Vulnerabilities > CVE-2010-3976 - Unspecified vulnerability in Adobe Flash Player
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN adobe
nessus
Summary
Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player.
Vulnerable Configurations
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2010-007.NASL description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-007 applied. This security update contains fixes for the following products : - AFP Server - Apache mod_perl - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services - diskdev_cmds - Disk Images - Flash Player plug-in - gzip - ImageIO - Image RAW - MySQL - Password Server - PHP - Printing - python - QuickLook - Safari RSS - Wiki Server - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 50549 published 2010-11-10 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50549 title Mac OS X Multiple Vulnerabilities (Security Update 2010-007) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(50549); script_version("1.48"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id( "CVE-2008-4546", "CVE-2009-0796", "CVE-2009-0946", "CVE-2009-2624", "CVE-2009-3793", "CVE-2009-4134", "CVE-2010-0105", "CVE-2010-0205", "CVE-2010-0209", "CVE-2010-0397", "CVE-2010-1205", "CVE-2010-1297", "CVE-2010-1449", "CVE-2010-1450", "CVE-2010-1752", "CVE-2010-1811", "CVE-2010-1828", "CVE-2010-1829", "CVE-2010-1830", "CVE-2010-1831", "CVE-2010-1832", "CVE-2010-1836", "CVE-2010-1837", "CVE-2010-1838", "CVE-2010-1840", "CVE-2010-1841", "CVE-2010-1845", "CVE-2010-1846", "CVE-2010-1848", "CVE-2010-1849", "CVE-2010-1850", "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2162", "CVE-2010-2163", "CVE-2010-2164", "CVE-2010-2165", "CVE-2010-2166", "CVE-2010-2167", "CVE-2010-2169", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2172", "CVE-2010-2173", "CVE-2010-2174", "CVE-2010-2175", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2178", "CVE-2010-2179", "CVE-2010-2180", "CVE-2010-2181", "CVE-2010-2182", "CVE-2010-2183", "CVE-2010-2184", "CVE-2010-2185", "CVE-2010-2186", "CVE-2010-2187", "CVE-2010-2188", "CVE-2010-2189", "CVE-2010-2213", "CVE-2010-2214", "CVE-2010-2215", "CVE-2010-2216", "CVE-2010-2249", "CVE-2010-2484", "CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2531", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808", "CVE-2010-2884", "CVE-2010-2941", "CVE-2010-3053", "CVE-2010-3054", "CVE-2010-3636", "CVE-2010-3638", "CVE-2010-3639", "CVE-2010-3640", "CVE-2010-3641", "CVE-2010-3642", "CVE-2010-3643", "CVE-2010-3644", "CVE-2010-3645", "CVE-2010-3646", "CVE-2010-3647", "CVE-2010-3648", "CVE-2010-3649", "CVE-2010-3650", "CVE-2010-3652", "CVE-2010-3654", "CVE-2010-3783", "CVE-2010-3784", "CVE-2010-3785", "CVE-2010-3796", "CVE-2010-3797", "CVE-2010-3976", "CVE-2010-4010" ); script_bugtraq_id( 31537, 34383, 34550, 38478, 39658, 40361, 40363, 40365, 40586, 40779, 40780, 40781, 40782, 40783, 40784, 40785, 40786, 40787, 40788, 40789, 40790, 40791, 40792, 40793, 40794, 40795, 40796, 40797, 40798, 40799, 40800, 40801, 40802, 40803, 40805, 40806, 40807, 40808, 40809, 41049, 41174, 42285, 42621, 42624, 44504, 44530, 44671, 44729, 44800, 44802, 44804, 44806, 44807, 44808, 44812, 44814, 44815, 44816, 44817, 44819, 44822, 44829, 44832, 44833, 44835, 99999 ); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2010-007)"); script_summary(english:"Check for the presence of Security Update 2010-007"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-007 applied. This security update contains fixes for the following products : - AFP Server - Apache mod_perl - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services - diskdev_cmds - Disk Images - Flash Player plug-in - gzip - ImageIO - Image RAW - MySQL - Password Server - PHP - Printing - python - QuickLook - Safari RSS - Wiki Server - X11" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT4435" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2010/Nov/msg00000.html" ); script_set_attribute( attribute:"solution", value:"Install Security Update 2010-007 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploithub_sku", value:"EH-11-164"); script_set_attribute(attribute:"exploit_framework_exploithub", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player "Button" Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 79, 189, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/10"); script_set_attribute(attribute:"patch_publication_date", value:"2010/11/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if (!uname) exit(0, "The 'Host/uname' KB item is missing."); pat = "^.+Darwin.* ([0-9]+\.[0-9.]+).*$"; if (!ereg(pattern:pat, string:uname)) exit(0, "Can't identify the Darwin kernel version from the uname output ("+uname+")."); darwin = ereg_replace(pattern:pat, replace:"\1", string:uname); if (ereg(pattern:"^9\.[0-8]\.", string:darwin)) { packages = get_kb_item("Host/MacOSX/packages/boms"); if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing."); if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2010\.00[7-9]|201[1-9]\.[0-9]+)(\.leopard)?