleUpgradeAll packet type an unchecked copy of user supplied data is performed into a stack-based buffer of a controlled size. Successful exploitation of this vulnerability leads to remote code execution under the context of the SYSTEM user. This may result in a compromise of the underlying system. Failed attempts may lead to a denial-of-service condition. ZDI-10-232: Cisco ICM Setup Manager Agent.exe HandleUpgradeAll Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-232
November 7, 2010
-- CVE ID:
CVE-2010-3040
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Cisco
-- Affected Products:
Cisco Unified Intelligent Contact Management
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 9915.
-- Vendor Response:
Cisco has issued an update to correct this vulnerability. More
details can be found at:
http://tools.cisco.com/security/center/viewAlert.x?alertId=21726
-- Disclosure Timeline:
2010-06-01 - Vulnerability reported to vendor
2010-11-07 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* sb
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
| VAR-201011-0468 | No CVE | RETIRED: AT-TFTP Server Directory Traversal Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
AT-TFTP Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue can allow an attacker to retrieve arbitrary files outside of the FTP server root directory. This may aid in further attacks.
AT-TFTP Server 1.8 is vulnerable; other versions may also be affected.
RETIRED: This issue is retired because it is a duplicate of BID 11584.
| VAR-201011-0229 | CVE-2010-3636 | Flash Player access restriction bypass vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors. Flash Player contains an access restriction bypass vulnerability. When Flash Player references a different website than the site where Flash contents are hosted, the referenced site must be allowed access by the cross-domain policy file. Flash Player contains a vulnerability where access restrictions set by the cross-domain policy file may be bypassed.Cross-domain policy restrictions can be bypassed by using a specially crafted web page. This could result in unauthorized access to website data.
An attacker can exploit this issue to bypass certain policy restrictions, which may aid in further attacks.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers. Remote web servers can bypass preset access restrictions with the help of unknown vectors. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02738731
Version: 1
HPSBMA02663 SSRT100428 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Execution of Arbitrary Code, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-04-19
Last Updated: 2011-04-19
Potential Security Impact: Remote cross site scripting (XSS), cross site request forgery (CSRF), execution of arbitrary code, Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), cross site request forgery (CSRF), execution of arbitrary code, and Denial of Service (DoS).
HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows prior to v6.3
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2010-3636 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2010-3637 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2010-3638 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2010-3639 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2010-3640 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2010-3641 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2010-3642 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2010-3643 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2010-3644 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2010-3645 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2010-3646 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2010-3647 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2010-3648 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2010-3649 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2010-3650 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2010-3652 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2010-3976 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2011-1542 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2011-1543 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided HP SIM v6.3 or subsequent to resolve the vulnerabilities.
HP SIM v6.3 for HP-UX, Linux, and Windows
HP SIM v6.3 for HP-UX, Linux, and Windows is available here:
http://h18013.www1.hp.com/products/servers/management/hpsim/
HP SIM v6.3 for Windows on Insight Software DVD
In addition for Windows HP SIM v6.3 is available on DVD images. These are available for download here.
http://h18013.www1.hp.com/products/servers/management/fpdownload.html
MANUAL ACTIONS: Yes - NonUpdate
For HP-UX, install HP SIM v6.3 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.23
HP-UX B.11.31
=============
SysMgmtServer.MX-CMS
SysMgmtServer.MX-CORE
SysMgmtServer.MX-CORE-ARCH
SysMgmtServer.MX-CORE-ARCH
SysMgmtServer.MX-PORTAL
SysMgmtServer.MX-REPO
SysMgmtServer.MX-TOOLS
action: install HP SIM v6.3 or subsequent
END AFFECTED VERSIONS
HISTORY
Version: 1 (rev.1) - 19 April 2011 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2011 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk2t3CsACgkQ4B86/C0qfVnGsACfUBtF4ovPqqT+9fmlstfGZOEg
Ys0AoM8ROq3gELhOLCPEYCca+qCkf+pn
=x5Sc
-----END PGP SIGNATURE-----
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information:
SA38547
SA40026
SA40907
SA41434
SA41917
SOLUTION:
Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Red Hat update for flash-plugin
SECUNIA ADVISORY ID:
SA42183
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42183/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42183
RELEASE DATE:
2010-11-09
DISCUSS ADVISORY:
http://secunia.com/advisories/42183/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42183/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42183
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Red Hat has issued an update for flash-plugin. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Updated packages are available via Red Hat Network.
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
ORIGINAL ADVISORY:
RHSA-2010:0829-1:
https://rhn.redhat.com/errata/RHSA-2010-0829.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201011-0203 | CVE-2010-4091 | Adobe Reader and Acrobat of EScript.api Vulnerability to execute arbitrary code in plug-in |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information. Adobe Acrobat and Reader are prone to multiple security vulnerabilities.
Adobe released an advance advisory regarding multiple security vulnerabilities in Reader and Acrobat. The vendor indicates that these issues will be addressed in updates for Microsoft Windows and Mac platforms on Tuesday, November 16, 2010, and for UNIX platforms on Monday, November 30, 2010.
