Vulnerabilities > CVE-2010-3975 - Unspecified vulnerability in Adobe Flash Player 9.0

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
adobe
critical
NVD
Published: 2010-10-19
Updated: 2018-10-30

Summary

Untrusted search path vulnerability in Adobe Flash Player 9 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as a file that is processed by Flash. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

Vulnerable Configurations

Part Description Count
Application
Adobe
1

Oval

accepted2015-08-03T04:00:20.540-04:00
classvulnerability
contributors
  • nameSecPod Team
    organizationSecPod Technologies
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
  • commentAdobe Flash Player 9 is installed
    ovaloval:org.mitre.oval:def:7402
  • commentActiveX Control is installed
    ovaloval:org.mitre.oval:def:26707
descriptionUntrusted search path vulnerability in Adobe Flash Player 9 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as a file that is processed by Flash.
familywindows
idoval:org.mitre.oval:def:12212
statusaccepted
submitted2011-03-16T19:18:43
titleUntrusted search path vulnerability in Adobe Flash Player 9 and earlier versions.
version66

References