CVE-2010-3636 - Vulnerability Details

Vendors	Products
Adobe	Flash Player
Apple	Mac Os X
Google	Android
Linux	Linux Kernel
Microsoft	Windows
Redhat	Rhel Extras
Sun	Solaris

Package	CPE	Advisory	Released Date
Extras for RHEL 4
flash-plugin-0:9.0.289.0-1.el4	cpe:/a:redhat:rhel_extras:4	RHSA-2010:0834	2010-11-08T00:00:00Z
Red Hat Enterprise Linux 6 Supplementary
flash-plugin-0:10.1.102.64-1.el6	cpe:/a:redhat:rhel_extras:6	RHSA-2010:0867	2010-11-10T00:00:00Z
Supplementary for Red Hat Enterprise Linux 5
flash-plugin-0:10.1.102.64-1.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2010:0829	2010-11-06T00:00:00Z

Link	Providers
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1
http://jvn.jp/en/jp/JVN48425028/index.html
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html
http://marc.info/?l=bugtraq&m=130331642631603&w=2
http://secunia.com/advisories/42183
http://secunia.com/advisories/42926
http://secunia.com/advisories/43026
http://security.gentoo.org/glsa/glsa-201101-09.xml
http://support.apple.com/kb/HT4435
http://www.adobe.com/support/security/bulletins/apsb10-26.html
http://www.redhat.com/support/errata/RHSA-2010-0829.html
http://www.redhat.com/support/errata/RHSA-2010-0834.html
http://www.redhat.com/support/errata/RHSA-2010-0867.html
http://www.securityfocus.com/bid/44691
http://www.vupen.com/english/advisories/2010/2903
http://www.vupen.com/english/advisories/2010/2906
http://www.vupen.com/english/advisories/2010/2918
http://www.vupen.com/english/advisories/2011/0173
http://www.vupen.com/english/advisories/2011/0192
https://nvd.nist.gov/vuln/detail/CVE-2010-3636
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913
https://www.cve.org/CVERecord?id=CVE-2010-3636

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-11-04T00:00:00", "descriptions": [{"lang": "en", "value": "Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"name": "ADV-2011-0192", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0192"}, {"name": "42183", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42183"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT4435"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1"}, {"name": "43026", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43026"}, {"name": "GLSA-201101-09", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"}, {"name": "ADV-2010-2918", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2918"}, {"name": "44691", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/44691"}, {"name": "APPLE-SA-2010-11-10-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"name": "JVNDB-2010-000054", "tags": ["third-party-advisory", "x_refsource_JVNDB"], "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html"}, {"name": "RHSA-2010:0834", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0834.html"}, {"name": "SUSE-SA:2010:055", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html"}, {"name": "42926", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42926"}, {"name": "SSRT100428", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2"}, {"name": "ADV-2010-2903", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2903"}, {"name": "HPSBMA02663", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2"}, {"name": "ADV-2011-0173", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0173"}, {"name": "JVN#48425028", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN48425028/index.html"}, {"name": "oval:org.mitre.oval:def:15913", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html"}, {"name": "oval:org.mitre.oval:def:12142", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142"}, {"name": "ADV-2010-2906", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2906"}, {"name": "RHSA-2010:0867", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0867.html"}, {"name": "RHSA-2010:0829", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0829.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "ID": "CVE-2010-3636", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2011-0192", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0192"}, {"name": "42183", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42183"}, {"name": "http://support.apple.com/kb/HT4435", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4435"}, {"name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1", "refsource": "CONFIRM", "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1"}, {"name": "43026", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43026"}, {"name": "GLSA-201101-09", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"}, {"name": "ADV-2010-2918", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2918"}, {"name": "44691", "refsource": "BID", "url": "http://www.securityfocus.com/bid/44691"}, {"name": "APPLE-SA-2010-11-10-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"name": "JVNDB-2010-000054", "refsource": "JVNDB", "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html"}, {"name": "RHSA-2010:0834", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0834.html"}, {"name": "SUSE-SA:2010:055", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html"}, {"name": "42926", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42926"}, {"name": "SSRT100428", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2"}, {"name": "ADV-2010-2903", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2903"}, {"name": "HPSBMA02663", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2"}, {"name": "ADV-2011-0173", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0173"}, {"name": "JVN#48425028", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN48425028/index.html"}, {"name": "oval:org.mitre.oval:def:15913", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913"}, {"name": "http://www.adobe.com/support/security/bulletins/apsb10-26.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html"}, {"name": "oval:org.mitre.oval:def:12142", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142"}, {"name": "ADV-2010-2906", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2906"}, {"name": "RHSA-2010:0867", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0867.html"}, {"name": "RHSA-2010:0829", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0829.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:18:53.106Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2011-0192", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0192"}, {"name": "42183", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42183"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT4435"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1"}, {"name": "43026", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43026"}, {"name": "GLSA-201101-09", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"}, {"name": "ADV-2010-2918", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/2918"}, {"name": "44691", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/44691"}, {"name": "APPLE-SA-2010-11-10-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"name": "JVNDB-2010-000054", "tags": ["third-party-advisory", "x_refsource_JVNDB", "x_transferred"], "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html"}, {"name": "RHSA-2010:0834", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0834.html"}, {"name": "SUSE-SA:2010:055", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html"}, {"name": "42926", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42926"}, {"name": "SSRT100428", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2"}, {"name": "ADV-2010-2903", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/2903"}, {"name": "HPSBMA02663", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2"}, {"name": "ADV-2011-0173", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0173"}, {"name": "JVN#48425028", "tags": ["third-party-advisory", "x_refsource_JVN", "x_transferred"], "url": "http://jvn.jp/en/jp/JVN48425028/index.html"}, {"name": "oval:org.mitre.oval:def:15913", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html"}, {"name": "oval:org.mitre.oval:def:12142", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142"}, {"name": "ADV-2010-2906", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/2906"}, {"name": "RHSA-2010:0867", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0867.html"}, {"name": "RHSA-2010:0829", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0829.html"}]}]}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2010-3636", "datePublished": "2010-11-07T21:00:00", "dateReserved": "2010-09-28T00:00:00", "dateUpdated": "2024-08-07T03:18:53.106Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2010-11-04T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-09-18T12:57:01 (string)