\.bom", string:packages)) exit(0, "The host has Security Update 2010-007 or later installed and therefore is not affected."); else security_hole(0); } else exit(0, "The host is running Darwin kernel version "+darwin+" and therefore is not affected.");NASL family Windows NASL id ADOBE_AIR_APSB10-26.NASL description The remote Windows host contains a version of Adobe AIR that is earlier than 2.5.1. Such versions are affected by multiple vulnerabilities: - An error exists in the validation of input and, with certain server encodings, lead to a violation of cross- domain policy file restrictions. (CVE-2010-3636) - An unspecified error exists which can lead to a denial of service. (CVE-2010-3639) - An error exists in the library loading logic and can lead to arbitrary code execution. (CVE-2010-3976) - There exist multiple memory corruption vulnerabilities which can lead to arbitrary code execution. (CVE-2010-3637, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654) last seen 2020-06-01 modified 2020-06-02 plugin id 50604 published 2010-11-15 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50604 title Adobe AIR < 2.5.1 Multiple Vulnerabilities (APSB10-26) NASL family MacOS X Local Security Checks NASL id MACOSX_10_6_5.NASL description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.5. Mac OS X 10.6.5 contains security fixes for the following products : - AFP Server - Apache mod_perl - Apache - AppKit - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services - diskdev_cmds - Disk Images - Flash Player plug-in - gzip - Image Capture - ImageIO - Image RAW - Kernel - MySQL - neon - Networking - OpenLDAP - OpenSSL - Password Server - PHP - Printing - python - QuickLook - QuickTime - Safari RSS - Time Machine - Wiki Server - X11 - xar last seen 2020-06-01 modified 2020-06-02 plugin id 50548 published 2010-11-10 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50548 title Mac OS X 10.6.x < 10.6.5 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_FLASH-PLAYER-101104.NASL description Adobe Flash Player was updated to version 10.1.102.64 to fix a critical security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 50904 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50904 title SuSE 11 / 11.1 Security Update : flash-player (SAT Patch Numbers 3475 / 3477) NASL family Windows NASL id ADOBE_ACROBAT_APSB10-28.NASL description The version of Adobe Acrobat 9.x installed on the remote host is earlier than 9.4.1. Such versions are reportedly affected by multiple vulnerabilities : - A memory corruption vulnerability exists that could lead to code execution. Note that this issue does not affect Adobe Acrobat 8.x. (CVE-2010-3654) - An input validation issue exists that could lead to a bypass of cross-domain policy file restrictions with certain server encodings. (CVE-2010-3636) - A memory corruption vulnerability exists in the ActiveX component. (CVE-2010-3637) - An unspecified issue exists which could lead to a denial of service or potentially arbitrary code execution. (CVE-2010-3639) - Multiple memory corruption issues exist that could lead to arbitrary code execution. (CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652) - A library-loading vulnerability could lead to code execution. (CVE-2010-3976) last seen 2020-06-01 modified 2020-06-02 plugin id 50613 published 2010-11-16 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50613 title Adobe Acrobat 9.x < 9.4.1 Multiple Vulnerabilities (APSB10-28) NASL family SuSE Local Security Checks NASL id SUSE_11_1_FLASH-PLAYER-101104.NASL description Adobe Flash Player was updated to version 10.1.102.64 to fix a critical security issue. CVE-2010-3636 CVE-2010-3637 CVE-2010-3638 CVE-2010-3639 CVE-2010-3640 CVE-2010-3641 CVE-2010-3642 CVE-2010-3643 CVE-2010-3644 CVE-2010-3645 CVE-2010-3646 CVE-2010-3647 CVE-2010-3648 CVE-2010-3649 CVE-2010-3650 CVE-2010-3651 CVE-2010-3652 CVE-2010-3654 CVE-2010-3976 last seen 2020-06-01 modified 2020-06-02 plugin id 53658 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53658 title openSUSE Security Update : flash-player (flash-player-3474) NASL family SuSE Local Security Checks NASL id SUSE_11_3_FLASH-PLAYER-101104.NASL description Adobe Flash Player was updated to version 10.1.102.64 to fix a critical security issue. CVE-2010-3636 CVE-2010-3637 CVE-2010-3638 CVE-2010-3639 CVE-2010-3640 CVE-2010-3641 CVE-2010-3642 CVE-2010-3643 CVE-2010-3644 CVE-2010-3645 CVE-2010-3646 CVE-2010-3647 CVE-2010-3648 CVE-2010-3649 CVE-2010-3650 CVE-2010-3651 CVE-2010-3652 CVE-2010-3654 CVE-2010-3976 last seen 2020-06-01 modified 2020-06-02 plugin id 75493 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/75493 title openSUSE Security Update : flash-player (flash-player-3474) NASL family Windows NASL id ADOBE_READER_APSB10-28.NASL description The version of Adobe Reader installed on the remote host is earlier than 9.4.1. Such versions are reportedly affected by multiple vulnerabilities : - A memory corruption vulnerability exists that could lead to code execution. Note that this issue does not affect Adobe Reader 8.x. (CVE-2010-3654) - An input validation issue exists that could lead to a bypass of cross-domain policy file restrictions with certain server encodings. (CVE-2010-3636) - A memory corruption vulnerability exists in the ActiveX component. (CVE-2010-3637) - An unspecified issue exists