Vulnerability Details : CVE-2010-2174
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newfunction (0x44) operator, a different vulnerability than CVE-2010-2173.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2010-2174
Probability of exploitation activity in the next 30 days: 1.37%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2174
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2010-2174
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2174
-
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:013
-
http://www.securityfocus.com/bid/40805
Adobe Flash Player and AIR (CVE-2010-2174) Invalid Pointer Remote Code Execution Vulnerability
-
http://www.vupen.com/english/advisories/2010/1453
Webmail | OVH- OVH
-
http://www.vupen.com/english/advisories/2010/1793
Webmail | OVH- OVH
- http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
-
http://www.vupen.com/english/advisories/2010/1432
Webmail | OVH- OVH
-
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
Apple - Lists.apple.com
-
http://www.redhat.com/support/errata/RHSA-2010-0470.html
Support
-
http://securitytracker.com/id?1024085
Adobe Flash Player Multiple Flaws Let Remote Users Execute Arbitary Code, Conduct Cross-Site Scripting Attacks, and Deny Service - SecurityTracker
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/59323
Adobe Flash Player and Air invalid pointer code execution CVE-2010-2174 Vulnerability Report
-
http://security.gentoo.org/glsa/glsa-201101-09.xml
Adobe Flash Player: Multiple vulnerabilities (GLSA 201101-09) — Gentoo security
-
http://www.vupen.com/english/advisories/2010/1482
Webmail | OVH- OVH
-
http://www.securityfocus.com/archive/1/511849/100/0/threaded
SecurityFocus
-
http://www.us-cert.gov/cas/techalerts/TA10-162A.html
Adobe Flash and AIR Vulnerabilities | CISAUS Government Resource
-
http://support.apple.com/kb/HT4435
We're sorry.
-
http://www.vupen.com/english/advisories/2010/1522
Webmail | OVH- OVH
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7528
Repository / Oval Repository
-
http://www.vupen.com/english/advisories/2010/1434
Webmail | OVH- OVH
-
http://securitytracker.com/id?1024086
Adobe AIR Multiple Flaws Let Remote Users Execute Arbitary Code, Conduct Cross-Site Scripting Attacks, and Deny Service - SecurityTracker
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15360
Repository / Oval Repository
-
http://www.redhat.com/support/errata/RHSA-2010-0464.html
Support
- http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt
-
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html
[security-announce] SUSE Security Announcement: flash player (SUSE-SA:20
-
http://www.securityfocus.com/bid/40759
RETIRED: Adobe Flash Player 10.0.45.2 and AIR 1.5.3.9130 Multiple Remote Vulnerabilities
-
http://www.vupen.com/english/advisories/2011/0192
Webmail | OVH- OVH
-
http://www.vupen.com/english/advisories/2010/1421
Webmail | OVH- OVH
-
http://www.adobe.com/support/security/bulletins/apsb10-14.html
Adobe - Security Bulletins: APSB10-14 Security update available for Adobe Flash PlayerPatch;Vendor Advisory
Products affected by CVE-2010-2174
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:air:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:air:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:air:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:air:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:air:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:air:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:flash_player:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:flash_player:5.0.58.0:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:flash_player:5.0.41.0:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:flash_player:5.0.42.0:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:flash_player:5.0.30.0:*:*:*:*:*:*:*