orgId : 078d4453-3bcd-4900-85e6-15281da43538 (string)

shortName : adobe (string)

}

references : [ »

0 : { »

name : ADV-2011-0192 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

]

url : http://www.vupen.com/english/advisories/2011/0192 (string)

}

1 : { »

name : 42183 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/42183 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://support.apple.com/kb/HT4435 (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1 (string)

}

4 : { »

name : 43026 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/43026 (string)

}

5 : { »

name : GLSA-201101-09 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : http://security.gentoo.org/glsa/glsa-201101-09.xml (string)

}

6 : { »

name : ADV-2010-2918 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

]

url : http://www.vupen.com/english/advisories/2010/2918 (string)

}

7 : { »

name : 44691 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/44691 (string)

}

8 : { »

name : APPLE-SA-2010-11-10-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_APPLE (string)

]

url : http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html (string)

}

9 : { »

name : JVNDB-2010-000054 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_JVNDB (string)

]

url : http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html (string)

}

10 : { »

name : RHSA-2010:0834 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://www.redhat.com/support/errata/RHSA-2010-0834.html (string)

}

11 : { »

name : SUSE-SA:2010:055 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html (string)

}

12 : { »

name : 42926 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/42926 (string)

}

13 : { »

name : SSRT100428 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_HP (string)

]

url : http://marc.info/?l=bugtraq&m=130331642631603&w=2 (string)

}

14 : { »

name : ADV-2010-2903 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

]

url : http://www.vupen.com/english/advisories/2010/2903 (string)

}

15 : { »

name : HPSBMA02663 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_HP (string)

]

url : http://marc.info/?l=bugtraq&m=130331642631603&w=2 (string)

}

16 : { »

name : ADV-2011-0173 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

]

url : http://www.vupen.com/english/advisories/2011/0173 (string)

}

17 : { »

name : JVN#48425028 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_JVN (string)

]

url : http://jvn.jp/en/jp/JVN48425028/index.html (string)

}

18 : { »

name : oval:org.mitre.oval:def:15913 (string)

tags : [ »

0 : vdb-entry (string)

1 : signature (string)

2 : x_refsource_OVAL (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913 (string)