which could lead to a denial of service or potentially arbitrary code execution. (CVE-2010-3639) - Multiple memory corruption issues exist that could lead to arbitrary code execution. (CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652) - A library-loading vulnerability could lead to code execution. (CVE-2010-3976) - A memory corruption vulnerability exists that could lead to code execution. (CVE-2010-4091) last seen 2020-06-01 modified 2020-06-02 plugin id 50614 published 2010-11-16 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50614 title Adobe Reader < 9.4.1 Multiple Vulnerabilities (APSB10-28) NASL family SuSE Local Security Checks NASL id SUSE_11_2_FLASH-PLAYER-101104.NASL description Adobe Flash Player was updated to version 10.1.102.64 to fix a critical security issue. CVE-2010-3636 CVE-2010-3637 CVE-2010-3638 CVE-2010-3639 CVE-2010-3640 CVE-2010-3641 CVE-2010-3642 CVE-2010-3643 CVE-2010-3644 CVE-2010-3645 CVE-2010-3646 CVE-2010-3647 CVE-2010-3648 CVE-2010-3649 CVE-2010-3650 CVE-2010-3651 CVE-2010-3652 CVE-2010-3654 CVE-2010-3976 last seen 2020-06-01 modified 2020-06-02 plugin id 53718 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53718 title openSUSE Security Update : flash-player (flash-player-3474) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201101-09.NASL description The remote host is affected by the vulnerability described in GLSA-201101-09 (Adobe Flash Player: Multiple vulnerabilities) Multiple vulnerabilities were discovered in Adobe Flash Player. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below. Impact : A remote attacker could entice a user to open a specially crafted SWF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 51658 published 2011-01-24 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51658 title GLSA-201101-09 : Adobe Flash Player: Multiple vulnerabilities NASL family Windows NASL id FLASH_PLAYER_APSB10-26.NASL description The remote Windows host contains a version of Adobe Flash Player 9.x before 9.0.289 or 10.x earlier than 10.1.102.64. Such versions are potentially affected by multiple vulnerabilities : - A memory corruption vulnerability exists that could lead to code execution. Note that there are reports that this is being actively exploited in the wild. (CVE-2010-3654) - An input validation issue exists that could lead to a bypass of cross-domain policy file restrictions with certain server encodings. (CVE-2010-3636) - A memory corruption vulnerability exists in the ActiveX component. (CVE-2010-3637) - An unspecified issue exists which could lead to a denial of service or potentially arbitrary code execution. (CVE-2010-3639) - Multiple memory corruption issues exist that could lead to arbitrary code execution. (CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652) - A library-loading vulnerability could lead to code execution. (CVE-2010-3976) last seen 2020-06-01 modified 2020-06-02 plugin id 50493 published 2010-11-05 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50493 title Flash Player < 9.0.289 / 10.1.102.64 Multiple Vulnerabilities (APSB10-26)
Oval
| accepted | 2015-08-03T04:01:59.454-04:00 | ||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||
| description | Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player. | ||||||||||||||||||||||||||||||||
| family | windows | ||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:6926 | ||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||
| submitted | 2010-10-25T11:28:34 | ||||||||||||||||||||||||||||||||
| title | Untrusted search path vulnerability in Adobe Flash Player version less than 9.0.289.0 and 10.x before 10.1.102.64 | ||||||||||||||||||||||||||||||||
| version | 67 |
References
- http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29
- http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html
- http://marc.info/?l=bugtraq&m=130331642631603&w=2
- http://marc.info/?l=bugtraq&m=130331642631603&w=2
- http://marc.info/?l=bugtraq&m=130331642631603&w=2
- http://marc.info/?l=bugtraq&m=130331642631603&w=2
- http://secunia.com/advisories/43026
- http://secunia.com/advisories/43026
- http://security.gentoo.org/glsa/glsa-201101-09.xml
- http://security.gentoo.org/glsa/glsa-201101-09.xml
- http://support.apple.com/kb/HT4435
- http://support.apple.com/kb/HT4435
- http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt
- http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt
- http://www.adobe.com/support/security/bulletins/apsb10-26.html
- http://www.adobe.com/support/security/bulletins/apsb10-26.html
- http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00070.html
- http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00070.html
- http://www.securityfocus.com/archive/1/514653/100/0/threaded
- http://www.securityfocus.com/archive/1/514653/100/0/threaded
- http://www.securityfocus.com/bid/44671
- http://www.securityfocus.com/bid/44671
- http://www.vupen.com/english/advisories/2010/2903
- http://www.vupen.com/english/advisories/2010/2903
- http://www.vupen.com/english/advisories/2011/0192
- http://www.vupen.com/english/advisories/2011/0192
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6926
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6926