CVE-2010-0186

Description

Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors.

Affected products

• Adobe / acrobat9.0 – 9.0
• Adobe / acrobat9.2 – 9.2
• Adobe / acrobat9.1.3 – 9.1.3
• Adobe / acrobat9.1.2 – 9.1.2
• Adobe / acrobat9.1.1 – 9.1.1
• Adobe / acrobat9.1 – 9.1
• Adobe / acrobat9.3
• Adobe / acrobat8.0 – 8.0
• Adobe / acrobat8.1 – 8.1
• Adobe / acrobat8.1.1 – 8.1.1
• Adobe / acrobat8.1.2 – 8.1.2
• Adobe / acrobat8.1.3 – 8.1.3
• Adobe / acrobat8.1.4 – 8.1.4
• Adobe / acrobat8.1.5 – 8.1.5
• Adobe / acrobat8.1.6 – 8.1.6
• Adobe / acrobat8.1.7 – 8.1.7
• Adobe / Acrobat Reader9.2 – 9.2
• Adobe / Acrobat Reader8.1.7 – 8.1.7
• Adobe / Acrobat Reader9.0 – 9.0
• Adobe / Acrobat Reader9.1 – 9.1
• Adobe / Acrobat Reader9.1.1 – 9.1.1
• Adobe / Acrobat Reader9.1.2 – 9.1.2
• Adobe / Acrobat Reader9.1.3 – 9.1.3
• Adobe / Acrobat Reader9.3
• Adobe / Acrobat Reader8.0 – 8.0
• Adobe / Acrobat Reader8.1 – 8.1
• Adobe / Acrobat Reader8.1.1 – 8.1.1
• Adobe / Acrobat Reader8.1.2 – 8.1.2
• Adobe / Acrobat Reader8.1.4 – 8.1.4
• Adobe / Acrobat Reader8.1.5 – 8.1.5
• Adobe / Acrobat Reader8.1.6 – 8.1.6
• Adobe / adobe_air1.5.3.9120
• Adobe / adobe_air1.0 – 1.0
• Adobe / adobe_air1.5.3 – 1.5.3
• Adobe / adobe_air1.5.2 – 1.5.2
• Adobe / adobe_air1.5.1 – 1.5.1
• Adobe / adobe_air1.1 – 1.1
• Adobe / Flash Player9.0.151.0 – 9.0.151.0
• Adobe / Flash Player9.0.152.0 – 9.0.152.0
• Adobe / Flash Player9.0.159.0 – 9.0.159.0
• Adobe / Flash Player9.0.246.0 – 9.0.246.0
• Adobe / Flash Player9.0.260.0 – 9.0.260.0
• Adobe / Flash Player9.125.0 – 9.125.0
• Adobe / Flash Player10.0.12.10 – 10.0.12.10
• Adobe / Flash Player10.0.12.36 – 10.0.12.36
• Adobe / Flash Player10.0.15.3 – 10.0.15.3
• Adobe / Flash Player10.0.22.87 – 10.0.22.87
• Adobe / Flash Player10.0.32.18 – 10.0.32.18
• Adobe / Flash Player10.0.42.34
• Adobe / Flash Player6.0.21.0 – 6.0.21.0
• Adobe / Flash Player6.0.79 – 6.0.79
• Adobe / Flash Player7.0 – 7.0
• Adobe / Flash Player7.0.1 – 7.0.1
• Adobe / Flash Player7.0.25 – 7.0.25
• Adobe / Flash Player7.0.63 – 7.0.63
• Adobe / Flash Player7.0.69.0 – 7.0.69.0
• Adobe / Flash Player7.0.70.0 – 7.0.70.0
• Adobe / Flash Player7.1 – 7.1
• Adobe / Flash Player7.1.1 – 7.1.1
• Adobe / Flash Player7.2 – 7.2
• Adobe / Flash Player8.0 – 8.0
• Adobe / Flash Player8.0.22.0 – 8.0.22.0
• Adobe / Flash Player8.0.24.0 – 8.0.24.0
• Adobe / Flash Player8.0.33.0 – 8.0.33.0
• Adobe / Flash Player8.0.34.0 – 8.0.34.0
• Adobe / Flash Player8.0.35.0 – 8.0.35.0
• Adobe / Flash Player8.0.39.0 – 8.0.39.0
• Adobe / Flash Player8.0.42.0 – 8.0.42.0
• Adobe / Flash Player9.0 – 9.0
• Adobe / Flash Player9.0.16 – 9.0.16
• Adobe / Flash Player9.0.18d60 – 9.0.18d60
• Adobe / Flash Player9.0.20 – 9.0.20
• Adobe / Flash Player9.0.20.0 – 9.0.20.0
• Adobe / Flash Player9.0.28.0 – 9.0.28.0
• Adobe / Flash Player9.0.31 – 9.0.31
• Adobe / Flash Player9.0.31.0 – 9.0.31.0
• Adobe / Flash Player9.0.45.0 – 9.0.45.0
• Adobe / Flash Player9.0.47.0 – 9.0.47.0
• Adobe / Flash Player9.0.48.0 – 9.0.48.0
• Adobe / Flash Player9.0.112.0 – 9.0.112.0
• Adobe / Flash Player9.0.114.0 – 9.0.114.0
• Adobe / Flash Player9.0.115.0 – 9.0.115.0
• Adobe / Flash Player9.0.124.0 – 9.0.124.0
• Adobe / Flash Player9.0.125.0 – 9.0.125.0

References

• MAILING_LISThttp://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/0192
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/1481
• MISChttp://www.osvdb.org/62300
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8518
• MISChttp://www.securityfocus.com/bid/38198
• VENDOR_ADVISORYhttp://secunia.com/advisories/43026
• MISChttp://security.gentoo.org/glsa/glsa-201101-09.xml
• MISChttps://rhn.redhat.com/errata/RHSA-2010-0102.html
• MISChttp://securitytracker.com/id?1023585
• MISChttp://www.redhat.com/support/errata/RHSA-2010-0114.html
• VENDOR_ADVISORYhttp://support.apple.com/kb/HT4188
• VENDOR_ADVISORYhttp://secunia.com/advisories/40220
• VENDOR_ADVISORYhttp://www.adobe.com/support/security/bulletins/apsb10-06.html
• MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
• MISChttps://bugzilla.redhat.com/show_bug.cgi?id=563819
• VENDOR_ADVISORYhttp://www.adobe.com/support/security/bulletins/apsb10-07.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/38547
• VENDOR_ADVISORYhttp://secunia.com/advisories/38639
• MISChttps://rhn.redhat.com/errata/RHSA-2010-0103.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/38915