}

19 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.adobe.com/support/security/bulletins/apsb10-26.html (string)

}

20 : { »

name : oval:org.mitre.oval:def:12142 (string)

tags : [ »

0 : vdb-entry (string)

1 : signature (string)

2 : x_refsource_OVAL (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142 (string)

}

21 : { »

name : ADV-2010-2906 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

]

url : http://www.vupen.com/english/advisories/2010/2906 (string)

}

22 : { »

name : RHSA-2010:0867 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://www.redhat.com/support/errata/RHSA-2010-0867.html (string)

}

23 : { »

name : RHSA-2010:0829 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://www.redhat.com/support/errata/RHSA-2010-0829.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@adobe.com (string)

ID : CVE-2010-3636 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : ADV-2011-0192 (string)

refsource : VUPEN (string)

url : http://www.vupen.com/english/advisories/2011/0192 (string)

}

1 : { »

name : 42183 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/42183 (string)

}

2 : { »

name : http://support.apple.com/kb/HT4435 (string)

refsource : CONFIRM (string)

url : http://support.apple.com/kb/HT4435 (string)

}

3 : { »

name : http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1 (string)

refsource : CONFIRM (string)

url : http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1 (string)

}

4 : { »

name : 43026 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/43026 (string)

}

5 : { »

name : GLSA-201101-09 (string)

refsource : GENTOO (string)

url : http://security.gentoo.org/glsa/glsa-201101-09.xml (string)

}

6 : { »

name : ADV-2010-2918 (string)

refsource : VUPEN (string)

url : http://www.vupen.com/english/advisories/2010/2918 (string)

}

7 : { »

name : 44691 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/44691 (string)

}

8 : { »

name : APPLE-SA-2010-11-10-1 (string)

refsource : APPLE (string)

url : http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html (string)

}

9 : { »

name : JVNDB-2010-000054 (string)

refsource : JVNDB (string)

url : http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html (string)

}

10 : { »

name : RHSA-2010:0834 (string)

refsource : REDHAT (string)

url : http://www.redhat.com/support/errata/RHSA-2010-0834.html (string)

}

11 : { »

name : SUSE-SA:2010:055 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html (string)

}

12 : { »

name : 42926 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/42926 (string)

}

13 : { »

name : SSRT100428 (string)

refsource : HP (string)

url : http://marc.info/?l=bugtraq&m=130331642631603&w=2 (string)

}

14 : { »

name : ADV-2010-2903 (string)

refsource : VUPEN (string)

url : http://www.vupen.com/english/advisories/2010/2903 (string)

}

15 : { »

name : HPSBMA02663 (string)

refsource : HP (string)

url : http://marc.info/?l=bugtraq&m=130331642631603&w=2 (string)

}

16 : { »

name : ADV-2011-0173 (string)

refsource : VUPEN (string)

url : http://www.vupen.com/english/advisories/2011/0173 (string)

}

17 : { »

name : JVN#48425028 (string)

refsource : JVN (string)

url : http://jvn.jp/en/jp/JVN48425028/index.html (string)

}

18 : { »

name : oval:org.mitre.oval:def:15913 (string)

refsource : OVAL (string)

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913 (string)

}

19 : { »

name : http://www.adobe.com/support/security/bulletins/apsb10-26.html (string)

refsource : CONFIRM (string)

url : http://www.adobe.com/support/security/bulletins/apsb10-26.html (string)

}

20 : { »

name : oval:org.mitre.oval:def:12142 (string)

refsource : OVAL (string)

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142 (string)

}

21 : { »

name : ADV-2010-2906 (string)

refsource : VUPEN (string)

url : http://www.vupen.com/english/advisories/2010/2906 (string)

}

22 : { »

name : RHSA-2010:0867 (string)

refsource : REDHAT (string)

url : http://www.redhat.com/support/errata/RHSA-2010-0867.html (string)

}

23 : { »

name : RHSA-2010:0829 (string)

refsource : REDHAT (string)

url : http://www.redhat.com/support/errata/RHSA-2010-0829.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-07T03:18:53.106Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : ADV-2011-0192 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

2 : x_transferred (string)

]

url : http://www.vupen.com/english/advisories/2011/0192 (string)

