Vulnerability Details : CVE-2010-2173
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newclass (0x58) operator, a different vulnerability than CVE-2010-2174.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2010-2173
Probability of exploitation activity in the next 30 days: 1.37%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2173
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2010-2173
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2173
-
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:013
-
http://www.vupen.com/english/advisories/2010/1453
Webmail | OVH- OVH
-
http://www.vupen.com/english/advisories/2010/1793
Webmail | OVH- OVH
- http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
-
http://www.vupen.com/english/advisories/2010/1432
Webmail | OVH- OVH
-
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
Apple - Lists.apple.com
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6762
Repository / Oval Repository
-
http://www.redhat.com/support/errata/RHSA-2010-0470.html
Support
-
http://securitytracker.com/id?1024085
Adobe Flash Player Multiple Flaws Let Remote Users Execute Arbitary Code, Conduct Cross-Site Scripting Attacks, and Deny Service - SecurityTracker
-
http://security.gentoo.org/glsa/glsa-201101-09.xml
Adobe Flash Player: Multiple vulnerabilities (GLSA 201101-09) — Gentoo security
-
http://www.vupen.com/english/advisories/2010/1482
Webmail | OVH- OVH
-
http://www.us-cert.gov/cas/techalerts/TA10-162A.html
Adobe Flash and AIR Vulnerabilities | CISAUS Government Resource
-
http://support.apple.com/kb/HT4435
We're sorry.
-
http://www.vupen.com/english/advisories/2010/1522
Webmail | OVH- OVH
-
http://www.vupen.com/english/advisories/2010/1434
Webmail | OVH- OVH
-
http://securitytracker.com/id?1024086
Adobe AIR Multiple Flaws Let Remote Users Execute Arbitary Code, Conduct Cross-Site Scripting Attacks, and Deny Service - SecurityTracker
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16261
Repository / Oval Repository
-
http://www.redhat.com/support/errata/RHSA-2010-0464.html
Support
- http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt
-
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html
[security-announce] SUSE Security Announcement: flash player (SUSE-SA:20
-
http://www.securityfocus.com/bid/40800
Adobe Flash Player and AIR (CVE-2010-2173) Invalid Pointer Remote Code Execution Vulnerability
-
http://www.securityfocus.com/bid/40759
RETIRED: Adobe Flash Player 10.0.45.2 and AIR 1.5.3.9130 Multiple Remote Vulnerabilities
-
http://www.vupen.com/english/advisories/2011/0192
Webmail | OVH- OVH
-
http://www.securityfocus.com/archive/1/511848/100/0/threaded
SecurityFocus
-
http://www.vupen.com/english/advisories/2010/1421
Webmail | OVH- OVH
-
http://www.adobe.com/support/security/bulletins/apsb10-14.html
Adobe - Security Bulletins: APSB10-14 Security update available for Adobe Flash PlayerVendor Advisory;Patch
Products affected by CVE-2010-2173
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:air:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:air:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:air:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:air:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:air:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:air:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:flash_player:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:flash_player:5.0.58.0:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:flash_player:5.0.41.0:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:flash_player:5.0.42.0:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:flash_player:5.0.30.0:*:*:*:*:*:*:*