Buffer overflow in Adobe Air

CVE-2010-2174

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newfunction (0…

Vulnerability class: Buffer Overflow

EPSS: 0.009 (76.1th percentile) — read the EPSS interpretation.

Affected products

Adobe Air — versions 1.0, 1.5.1, 1.5
Adobe Flash_player — versions 7.2, 7.0.63, 7.0.1
Macromedia Flash_player — versions 5.0.41.0, 5.0.58.0, 5.0
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

ADV-2011-0192 (vdb-entry, x_refsource_VUPEN)
ADV-2010-1421 (vdb-entry, x_refsource_VUPEN)
psirt@adobe.com (x_refsource_CONFIRM)
40545 (x_refsource_SECUNIA, third-party-advisory)
RHSA-2010:0464 (x_refsource_REDHAT, vendor-advisory)
ADV-2010-1793 (vdb-entry, x_refsource_VUPEN)
43026 (x_refsource_SECUNIA, third-party-advisory)
ADV-2010-1432 (vdb-entry, x_refsource_VUPEN)
GLSA-201101-09 (vendor-advisory, x_refsource_GENTOO)
TA10-162A (US Government Resource, x_refsource_CERT, third-party-advisory)