Buffer overflow in Adobe Air

CVE-2010-2185

Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors.

Vulnerability class: Buffer Overflow

EPSS: 0.012 (78.9th percentile) — read the EPSS interpretation.

Affected products

Adobe Air — versions 1.0, 1.5.1, 1.5
Adobe Flash_player — versions 7.2, 7.0.63, 7.0.1
Macromedia Flash_player — versions 5.0.41.0, 5.0.58.0, 5.0
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

oval:org.mitre.oval:def:7577 (x_refsource_OVAL, signature, vdb-entry)
ADV-2011-0192 (vdb-entry, x_refsource_VUPEN)
ADV-2010-1421 (vdb-entry, x_refsource_VUPEN)
psirt@adobe.com (x_refsource_CONFIRM)
40545 (x_refsource_SECUNIA, third-party-advisory)
RHSA-2010:0464 (x_refsource_REDHAT, vendor-advisory)
ADV-2010-1793 (vdb-entry, x_refsource_VUPEN)
43026 (x_refsource_SECUNIA, third-party-advisory)
ADV-2010-1432 (vdb-entry, x_refsource_VUPEN)
GLSA-201101-09 (vendor-advisory, x_refsource_GENTOO)