VARIoT IoT vulnerabilities database
| VAR-201011-0224 | CVE-2010-3039 | Cisco CUCM of /usr/local/cm/bin/pktCap_protectData Vulnerable to arbitrary command execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930.
Attackers can exploit this issue to gain administrative access to the affected device and execute arbitrary code with superuser privileges. Successful exploits will lead to the complete compromise of the device.
This issue is tracked by Cisco Bug ID CSCti52041 and CSCti74930. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco Unified Communications Manager Privilege Escalation
Vulnerability
SECUNIA ADVISORY ID:
SA42129
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42129/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42129
RELEASE DATE:
2010-11-09
DISCUSS ADVISORY:
http://secunia.com/advisories/42129/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42129/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42129
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Cisco Unified Communications
Manager, which can be exploited by malicious users to gain escalated
privileges.
The vulnerability is caused due to an input validation error in the
"/usr/local/cm/bin/pktCap_protectData" setuid program when processing
options. This can be exploited e.g.
Please see the vendor's advisory for details on affected versions.
SOLUTION:
Update to the latest version. Please see the vendor's advisory for
more details.
PROVIDED AND/OR DISCOVERED BY:
Knud Erik H\xf8jgaard, nSense
ORIGINAL ADVISORY:
Cisco:
http://tools.cisco.com/security/center/viewAlert.x?alertId=21656
NSENSE-2010-003:
http://www.nsense.fi/advisories/nsense_2010_003.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201011-0287 | No CVE | Trend Micro Titanium Maximum Security 2011 'tmtdi.sys' Local Elevation of Privilege Vulnerability |
CVSS V2: - CVSS V3: - Severity: MEDIUM |
Local users can execute arbitrary kernel mode code by running malicious programs. Trend Micro Titanium Maximum Security is a Trend Micro antivirus software cloud. Trend Micro Titanium Maximum Security 2011 The 'tmtdi.sys' driver has a pointer coverage vulnerability when processing IOCTL 0x220404 requests, and a local attacker can exploit the vulnerability to execute arbitrary code with SYSTEM privileges. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Trend Micro Titanium Maximum Security 2011 IOCTL Handling
Vulnerability
SECUNIA ADVISORY ID:
SA42012
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42012/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42012
RELEASE DATE:
2010-11-03
DISCUSS ADVISORY:
http://secunia.com/advisories/42012/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42012/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42012
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Trend Micro Titanium Maximum
Security 2011, which can be exploited by malicious, local users to
gain escalated privileges. Other
versions may also be affected.
SOLUTION:
Restrict access to trusted users only.
PROVIDED AND/OR DISCOVERED BY:
Nikita Tarakanov, CISS Research Team
ORIGINAL ADVISORY:
http://www.exploit-db.com/exploits/15376/
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201011-0244 | CVE-2010-3652 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3650. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information:
SA38547
SA40026
SA40907
SA41434
SA41917
SOLUTION:
Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Updated packages are available via Red Hat Network
| VAR-201011-0243 | CVE-2010-3650 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information:
SA38547
SA40026
SA40907
SA41434
SA41917
SOLUTION:
Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Updated packages are available via Red Hat Network
| VAR-201011-0242 | CVE-2010-3649 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information:
SA38547
SA40026
SA40907
SA41434
SA41917
SOLUTION:
Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Updated packages are available via Red Hat Network
| VAR-201011-0241 | CVE-2010-3648 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information:
SA38547
SA40026
SA40907
SA41434
SA41917
SOLUTION:
Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Updated packages are available via Red Hat Network
| VAR-201011-0239 | CVE-2010-3646 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information:
SA38547
SA40026
SA40907
SA41434
SA41917
SOLUTION:
Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Updated packages are available via Red Hat Network
| VAR-201011-0240 | CVE-2010-3647 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information:
SA38547
SA40026
SA40907
SA41434
SA41917
SOLUTION:
Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Updated packages are available via Red Hat Network
| VAR-201011-0238 | CVE-2010-3645 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information:
SA38547
SA40026
SA40907
SA41434
SA41917
SOLUTION:
Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Updated packages are available via Red Hat Network
| VAR-201011-0237 | CVE-2010-3644 | Adobe Flash Player Vulnerabilities in arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Executed any code or denial of service (DoS) There are vulnerabilities that cause a condition. This vulnerability is CVE-2010-3640 , CVE-2010-3641 , CVE-2010-3642 , CVE-2010-3643 , CVE-2010-3645 , CVE-2010-3646 , CVE-2010-3647 , CVE-2010-3648 , CVE-2010-3649 , CVE-2010-3650 and CVE-2010-3652 This is a different vulnerability.Arbitrary code execution or denial of service by an attacker (DoS) May be in a state. Adobe Flash Player is prone to a remote memory corruption vulnerability.