}

1 : { »

name : 42183 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/42183 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://support.apple.com/kb/HT4435 (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1 (string)

}

4 : { »

name : 43026 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/43026 (string)

}

5 : { »

name : GLSA-201101-09 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : http://security.gentoo.org/glsa/glsa-201101-09.xml (string)

}

6 : { »

name : ADV-2010-2918 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

2 : x_transferred (string)

]

url : http://www.vupen.com/english/advisories/2010/2918 (string)

}

7 : { »

name : 44691 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/44691 (string)

}

8 : { »

name : APPLE-SA-2010-11-10-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_APPLE (string)

2 : x_transferred (string)

]

url : http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html (string)

}

9 : { »

name : JVNDB-2010-000054 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_JVNDB (string)

2 : x_transferred (string)

]

url : http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html (string)

}

10 : { »

name : RHSA-2010:0834 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://www.redhat.com/support/errata/RHSA-2010-0834.html (string)

}

11 : { »

name : SUSE-SA:2010:055 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html (string)

}

12 : { »

name : 42926 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/42926 (string)

}

13 : { »

name : SSRT100428 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_HP (string)

2 : x_transferred (string)

]

url : http://marc.info/?l=bugtraq&m=130331642631603&w=2 (string)

}

14 : { »

name : ADV-2010-2903 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

2 : x_transferred (string)

]

url : http://www.vupen.com/english/advisories/2010/2903 (string)

}

15 : { »

name : HPSBMA02663 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_HP (string)

2 : x_transferred (string)

]

url : http://marc.info/?l=bugtraq&m=130331642631603&w=2 (string)

}

16 : { »

name : ADV-2011-0173 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

2 : x_transferred (string)

]

url : http://www.vupen.com/english/advisories/2011/0173 (string)

}

17 : { »

name : JVN#48425028 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_JVN (string)

2 : x_transferred (string)

]

url : http://jvn.jp/en/jp/JVN48425028/index.html (string)

}

18 : { »

name : oval:org.mitre.oval:def:15913 (string)

tags : [ »

0 : vdb-entry (string)

1 : signature (string)

2 : x_refsource_OVAL (string)

3 : x_transferred (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913 (string)

}

19 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.adobe.com/support/security/bulletins/apsb10-26.html (string)

}

20 : { »

name : oval:org.mitre.oval:def:12142 (string)

tags : [ »

0 : vdb-entry (string)

1 : signature (string)

2 : x_refsource_OVAL (string)

3 : x_transferred (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142 (string)

}

21 : { »

name : ADV-2010-2906 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

2 : x_transferred (string)

]

url : http://www.vupen.com/english/advisories/2010/2906 (string)

}

22 : { »

name : RHSA-2010:0867 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://www.redhat.com/support/errata/RHSA-2010-0867.html (string)

}

23 : { »

name : RHSA-2010:0829 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://www.redhat.com/support/errata/RHSA-2010-0829.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 078d4453-3bcd-4900-85e6-15281da43538 (string)

assignerShortName : adobe (string)

cveId : CVE-2010-3636 (string)

datePublished : 2010-11-07T21:00:00 (string)

dateReserved : 2010-09-28T00:00:00 (string)

dateUpdated : 2024-08-07T03:18:53.106Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "537D901A-6065-4910-82F0-96ED52993190", "versionEndExcluding": "9.0.289.0", "versionStartIncluding": "9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D98F767-E239-4C7A-AE9A-48E4BCE2DFEE", "versionEndExcluding": "10.1.102.64", "versionStartIncluding": "10.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}, {"criteria": "cpe:2.3:o:sun:solaris:-:*:*:*:*:*:*:*", "matchCriteriaId": "76B8E33C-4346-4318-B461-3C9547372C67", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C559189-78B4-4D65-B2C0-BE2A812B0FFE", "versionEndIncluding": "10.1.95.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors."}, {"lang": "es", "value": "Adobe Flash Player anterior v9.0.289.0 y v10.x anterior a v10.1.102.64 en Windows, Mac OS X, Linux, y Solaris, y v10.1.95.1 en Android, no maneja adecuadamente codificaciones no especificadas durante el parseo de los ficheros de pol\u00edticas de cruce de dominios, lo que permite a servidores web remotos evitar las restricciones de acceso a trav\u00e9s de vectores no especificados."}], "id": "CVE-2010-3636", "lastModified": "2024-11-21T01:19:16.527", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-11-07T22:00:01.863", "references": [{"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://jvn.jp/en/jp/JVN48425028/index.html"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html"}, {"source": "psirt@adobe.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html"}, {"source": "psirt@adobe.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2"}, {"source": "psirt@adobe.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/42183"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/42926"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/43026"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT4435"}, {"source": "psirt@adobe.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0829.html"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0834.html"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0867.html"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/44691"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2903"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2906"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2918"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0173"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0192"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://jvn.jp/en/jp/JVN48425028/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/42183"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/42926"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/43026"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT4435"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0829.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0834.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0867.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/44691"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2903"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2906"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2918"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0173"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0192"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 537D901A-6065-4910-82F0-96ED52993190 (string)