This BID will be updated when the advisory is released.
Adobe Reader and Acrobat 9.4 and earlier are vulnerable.
Successful exploits may allow attackers to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
For more information:
SA41340
SA41435
SA42030
SA42095
SOLUTION:
Update to version "app-text/acroread-9.4.1" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Reader Unspecified Memory Corruption Vulnerability
SECUNIA ADVISORY ID:
SA42095
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42095/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42095
RELEASE DATE:
2010-11-05
DISCUSS ADVISORY:
http://secunia.com/advisories/42095/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42095/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42095
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Adobe Reader, which can be
exploited by malicious people to potentially compromise a user's
system.
The vulnerability is caused due to an unspecified error when parsing
PDF files and can be exploited to corrupt memory.
The vulnerability is confirmed in version 9.4.0.
SOLUTION:
Do not open untrusted PDF files.
PROVIDED AND/OR DISCOVERED BY:
scup
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. For further
information please consult the CVE entries and the Adobe Security
Bulletins referenced below. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
For more information:
SA42030
SA42095
SOLUTION:
Updated packages are available via Red Hat Network. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.4.7"
References
==========
[ 1 ] CVE-2010-4091
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4091
[ 2 ] CVE-2011-0562
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0562
[ 3 ] CVE-2011-0563
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0563
[ 4 ] CVE-2011-0565
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0565
[ 5 ] CVE-2011-0566
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0566
[ 6 ] CVE-2011-0567
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0567
[ 7 ] CVE-2011-0570
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0570
[ 8 ] CVE-2011-0585
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0585
[ 9 ] CVE-2011-0586
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0586
[ 10 ] CVE-2011-0587
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0587
[ 11 ] CVE-2011-0588
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0588
[ 12 ] CVE-2011-0589
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589
[ 13 ] CVE-2011-0590
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0590
[ 14 ] CVE-2011-0591
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0591
[ 15 ] CVE-2011-0592
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0592
[ 16 ] CVE-2011-0593
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0593
[ 17 ] CVE-2011-0594
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0594
[ 18 ] CVE-2011-0595
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0595
[ 19 ] CVE-2011-0596
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0596
[ 20 ] CVE-2011-0598
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0598
[ 21 ] CVE-2011-0599
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0599
[ 22 ] CVE-2011-0600
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0600
[ 23 ] CVE-2011-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0602
[ 24 ] CVE-2011-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0603
[ 25 ] CVE-2011-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0604
[ 26 ] CVE-2011-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0605
[ 27 ] CVE-2011-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0606
[ 28 ] CVE-2011-2130
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130
[ 29 ] CVE-2011-2134
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134
[ 30 ] CVE-2011-2135
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135
[ 31 ] CVE-2011-2136
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136
[ 32 ] CVE-2011-2137
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137
[ 33 ] CVE-2011-2138
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138
[ 34 ] CVE-2011-2139
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139
[ 35 ] CVE-2011-2140
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140
[ 36 ] CVE-2011-2414
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414
[ 37 ] CVE-2011-2415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415
[ 38 ] CVE-2011-2416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416
[ 39 ] CVE-2011-2417
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417
[ 40 ] CVE-2011-2424
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424
[ 41 ] CVE-2011-2425
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425
[ 42 ] CVE-2011-2431
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2431
[ 43 ] CVE-2011-2432
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2432
[ 44 ] CVE-2011-2433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2433
[ 45 ] CVE-2011-2434
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2434
[ 46 ] CVE-2011-2435
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2435
[ 47 ] CVE-2011-2436
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2436
[ 48 ] CVE-2011-2437
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2437
[ 49 ] CVE-2011-2438
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2438
[ 50 ] CVE-2011-2439
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2439
[ 51 ] CVE-2011-2440
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2440
[ 52 ] CVE-2011-2441
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2441
[ 53 ] CVE-2011-2442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2442
[ 54 ] CVE-2011-2462
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2462
[ 55 ] CVE-2011-4369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4369
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201201-19.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201011-0224 | CVE-2010-3039 | Cisco CUCM of /usr/local/cm/bin/pktCap_protectData Vulnerable to arbitrary command execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930.
Attackers can exploit this issue to gain administrative access to the affected device and execute arbitrary code with superuser privileges. Successful exploits will lead to the complete compromise of the device.
This issue is tracked by Cisco Bug ID CSCti52041 and CSCti74930. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco Unified Communications Manager Privilege Escalation
Vulnerability
SECUNIA ADVISORY ID:
SA42129
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42129/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42129
RELEASE DATE:
2010-11-09
DISCUSS ADVISORY:
http://secunia.com/advisories/42129/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42129/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42129
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Cisco Unified Communications
Manager, which can be exploited by malicious users to gain escalated
privileges.
The vulnerability is caused due to an input validation error in the
"/usr/local/cm/bin/pktCap_protectData" setuid program when processing
options. This can be exploited e.g.
Please see the vendor's advisory for details on affected versions.
