Vulnerability & Exploit Database

Back to search

RHSA-2010:0464: flash-plugin security update

Severity CVSS Published Added Modified
9 (AV:N/AC:M/Au:N/C:C/I:C/A:C) June 14, 2010 June 15, 2010 September 06, 2015

Available Exploits 

Description

The flash-plugin package contains a Mozilla Firefox compatible Adobe FlashPlayer web browser plug-in.This update fixes multiple vulnerabilities in Adobe Flash Player. Thesevulnerabilities are detailed on the Adobe security pages APSA10-01 andAPSB10-14, listed in the References section.Multiple security flaws were found in the way flash-plugin displayedcertain SWF content. An attacker could use these flaws to create aspecially-crafted SWF file that would cause flash-plugin to crash or,potentially, execute arbitrary code when the victim loaded a pagecontaining the specially-crafted SWF content. (CVE-2009-3793,CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163,CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169,CVE-2010-2170, CVE-2010-2171, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175,CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181,CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186,CVE-2010-2187, CVE-2010-2188)An input sanitization flaw was found in the way flash-plugin processedcertain URLs. An attacker could use this flaw to conduct cross-sitescripting (XSS) attacks if a victim were tricked into visiting aspecially-crafted web page. (CVE-2010-2179)A denial of service flaw was found in the way flash-plugin processedcertain SWF content. An attacker could use this flaw to create aspecially-crafted SWF file that would cause flash-plugin to crash.(CVE-2008-4546)All users of Adobe Flash Player should install this updated package, whichupgrades Flash Player to version 10.1.53.64.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

linuxrpm-upgrade-rhel50-ix86-flash-plugin

Related Vulnerabilities