versionEndExcluding : 9.0.289.0 (string)

versionStartIncluding : 9.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 3D98F767-E239-4C7A-AE9A-48E4BCE2DFEE (string)

versionEndExcluding : 10.1.102.64 (string)

versionStartIncluding : 10.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 4781BF1E-8A4E-4AFF-9540-23D523EE30DD (string)

vulnerable : false (boolean)

}

1 : { »

criteria : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 703AF700-7A70-47E2-BC3A-7FD03B3CA9C1 (string)

vulnerable : false (boolean)

}

2 : { »

criteria : cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A2572D17-1DE6-457B-99CC-64AFD54487EA (string)

vulnerable : false (boolean)

}

3 : { »

criteria : cpe:2.3:o:sun:solaris:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 76B8E33C-4346-4318-B461-3C9547372C67 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 3C559189-78B4-4D65-B2C0-BE2A812B0FFE (string)

versionEndIncluding : 10.1.95.1 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:google:android:-:*:*:*:*:*:*:* (string)

matchCriteriaId : F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors. (string)

}

1 : { »

lang : es (string)

value : Adobe Flash Player anterior v9.0.289.0 y v10.x anterior a v10.1.102.64 en Windows, Mac OS X, Linux, y Solaris, y v10.1.95.1 en Android, no maneja adecuadamente codificaciones no especificadas durante el parseo de los ficheros de políticas de cruce de dominios, lo que permite a servidores web remotos evitar las restricciones de acceso a través de vectores no especificados. (string)

}

]

id : CVE-2010-3636 (string)

lastModified : 2024-11-21T01:19:16.527 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 9.3 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:M/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2010-11-07T22:00:01.863 (string)

references : [ »

0 : { »

source : psirt@adobe.com (string)

tags : [ »

0 : Broken Link (string)

]

url : http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1 (string)

}

1 : { »

source : psirt@adobe.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://jvn.jp/en/jp/JVN48425028/index.html (string)

}

2 : { »

source : psirt@adobe.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html (string)

}

3 : { »

source : psirt@adobe.com (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html (string)

}

4 : { »

source : psirt@adobe.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html (string)

}

5 : { »

source : psirt@adobe.com (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://marc.info/?l=bugtraq&m=130331642631603&w=2 (string)

}

6 : { »

source : psirt@adobe.com (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://marc.info/?l=bugtraq&m=130331642631603&w=2 (string)

}

7 : { »

source : psirt@adobe.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/42183 (string)

}

8 : { »

source : psirt@adobe.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/42926 (string)

}

9 : { »

source : psirt@adobe.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/43026 (string)

}

10 : { »

source : psirt@adobe.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://security.gentoo.org/glsa/glsa-201101-09.xml (string)

}

11 : { »

source : psirt@adobe.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://support.apple.com/kb/HT4435 (string)

}

12 : { »

source : psirt@adobe.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www.adobe.com/support/security/bulletins/apsb10-26.html (string)

}

13 : { »

source : psirt@adobe.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.redhat.com/support/errata/RHSA-2010-0829.html (string)

}

14 : { »

source : psirt@adobe.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.redhat.com/support/errata/RHSA-2010-0834.html (string)

}

15 : { »

source : psirt@adobe.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.redhat.com/support/errata/RHSA-2010-0867.html (string)

}

16 : { »

source : psirt@adobe.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/44691 (string)