An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information:
SA38547
SA40026
SA40907
SA41434
SA41917
SOLUTION:
Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Updated packages are available via Red Hat Network
| VAR-201011-0236 | CVE-2010-3643 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information:
SA38547
SA40026
SA40907
SA41434
SA41917
SOLUTION:
Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Updated packages are available via Red Hat Network
| VAR-201011-0234 | CVE-2010-3641 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information:
SA38547
SA40026
SA40907
SA41434
SA41917
SOLUTION:
Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Updated packages are available via Red Hat Network
| VAR-201011-0231 | CVE-2010-3638 | Mac OS X Run on Adobe Flash Player Vulnerability in which important information is obtained |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Mac OS X, when Safari is used, allows attackers to obtain sensitive information via unknown vectors. Adobe Flash Player is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks.
NOTE: This issue only affects Apple Safari running on Mac OS X.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an unspecified error and can be
exploited to execute arbitrary code.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201011-0235 | CVE-2010-3642 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information:
SA38547
SA40026
SA40907
SA41434
SA41917
SOLUTION:
Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Updated packages are available via Red Hat Network
| VAR-201011-0233 | CVE-2010-3640 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. Adobe Flash Player Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information:
SA38547
SA40026
SA40907
SA41434
SA41917
SOLUTION:
Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Updated packages are available via Red Hat Network
| VAR-201011-0232 | CVE-2010-3639 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Adobe Flash Player is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause the affected application to stop responding or crash. Due to the nature of this issue, arbitrary code-execution may be possible; this has not been confirmed.
NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Impact
======
A remote attacker could entice a user to open a specially crafted SWF
file, possibly resulting in the execution of arbitrary code with the
privileges of the user running the application, or a Denial of Service.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For more information:
SA38547
SA40026
SA40907
SA41434
SA41917
SOLUTION:
Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA41917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
RELEASE DATE:
2010-10-29
DISCUSS ADVISORY:
http://secunia.com/advisories/41917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Adobe Flash Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 10.1.85.3 running on a
fully patched Windows XP Professional SP3. Other versions may also be
affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Adobe plans to release a fixed version on November 9, 2010.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
Adobe APSA10-05:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.
For more information:
SA41917
SOLUTION:
Updated packages are available via Red Hat Network
| VAR-201011-0294 | No CVE | Xerox 4595 Copier/Printer Unknown Remote Denial of Service Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
The Xerox 4595 Copier/Printer is a print copy machine. The Xerox 4595 Copier/Printer has an unidentified vulnerability that allows a remote attacker to restart the device and cause a denial of service attack. Xerox 4595 Copier/Printer is prone to an unspecified remote denial-of-service vulnerability.
4595 Copier/Printer with firmware prior to 1.224.255 are vulnerable
| VAR-201011-0198 | CVE-2010-4104 | HP Insight Orchestration Vulnerable to reading arbitrary files |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to read arbitrary files via unknown vectors.
An attacker can exploit this issue to bypass certain security restrictions, perform unauthorized actions, or view arbitrary files within the context of the vulnerable application. Information harvested may aid in launching further attacks.
HP Insight Orchestration versions prior to 6.2 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02573285
Version: 1
HPSBMA02606 SSRT100321 rev.1 - HP Insight Orchestration Software for Windows, Remote Arbitrary File Download, Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
References: CVE-2010-4104 (arbitrary file download), CVE-2010-4105 (unauthorized access)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2010-4104 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2010-4105 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided HP Insight Orchestration software v6.2 or subsequent to resolve the vulnerability
The HP Insight Orchestration software updates are contained on Insight Software DVD images. These DVD images are available here.
http://h18013.www1.hp.com/products/servers/management/fpdownload.html
PRODUCT SPECIFIC INFORMATION
None
HISTORY
Version: 1 (rev.1) - 28 October 2010 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2010 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkzJeqIACgkQ4B86/C0qfVkJ/gCfeQZ+bKrVTmDonNEKYSJJcIcj
JbwAniEzn8y2zPmlP4A4ePQIygObtmOX
=XD6o
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
HP Insight Orchestration Two Vulnerabilities
SECUNIA ADVISORY ID:
SA42036
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42036/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42036
RELEASE DATE:
2010-10-30
DISCUSS ADVISORY:
http://secunia.com/advisories/42036/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42036/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42036
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities have been reported in HP Insight Orchestration,
which can be exploited by malicious people to disclose sensitive
information and bypass certain security restrictions.
No further information is currently available.
The vulnerabilities are reported in versions prior to 6.2 running on
Windows.
SOLUTION:
Update to version 6.2 or later.
