Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Adobe_air | Adobe | * | 1.5.3.9120 (including) |
| Adobe_air | Adobe | 1.0 (including) | 1.0 (including) |
| Adobe_air | Adobe | 1.1 (including) | 1.1 (including) |
| Adobe_air | Adobe | 1.5.1 (including) | 1.5.1 (including) |
| Adobe_air | Adobe | 1.5.2 (including) | 1.5.2 (including) |
| Adobe_air | Adobe | 1.5.3 (including) | 1.5.3 (including) |
| Flash_player | Adobe | * | 10.0.42.34 (including) |
| Flash_player | Adobe | 6.0.21.0 (including) | 6.0.21.0 (including) |
| Flash_player | Adobe | 6.0.79 (including) | 6.0.79 (including) |
| Flash_player | Adobe | 7.0 (including) | 7.0 (including) |
| Flash_player | Adobe | 7.0.1 (including) | 7.0.1 (including) |
| Flash_player | Adobe | 7.0.25 (including) | 7.0.25 (including) |
| Flash_player | Adobe | 7.0.63 (including) | 7.0.63 (including) |
| Flash_player | Adobe | 7.0.69.0 (including) | 7.0.69.0 (including) |
| Flash_player | Adobe | 7.0.70.0 (including) | 7.0.70.0 (including) |
| Flash_player | Adobe | 7.1 (including) | 7.1 (including) |
| Flash_player | Adobe | 7.1.1 (including) | 7.1.1 (including) |
| Flash_player | Adobe | 7.2 (including) | 7.2 (including) |
| Flash_player | Adobe | 8.0 (including) | 8.0 (including) |
| Flash_player | Adobe | 8.0.22.0 (including) | 8.0.22.0 (including) |
| Flash_player | Adobe | 8.0.24.0 (including) | 8.0.24.0 (including) |
| Flash_player | Adobe | 8.0.33.0 (including) | 8.0.33.0 (including) |
| Flash_player | Adobe | 8.0.34.0 (including) | 8.0.34.0 (including) |
| Flash_player | Adobe | 8.0.35.0 (including) | 8.0.35.0 (including) |
| Flash_player | Adobe | 8.0.39.0 (including) | 8.0.39.0 (including) |
| Flash_player | Adobe | 8.0.42.0 (including) | 8.0.42.0 (including) |
| Flash_player | Adobe | 9.0 (including) | 9.0 (including) |
| Flash_player | Adobe | 9.0.16 (including) | 9.0.16 (including) |
| Flash_player | Adobe | 9.0.18d60 (including) | 9.0.18d60 (including) |
| Flash_player | Adobe | 9.0.20 (including) | 9.0.20 (including) |
| Flash_player | Adobe | 9.0.20.0 (including) | 9.0.20.0 (including) |
| Flash_player | Adobe | 9.0.28.0 (including) | 9.0.28.0 (including) |
| Flash_player | Adobe | 9.0.31 (including) | 9.0.31 (including) |
| Flash_player | Adobe | 9.0.31.0 (including) | 9.0.31.0 (including) |
| Flash_player | Adobe | 9.0.45.0 (including) | 9.0.45.0 (including) |
| Flash_player | Adobe | 9.0.47.0 (including) | 9.0.47.0 (including) |
| Flash_player | Adobe | 9.0.48.0 (including) | 9.0.48.0 (including) |
| Flash_player | Adobe | 9.0.112.0 (including) | 9.0.112.0 (including) |
| Flash_player | Adobe | 9.0.114.0 (including) | 9.0.114.0 (including) |
| Flash_player | Adobe | 9.0.115.0 (including) | 9.0.115.0 (including) |
| Flash_player | Adobe | 9.0.124.0 (including) | 9.0.124.0 (including) |
| Flash_player | Adobe | 9.0.125.0 (including) | 9.0.125.0 (including) |
| Flash_player | Adobe | 9.0.151.0 (including) | 9.0.151.0 (including) |
| Flash_player | Adobe | 9.0.152.0 (including) | 9.0.152.0 (including) |
| Flash_player | Adobe | 9.0.159.0 (including) | 9.0.159.0 (including) |
| Flash_player | Adobe | 9.0.246.0 (including) | 9.0.246.0 (including) |
| Flash_player | Adobe | 9.0.260.0 (including) | 9.0.260.0 (including) |
| Flash_player | Adobe | 9.125.0 (including) | 9.125.0 (including) |