}

17 : { »

source : psirt@adobe.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.vupen.com/english/advisories/2010/2903 (string)

}

18 : { »

source : psirt@adobe.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.vupen.com/english/advisories/2010/2906 (string)

}

19 : { »

source : psirt@adobe.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.vupen.com/english/advisories/2010/2918 (string)

}

20 : { »

source : psirt@adobe.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.vupen.com/english/advisories/2011/0173 (string)

}

21 : { »

source : psirt@adobe.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.vupen.com/english/advisories/2011/0192 (string)

}

22 : { »

source : psirt@adobe.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142 (string)

}

23 : { »

source : psirt@adobe.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913 (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1 (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://jvn.jp/en/jp/JVN48425028/index.html (string)

}

26 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html (string)

}

27 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html (string)

}

28 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html (string)

}

29 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://marc.info/?l=bugtraq&m=130331642631603&w=2 (string)

}

30 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://marc.info/?l=bugtraq&m=130331642631603&w=2 (string)

}

31 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/42183 (string)

}

32 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/42926 (string)

}

33 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/43026 (string)

}

34 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://security.gentoo.org/glsa/glsa-201101-09.xml (string)

}

35 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://support.apple.com/kb/HT4435 (string)

}

36 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www.adobe.com/support/security/bulletins/apsb10-26.html (string)

}

37 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.redhat.com/support/errata/RHSA-2010-0829.html (string)

}

38 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.redhat.com/support/errata/RHSA-2010-0834.html (string)

}

39 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.redhat.com/support/errata/RHSA-2010-0867.html (string)

}

40 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/44691 (string)

}

41 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.vupen.com/english/advisories/2010/2903 (string)

}

42 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.vupen.com/english/advisories/2010/2906 (string)

}

43 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.vupen.com/english/advisories/2010/2918 (string)

}

44 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.vupen.com/english/advisories/2011/0173 (string)

}

45 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.vupen.com/english/advisories/2011/0192 (string)

}

46 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142 (string)

}

47 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913 (string)

}

]

sourceIdentifier : psirt@adobe.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-264 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2010:0834", "cpe": "cpe:/a:redhat:rhel_extras:4", "package": "flash-plugin-0:9.0.289.0-1.el4", "product_name": "Extras for RHEL 4", "release_date": "2010-11-08T00:00:00Z"}, {"advisory": "RHSA-2010:0867", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "flash-plugin-0:10.1.102.64-1.el6", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2010-11-10T00:00:00Z"}, {"advisory": "RHSA-2010:0829", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "flash-plugin-0:10.1.102.64-1.el5", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2010-11-06T00:00:00Z"}], "bugzilla": {"description": "flash-plugin: security bulletin APSB10-26", "id": "649938", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=649938"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors."], "name": "CVE-2010-3636", "public_date": "2010-11-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-3636\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-3636"], "threat_severity": "Critical"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2010:0834 (string)

cpe : cpe:/a:redhat:rhel_extras:4 (string)

package : flash-plugin-0:9.0.289.0-1.el4 (string)

product_name : Extras for RHEL 4 (string)

release_date : 2010-11-08T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2010:0867 (string)

cpe : cpe:/a:redhat:rhel_extras:6 (string)

package : flash-plugin-0:10.1.102.64-1.el6 (string)

product_name : Red Hat Enterprise Linux 6 Supplementary (string)

release_date : 2010-11-10T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2010:0829 (string)

cpe : cpe:/a:redhat:rhel_extras:5 (string)

package : flash-plugin-0:10.1.102.64-1.el5 (string)

product_name : Supplementary for Red Hat Enterprise Linux 5 (string)

release_date : 2010-11-06T00:00:00Z (string)

}

]

bugzilla : { »

description : flash-plugin: security bulletin APSB10-26 (string)

id : 649938 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=649938 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 6.8 (string)

cvss_scoring_vector : AV:N/AC:M/Au:N/C:P/I:P/A:P (string)

status : verified (string)

}

details : [ »

0 : Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors. (string)

]

name : CVE-2010-3636 (string)

public_date : 2010-11-04T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2010-3636 https://nvd.nist.gov/vuln/detail/CVE-2010-3636 (string)

]

threat_severity : Critical (string)

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object