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
HPSBMA02606 SSRT100321:
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02573285
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201011-0199 | CVE-2010-4105 | HP Insight Orchestration Unknown Permissions and Access Control Vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to bypass intended access restrictions, and obtain sensitive information or modify data, via unknown vectors. HP Insight Orchestration software provides an excellent set of tools to simplify tedious setup tasks, accelerate coordination between server, network and storage teams, and achieve superior consistency with standard templates, automation, and integration with IT processes. Reduce configuration errors. An unknown vulnerability exists in versions prior to HP Insight Orchestration 6.2. An unspecified error allows an attacker to gain unauthorized access.
An attacker can exploit this issue to bypass certain security restrictions, perform unauthorized actions, or view arbitrary files within the context of the vulnerable application. Information harvested may aid in launching further attacks. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02573285
Version: 1
HPSBMA02606 SSRT100321 rev.1 - HP Insight Orchestration Software for Windows, Remote Arbitrary File Download, Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
References: CVE-2010-4104 (arbitrary file download), CVE-2010-4105 (unauthorized access)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. These DVD images are available here.
http://h18013.www1.hp.com/products/servers/management/fpdownload.html
PRODUCT SPECIFIC INFORMATION
None
HISTORY
Version: 1 (rev.1) - 28 October 2010 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2010 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkzJeqIACgkQ4B86/C0qfVkJ/gCfeQZ+bKrVTmDonNEKYSJJcIcj
JbwAniEzn8y2zPmlP4A4ePQIygObtmOX
=XD6o
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
HP Insight Orchestration Two Vulnerabilities
SECUNIA ADVISORY ID:
SA42036
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42036/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42036
RELEASE DATE:
2010-10-30
DISCUSS ADVISORY:
http://secunia.com/advisories/42036/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42036/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42036
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities have been reported in HP Insight Orchestration,
which can be exploited by malicious people to disclose sensitive
information and bypass certain security restrictions.
No further information is currently available.
The vulnerabilities are reported in versions prior to 6.2 running on
Windows.
SOLUTION:
Update to version 6.2 or later.
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
HPSBMA02606 SSRT100321:
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02573285
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201011-0150 | CVE-2010-2583 | SonicWALL SSL-VPN End-Point Vulnerable to stack-based buffer overflow |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method. The SonicWALL SSL-VPN E-Class ActiveX control is prone to multiple buffer-overflow vulnerabilities because the application fails to adequately check boundaries on user-supplied input. Failed attacks will likely cause denial-of-service conditions.
These issues affects SonicWALL E-Class SSL-VPN 10.5.1.117 and all previous versions as well as 10.0.5 without hotfix; other versions may also be vulnerable.
======================================================================
2) Severity
Rating: Highly critical
Impact: System access
Where: Remote
======================================================================
3) Vendor's Description of Software
"The End-Point Interrogator/Installer ActiveX control provides
software installation and interrogation functionality and is used by
the SonicWALL SSL-VPN E-Class remote access devices."
Product Link:
http://www.sonicwall.com/us/products/506.html
======================================================================
4) Description of Vulnerability
Secunia Research has discovered a vulnerability in SonicWALL SSL-VPN
End-Point Interrogator/Installer ActiveX Control, which can be
exploited by malicious people to compromise a user's system. This can be exploited to
cause a stack-based buffer overflow via overly long values.
Successful exploitation allows execution of arbitrary code.
======================================================================
5) Solution
Update to version 10.5.2 and apply hotfix 3 for version 10.0.5.
======================================================================
6) Time Table
28/09/2010 - Vendor notified.
28/09/2010 - Vendor response.
10/10/2010 - Vendor confirms the vulnerability.
26/10/2010 - Vendor releases fixed version.
29/10/2010 - Public disclosure.
======================================================================
7) Credits
Discovered by Dmitriy Pletnev, Secunia Research.
======================================================================
8) References
The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2010-2583 for the vulnerability.
======================================================================
9) About Secunia
Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:
http://secunia.com/secunia_research/
Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:
http://secunia.com/corporate/jobs/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/advisories/mailing_lists/
======================================================================
10) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2010-117/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control
Buffer Overflow
SECUNIA ADVISORY ID:
SA41644
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41644/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41644
RELEASE DATE:
2010-10-30
DISCUSS ADVISORY:
http://secunia.com/advisories/41644/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41644/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41644
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Secunia Research has discovered a vulnerability in SonicWALL SSL-VPN
End-Point Interrogator/Installer ActiveX Control, which can be
exploited by malicious people to compromise a user's system.
ORIGINAL ADVISORY:
SonicWALL:
http://software.sonicwall.com/Aventail/KB/hotfix/10.0.5/clt-hotfix-10_0_5-003.txt
Secunia Research:
http://secunia.com/secunia_research/2010-117/
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------