Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Flash_player | Adobe | 9.0 (including) | 9.0.289.0 (excluding) |
| Flash_player | Adobe | 10.0 (including) | 10.1.102.64 (excluding) |
| Extras for RHEL 4 | RedHat | flash-plugin-0:9.0.289.0-1.el4 | * |
| Red Hat Enterprise Linux 6 Supplementary | RedHat | flash-plugin-0:10.1.102.64-1.el6 | * |
| Supplementary for Red Hat Enterprise Linux 5 | RedHat | flash-plugin-0:10.1.102.64-1.el5 | * |
| Adobe-flashplugin | Ubuntu | hardy | * |
| Adobe-flashplugin | Ubuntu | karmic | * |
| Adobe-flashplugin | Ubuntu | lucid | * |
| Adobe-flashplugin | Ubuntu | maverick | * |
| Adobe-flashplugin | Ubuntu | upstream | * |
| Flashplugin-nonfree | Ubuntu | dapper | * |
| Flashplugin-nonfree | Ubuntu | devel | * |
| Flashplugin-nonfree | Ubuntu | hardy | * |
| Flashplugin-nonfree | Ubuntu | karmic | * |
| Flashplugin-nonfree | Ubuntu | lucid | * |
| Flashplugin-nonfree | Ubuntu | maverick | * |
| Flashplugin-nonfree | Ubuntu | upstream | * |
References
- http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1
- http://jvn.jp/en/jp/JVN48425028/index.html
- http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html
- http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2
- http://secunia.com/advisories/42183
- http://secunia.com/advisories/42926
- http://secunia.com/advisories/43026
- http://security.gentoo.org/glsa/glsa-201101-09.xml
- http://support.apple.com/kb/HT4435
- http://www.adobe.com/support/security/bulletins/apsb10-26.html
- http://www.redhat.com/support/errata/RHSA-2010-0829.html
- http://www.redhat.com/support/errata/RHSA-2010-0834.html
- http://www.redhat.com/support/errata/RHSA-2010-0867.html
- http://www.securityfocus.com/bid/44691
- http://www.vupen.com/english/advisories/2010/2903
- http://www.vupen.com/english/advisories/2010/2906
- http://www.vupen.com/english/advisories/2010/2918
- http://www.vupen.com/english/advisories/2011/0173
- http://www.vupen.com/english/advisories/2011/0192
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913
- http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1
- http://jvn.jp/en/jp/JVN48425028/index.html
- http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html
- http://marc.info/?l=bugtraq\u0026m=130331642631603\u0026w=2
- http://secunia.com/advisories/42183
- http://secunia.com/advisories/42926
- http://secunia.com/advisories/43026
- http://security.gentoo.org/glsa/glsa-201101-09.xml
- http://support.apple.com/kb/HT4435
- http://www.adobe.com/support/security/bulletins/apsb10-26.html
- http://www.redhat.com/support/errata/RHSA-2010-0829.html
- http://www.redhat.com/support/errata/RHSA-2010-0834.html
- http://www.redhat.com/support/errata/RHSA-2010-0867.html
- http://www.securityfocus.com/bid/44691
- http://www.vupen.com/english/advisories/2010/2903
- http://www.vupen.com/english/advisories/2010/2906
- http://www.vupen.com/english/advisories/2010/2918
- http://www.vupen.com/english/advisories/2011/0173
- http://www.vupen.com/english/advisories/2011/0192
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913