Buffer overflow in Adobe Air

CVE-2010-2180

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vul…

Vulnerability class: Buffer Overflow

EPSS: 0.009 (76.1th percentile) — read the EPSS interpretation.

Affected products

Adobe Air — versions 1.0, 1.5.1, 1.5
Adobe Flash_player — versions 7.2, 7.0.63, 7.0.1
Macromedia Flash_player — versions 5.0.41.0, 5.0.58.0, 5.0
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

ADV-2011-0192 (vdb-entry, x_refsource_VUPEN)
ADV-2010-1421 (vdb-entry, x_refsource_VUPEN)
psirt@adobe.com (x_refsource_CONFIRM)
40545 (x_refsource_SECUNIA, third-party-advisory)
adobe-air-ce(59329) (vdb-entry, x_refsource_XF)
oval:org.mitre.oval:def:16052 (x_refsource_OVAL, signature, vdb-entry)
RHSA-2010:0464 (x_refsource_REDHAT, vendor-advisory)
ADV-2010-1793 (vdb-entry, x_refsource_VUPEN)
43026 (x_refsource_SECUNIA, third-party-advisory)
ADV-2010-1432 (vdb-entry, x_refsource_VUPEN)