SOLUTION:
Update to the latest version. Please see the vendor's advisory for
more details.
PROVIDED AND/OR DISCOVERED BY:
Knud Erik H\xf8jgaard, nSense
ORIGINAL ADVISORY:
Cisco:
http://tools.cisco.com/security/center/viewAlert.x?alertId=21656
NSENSE-2010-003:
http://www.nsense.fi/advisories/nsense_2010_003.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201011-0287 | No CVE | Trend Micro Titanium Maximum Security 2011 'tmtdi.sys' Local Elevation of Privilege Vulnerability |
CVSS V2: - CVSS V3: - Severity: MEDIUM |
Local users can execute arbitrary kernel mode code by running malicious programs. Trend Micro Titanium Maximum Security is a Trend Micro antivirus software cloud. Trend Micro Titanium Maximum Security 2011 The 'tmtdi.sys' driver has a pointer coverage vulnerability when processing IOCTL 0x220404 requests, and a local attacker can exploit the vulnerability to execute arbitrary code with SYSTEM privileges. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Trend Micro Titanium Maximum Security 2011 IOCTL Handling
Vulnerability
SECUNIA ADVISORY ID:
SA42012
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42012/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42012
RELEASE DATE:
2010-11-03
DISCUSS ADVISORY:
http://secunia.com/advisories/42012/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42012/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42012
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Trend Micro Titanium Maximum
Security 2011, which can be exploited by malicious, local users to
gain escalated privileges. Other
versions may also be affected.
SOLUTION:
Restrict access to trusted users only.
PROVIDED AND/OR DISCOVERED BY:
Nikita Tarakanov, CISS Research Team
ORIGINAL ADVISORY:
http://www.exploit-db.com/exploits/15376/
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201011-0244 | CVE-2010-3652 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3650. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information:
SA38547
SA40026
SA40907
SA41434
SA41917
SOLUTION:
Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Updated packages are available via Red Hat Network
| VAR-201011-0243 | CVE-2010-3650 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information:
SA38547
SA40026
SA40907
SA41434
SA41917
SOLUTION:
Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Updated packages are available via Red Hat Network
| VAR-201011-0242 | CVE-2010-3649 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information:
SA38547
SA40026
SA40907
SA41434
SA41917
SOLUTION:
Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Updated packages are available via Red Hat Network
| VAR-201011-0241 | CVE-2010-3648 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information:
SA38547
SA40026
SA40907
SA41434
SA41917
SOLUTION:
Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Updated packages are available via Red Hat Network
| VAR-201011-0239 | CVE-2010-3646 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information:
SA38547
SA40026
SA40907
SA41434
SA41917
SOLUTION:
Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Updated packages are available via Red Hat Network
| VAR-201011-0240 | CVE-2010-3647 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information:
SA38547
SA40026
SA40907
SA41434
SA41917
SOLUTION:
Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Updated packages are available via Red Hat Network
| VAR-201011-0238 | CVE-2010-3645 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information:
SA38547
SA40026
SA40907
SA41434
SA41917
SOLUTION:
Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Updated packages are available via Red Hat Network
| VAR-201011-0237 | CVE-2010-3644 | Adobe Flash Player Vulnerabilities in arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Executed any code or denial of service (DoS) There are vulnerabilities that cause a condition. This vulnerability is CVE-2010-3640 , CVE-2010-3641 , CVE-2010-3642 , CVE-2010-3643 , CVE-2010-3645 , CVE-2010-3646 , CVE-2010-3647 , CVE-2010-3648 , CVE-2010-3649 , CVE-2010-3650 and CVE-2010-3652 This is a different vulnerability.Arbitrary code execution or denial of service by an attacker (DoS) May be in a state. Adobe Flash Player is prone to a remote memory corruption vulnerability.
An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information:
SA38547
SA40026
SA40907
SA41434
SA41917
SOLUTION:
Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Updated packages are available via Red Hat Network
| VAR-201011-0236 | CVE-2010-3643 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information:
SA38547
SA40026
SA40907
SA41434
SA41917
SOLUTION:
Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Updated packages are available via Red Hat Network
| VAR-201011-0234 | CVE-2010-3641 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information:
SA38547
SA40026
SA40907
SA41434
SA41917
SOLUTION:
Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Updated packages are available via Red Hat Network
| VAR-201011-0231 | CVE-2010-3638 | Mac OS X Run on Adobe Flash Player Vulnerability in which important information is obtained |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Mac OS X, when Safari is used, allows attackers to obtain sensitive information via unknown vectors. Adobe Flash Player is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks.
NOTE: This issue only affects Apple Safari running on Mac OS X.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an unspecified error and can be
exploited to execute arbitrary code.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201011-0235 | CVE-2010-3642 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information:
SA38547
SA40026
SA40907
SA41434
SA41917
SOLUTION:
Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Updated packages are available via Red Hat Network
| VAR-201011-0233 | CVE-2010-3640 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information:
SA38547
SA40026
SA40907
SA41434
SA41917
SOLUTION:
Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Updated packages are available via Red Hat Network