Vulnerability & Exploit Database

Back to search

RHSA-2010:0464: flash-plugin security update

Severity CVSS Published Added Modified
9 (AV:N/AC:M/Au:N/C:C/I:C/A:C) June 15, 2010 June 16, 2010 July 04, 2017

Available Exploits 

Description

The flash-plugin package contains a Mozilla Firefox compatible Adobe FlashPlayer web browser plug-in.This update fixes multiple vulnerabilities in Adobe Flash Player. Thesevulnerabilities are detailed on the Adobe security pages APSA10-01 andAPSB10-14, listed in the References section.Multiple security flaws were found in the way flash-plugin displayedcertain SWF content. An attacker could use these flaws to create aspecially-crafted SWF file that would cause flash-plugin to crash or,potentially, execute arbitrary code when the victim loaded a pagecontaining the specially-crafted SWF content. (CVE-2009-3793,CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163,CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169,CVE-2010-2170, CVE-2010-2171, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175,CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181,CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186,CVE-2010-2187, CVE-2010-2188)An input sanitization flaw was found in the way flash-plugin processedcertain URLs. An attacker could use this flaw to conduct cross-sitescripting (XSS) attacks if a victim were tricked into visiting aspecially-crafted web page. (CVE-2010-2179)A denial of service flaw was found in the way flash-plugin processedcertain SWF content. An attacker could use this flaw to create aspecially-crafted SWF file that would cause flash-plugin to crash.(CVE-2008-4546)All users of Adobe Flash Player should install this updated package, whichupgrades Flash Player to version 10.1.53.64.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

redhat-upgrade-flash-plugin

Related Vulnerabilities