Upgrade: Flash Player 9.0.114.0 Timeline info 🔍 OpenVAS Name: FreeBSD Ports: linux-flashpluginĪctive APT Groups: 🔍 Countermeasures info Recommended: Upgrade
Nessus Name: Adobe Acrobat 9.x < 9.4.1 Multiple Vulnerabilities (APSB10-28) The entries 4211, 4209, 421 are pretty similar. The vulnerability is also documented in the databases at Vulnerability Center ( SBV-28066) and Tenable ( 50613). Upgrading to version 9.0.114.0 eliminates this vulnerability. The commercial vulnerability scanner Qualys is able to test this issue with plugin 118667 (Adobe Flash Player Unspecified Code Execution Vulnerability (APSB10-26)).
The vulnerability scanner Nessus provides a plugin with the ID 50613 (Adobe Acrobat 9.x < 9.4.1 Multiple Vulnerabilities (APSB10-28)), which helps to determine the existence of the flaw in a target environment. Technical details of the vulnerability are known, but there is no available exploit. No form of authentication is needed for a successful exploitation. The identification of this vulnerability is CVE-2010-3637 since. The weakness was disclosed with Fortinet's FortiGuard Labs (Website).
The summary by CVE is:Īn unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 (Flash10h.ocx) on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FLV video. Impacted is confidentiality, integrity, and availability. The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Using CWE to declare the problem leads to CWE-119. The manipulation with an unknown input leads to a memory corruption vulnerability. This issue affects an unknown code of the file Flash10h.ocx of the component ActiveX Control. A high score indicates an elevated risk to be targeted for this vulnerability.Ī vulnerability was found in Adobe Flash Player ( Multimedia Player Software). The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks.
0 kommentar(er)
