RCE in Adobe Air

CVE-2010-2186

Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.010 (77.3th percentile) — read the EPSS interpretation.

Affected products

Adobe Air — versions 1.0, 1.5.1, 1.5
Adobe Flash_player — versions 7.2, 7.0.63, 7.0.1
Macromedia Flash_player — versions 5.0.41.0, 5.0.58.0, 5.0
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

oval:org.mitre.oval:def:7118 (x_refsource_OVAL, signature, vdb-entry)
ADV-2011-0192 (vdb-entry, x_refsource_VUPEN)
ADV-2010-1421 (vdb-entry, x_refsource_VUPEN)
psirt@adobe.com (x_refsource_CONFIRM)
40545 (x_refsource_SECUNIA, third-party-advisory)
oval:org.mitre.oval:def:16285 (x_refsource_OVAL, signature, vdb-entry)
RHSA-2010:0464 (x_refsource_REDHAT, vendor-advisory)
ADV-2010-1793 (vdb-entry, x_refsource_VUPEN)
43026 (x_refsource_SECUNIA, third-party-advisory)
ADV-2010-1432 (vdb-entry, x_refsource_VUPEN)