Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Flash_player | Adobe | 9.0.45.0 (including) | 9.0.45.0 (including) |
| Flash_player | Adobe | 9.0.112.0 (including) | 9.0.112.0 (including) |
| Flash_player | Adobe | 9.0.115.0 (including) | 9.0.115.0 (including) |
| Flash_player | Adobe | 10.0.12.10 (including) | 10.0.12.10 (including) |
| Extras for RHEL 3 | RedHat | flash-plugin-0:9.0.277.0-1.el3.with.oss | * |
| Extras for RHEL 4 | RedHat | flash-plugin-0:9.0.277.0-1.el4 | * |
| Supplementary for Red Hat Enterprise Linux 5 | RedHat | flash-plugin-0:10.1-2.el5 | * |
| Adobe-flashplugin | Ubuntu | hardy | * |
| Adobe-flashplugin | Ubuntu | jaunty | * |
| Adobe-flashplugin | Ubuntu | karmic | * |
| Adobe-flashplugin | Ubuntu | lucid | * |
| Adobe-flashplugin | Ubuntu | upstream | * |
| Flashplugin-nonfree | Ubuntu | dapper | * |
| Flashplugin-nonfree | Ubuntu | devel | * |
| Flashplugin-nonfree | Ubuntu | hardy | * |
| Flashplugin-nonfree | Ubuntu | jaunty | * |
| Flashplugin-nonfree | Ubuntu | karmic | * |
| Flashplugin-nonfree | Ubuntu | lucid | * |
| Flashplugin-nonfree | Ubuntu | upstream | * |