SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Multimedia)  >   Adobe Flash Vendors:   Adobe Systems Incorporated
Adobe Flash Player Flaw Lets Remote Users Issue Cross-Domain Requests
SecurityTracker Alert ID:  1023585
SecurityTracker URL:  http://securitytracker.com/id/1023585
CVE Reference:   CVE-2010-0186, CVE-2010-0187   (Links to External Site)
Date:  Feb 12 2010
Impact:   Denial of service via network, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.0.42.34 and prior versions
Description:   Two vulnerabilities were reported in Adobe Flash Player. A remote user can conduct cross-domain request attacks. A remote user can cause denial of service conditions.

A remote user can create specially crafted content that, when loaded by a target user, will bypass the domain sandbox controls and issue requests to other domains [CVE-2010-0186].

A remote user can also cause denial of service conditions [CVE-2010-0187].

Adobe AIR is also affected.

Michael Yong Park reported the cross-domain request vulnerability.

Impact:   A remote user can conduct cross-domain request attacks.
Solution:   The vendor has issued a fix (10.0.45.2).

The vendor's advisory is available at:

http://www.adobe.com/support/security/bulletins/apsb10-06.html

Vendor URL:  www.adobe.com/support/security/bulletins/apsb10-06.html (Links to External Site)
Cause:   Access control error
Underlying OS:   Linux (Any), UNIX (OS X), UNIX (Solaris - SunOS), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Feb 12 2010 (Red Hat Issues Fix) Adobe Flash Player Flaw Lets Remote Users Issue Cross-Domain Requests   (bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Enterprise Linux 5 Supplementary.
Feb 12 2010 (Red Hat Issues Fix) Adobe Flash Player Flaw Lets Remote Users Issue Cross-Domain Requests   (bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Enterprise Linux 3 and 4 Extras.
Feb 18 2010 (Red Hat Issues Fix) Adobe Flash Player Flaw Lets Remote Users Issue Cross-Domain Requests   (bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Enterprise Linux 4 and 5.
Apr 13 2010 (Sun Issues Fix) Adobe Flash Player Flaw Lets Remote Users Issue Cross-Domain Requests
Sun has issued a fix for Solaris 10 and OpenSolaris.
Jun 15 2010 (Red Hat Issues Fix) Adobe Flash Player Flaw Lets Remote Users Issue Cross-Domain Requests   (bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Enterprise Linux 3 and 4.
Jun 16 2010 (Apple Issues Fix) Adobe Flash Player Flaw Lets Remote Users Issue Cross-Domain Requests
Apple has issued a fix for Mac OS X.



 Source Message Contents

Date:  Fri, 12 Feb 2010 00:38:49 +0000
Subject:  Adobe Flash Player


CVE-2010-0186, CVE-2010-0187

http://www.adobe.com/support/security/bulletins/apsb10-06.html
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC