CVE-2010-2179

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.adobe.com/support/security/bulletins/apsb10-14.html	Patch Vendor Advisory
http://securitytracker.com/id?1024085
http://www.securityfocus.com/bid/40759
http://securitytracker.com/id?1024086
http://www.redhat.com/support/errata/RHSA-2010-0470.html
http://www.redhat.com/support/errata/RHSA-2010-0464.html
http://www.securityfocus.com/bid/40808
http://www.vupen.com/english/advisories/2010/1453
http://www.us-cert.gov/cas/techalerts/TA10-162A.html	US Government Resource
http://www.vupen.com/english/advisories/2010/1434
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html
http://www.vupen.com/english/advisories/2010/1482
http://www.vupen.com/english/advisories/2010/1432
http://secunia.com/advisories/40144
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://www.vupen.com/english/advisories/2010/1421
http://www.vupen.com/english/advisories/2010/1522
http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt
http://secunia.com/advisories/40545
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
http://www.vupen.com/english/advisories/2010/1793
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://support.apple.com/kb/HT4435
http://security.gentoo.org/glsa/glsa-201101-09.xml
http://www.vupen.com/english/advisories/2011/0192
http://secunia.com/advisories/43026
https://exchange.xforce.ibmcloud.com/vulnerabilities/59328
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7126

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:adobe:flash_player:9.0.151.0:::::::*
	cpe:2.3:a:adobe:flash_player:9.0.125.0:::::::*
	cpe:2.3:a:adobe:flash_player:9.0.31:::::::*
	cpe:2.3:a:adobe:flash_player:9.0.28.0:::::::*
	cpe:2.3:a:adobe:flash_player:9.0.152.0:::::::*
	cpe:2.3:a:adobe:flash_player:9.0.124.0:::::::*
	cpe:2.3:a:adobe:flash_player:9.0.115.0:::::::*
	cpe:2.3:a:adobe:flash_player:9.0.20.0:::::::*
	cpe:2.3:a:adobe:flash_player:9.0.20:::::::*
	cpe:2.3:a:adobe:flash_player:9.0.260.0:::::::*
	cpe:2.3:a:adobe:flash_player:9.0.246.0:::::::*
	cpe:2.3:a:adobe:flash_player:9.0.45.0:::::::*
	cpe:2.3:a:adobe:flash_player:9.0.31.0:::::::*
	cpe:2.3:a:adobe:flash_player:9.0.159.0:::::::*
	cpe:2.3:a:adobe:flash_player:9.0.16:::::::*
	cpe:2.3:a:adobe:flash_player:9.0.48.0:::::::*
	cpe:2.3:a:adobe:flash_player:9.0.47.0:::::::*
	cpe:2.3:a:adobe:flash_player:9.0.262.0:::::::*
	cpe:2.3:a:adobe:flash_player:9.0.28:::::::*

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:google:chrome::::::::

Configuration 2 (hide)

AND

OR	cpe:2.3:a:adobe:flash_player:10.0.15.3:::::::*
	cpe:2.3:a:adobe:flash_player:10.0.42.34:::::::*
	cpe:2.3:a:adobe:flash_player::::::::
	cpe:2.3:a:adobe:flash_player:10.0.12.10:::::::*
	cpe:2.3:a:adobe:flash_player:10.0.12.36:::::::*
	cpe:2.3:a:adobe:flash_player:10.0.22.87:::::::*
	cpe:2.3:a:adobe:flash_player:10.0.32.18:::::::*
	cpe:2.3:a:adobe:flash_player:10.0.0.584:::::::*

OR	cpe:2.3:a:google:chrome::::::::
	cpe:2.3:a:mozilla:firefox::::::::

Configuration 3 (hide)

AND

OR	cpe:2.3:a:adobe:flash_player:7.0.1:::::::*
	cpe:2.3:a:adobe:flash_player:7.2:::::::*
	cpe:2.3:a:adobe:flash_player:7.0.14.0:::::::*
	cpe:2.3:a:adobe:flash_player:7.0.67.0:::::::*
	cpe:2.3:a:adobe:flash_player:7.0.73.0:::::::*
	cpe:2.3:a:adobe:flash_player:8.0:::::::*
	cpe:2.3:a:adobe:flash_player:8.0.42.0:::::::*
	cpe:2.3:a:adobe:flash_player:7.0.69.0:::::::*
	cpe:2.3:a:adobe:flash_player:7.0.70.0:::::::*
	cpe:2.3:a:adobe:flash_player:7.0.53.0:::::::*
	cpe:2.3:a:adobe:flash_player:7.0.60.0:::::::*
	cpe:2.3:a:adobe:flash_player:7.0.61.0:::::::*
	cpe:2.3:a:macromedia:flash_player:5.0.58.0:::::::*
	cpe:2.3:a:macromedia:flash_player:5.0.41.0:::::::*
	cpe:2.3:a:adobe:flash_player:8.0.33.0:::::::*
	cpe:2.3:a:adobe:flash_player:8.0.34.0:::::::*
	cpe:2.3:a:adobe:flash_player:7.0:::::::*
	cpe:2.3:a:adobe:flash_player:7.1:::::::*
	cpe:2.3:a:adobe:flash_player:7.1.1:::::::*
	cpe:2.3:a:adobe:flash_player:7.0.66.0:::::::*
	cpe:2.3:a:adobe:flash_player:7.0.68.0:::::::*
	cpe:2.3:a:macromedia:flash_player:5.0.42.0:::::::*
	cpe:2.3:a:macromedia:flash_player:5.0:::::::*
	cpe:2.3:a:adobe:flash_player:8.0.35.0:::::::*
	cpe:2.3:a:adobe:flash_player:8.0.39.0:::::::*
	cpe:2.3:a:adobe:flash_player:7.0.25:::::::*
	cpe:2.3:a:adobe:flash_player:7.0.63:::::::*
	cpe:2.3:a:adobe:flash_player:7.0.19.0:::::::*
	cpe:2.3:a:adobe:flash_player:7.0.24.0:::::::*
	cpe:2.3:a:adobe:flash_player:6.0.79:::::::*
	cpe:2.3:a:macromedia:flash_player:5.0.30.0:::::::*
	cpe:2.3:a:adobe:flash_player:8.0.22.0:::::::*
	cpe:2.3:a:adobe:flash_player:8.0.24.0:::::::*

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:google:chrome::::::::

Configuration 4 (hide)

AND

OR	cpe:2.3:a:adobe:air:1.5.1:::::::*
	cpe:2.3:a:adobe:air:1.5.2:::::::*
	cpe:2.3:a:adobe:air:1.1:::::::*
	cpe:2.3:a:adobe:air:1.0:::::::*
	cpe:2.3:a:adobe:air:1.5:::::::*
	cpe:2.3:a:adobe:air:1.5.3:::::::*
	cpe:2.3:a:adobe:air::::::::

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:google:chrome::::::::

Information

Published : 2010-06-15 18:00

Updated : 2018-10-30 16:25

NVD link : CVE-2010-2179

Mitre link : CVE-2010-2179

JSON object : View

Products Affected

adobe

flash_player
air

mozilla

firefox

macromedia

flash_player

google

chrome

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.3 /10