| Flash_player | Adobe | 10.0.12.10 (including) | 10.0.12.10 (including) |
| Flash_player | Adobe | 10.0.12.36 (including) | 10.0.12.36 (including) |
| Flash_player | Adobe | 10.0.15.3 (including) | 10.0.15.3 (including) |
| Flash_player | Adobe | 10.0.22.87 (including) | 10.0.22.87 (including) |
| Flash_player | Adobe | 10.0.32.18 (including) | 10.0.32.18 (including) |
| Extras for RHEL 3 | RedHat | flash-plugin-0:9.0.262.0-1.el3.with.oss | * |
| Extras for RHEL 4 | RedHat | flash-plugin-0:9.0.262.0-1.el4 | * |
| Extras for RHEL 4 | RedHat | acroread-0:9.3.1-1.el4 | * |
| Supplementary for Red Hat Enterprise Linux 5 | RedHat | flash-plugin-0:10.0.45.2-1.el5 | * |
| Supplementary for Red Hat Enterprise Linux 5 | RedHat | acroread-0:9.3.1-1.el5 | * |
| Adobe-flashplugin | Ubuntu | devel | * |
| Adobe-flashplugin | Ubuntu | hardy | * |
| Adobe-flashplugin | Ubuntu | intrepid | * |
| Adobe-flashplugin | Ubuntu | jaunty | * |
| Adobe-flashplugin | Ubuntu | karmic | * |
| Adobe-flashplugin | Ubuntu | upstream | * |
| Flashplugin-nonfree | Ubuntu | dapper | * |
| Flashplugin-nonfree | Ubuntu | devel | * |
| Flashplugin-nonfree | Ubuntu | hardy | * |
| Flashplugin-nonfree | Ubuntu | intrepid | * |
| Flashplugin-nonfree | Ubuntu | jaunty | * |
| Flashplugin-nonfree | Ubuntu | karmic | * |
| Flashplugin-nonfree | Ubuntu | upstream | * |
References
- http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
- http://secunia.com/advisories/38547
- http://secunia.com/advisories/38639
- http://secunia.com/advisories/38915
- http://secunia.com/advisories/40220
- http://secunia.com/advisories/43026
- http://security.gentoo.org/glsa/glsa-201101-09.xml
- http://securitytracker.com/id?1023585
- http://support.apple.com/kb/HT4188
- http://www.adobe.com/support/security/bulletins/apsb10-06.html
- http://www.adobe.com/support/security/bulletins/apsb10-07.html
- http://www.osvdb.org/62300
- http://www.redhat.com/support/errata/RHSA-2010-0114.html
- http://www.securityfocus.com/bid/38198
- http://www.vupen.com/english/advisories/2010/1481
- http://www.vupen.com/english/advisories/2011/0192
- https://bugzilla.redhat.com/show_bug.cgi?id=563819
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8518
- https://rhn.redhat.com/errata/RHSA-2010-0102.html
- https://rhn.redhat.com/errata/RHSA-2010-0103.html
- http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
- http://secunia.com/advisories/38547
- http://secunia.com/advisories/38639
- http://secunia.com/advisories/38915
- http://secunia.com/advisories/40220
- http://secunia.com/advisories/43026
- http://security.gentoo.org/glsa/glsa-201101-09.xml
- http://securitytracker.com/id?1023585
- http://support.apple.com/kb/HT4188
- http://www.adobe.com/support/security/bulletins/apsb10-06.html
- http://www.adobe.com/support/security/bulletins/apsb10-07.html
- http://www.osvdb.org/62300
- http://www.redhat.com/support/errata/RHSA-2010-0114.html
- http://www.securityfocus.com/bid/38198
- http://www.vupen.com/english/advisories/2010/1481
- http://www.vupen.com/english/advisories/2011/0192
- https://bugzilla.redhat.com/show_bug.cgi?id=563819
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8518
- https://rhn.redhat.com/errata/RHSA-2010-0102.html
- https://rhn.redhat.com/errata/RHSA-2010-0103.html