Buffer overflow in Adobe Air

CVE-2010-2189

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when used in conjunction with VMWare Tools on a VMWare platform, allows attackers to cause a denial of service (memory corruption) or possibl…

Vulnerability class: Buffer Overflow

EPSS: 0.009 (76.5th percentile) — read the EPSS interpretation.

Affected products

Adobe Air — versions 1.0, 1.5.1, 1.5
Adobe Flash_player — versions 7.2, 7.0.63, 7.0.1
Macromedia Flash_player — versions 5.0.41.0, 5.0.58.0, 5.0
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

ADV-2011-0192 (vdb-entry, x_refsource_VUPEN)
ADV-2010-1421 (vdb-entry, x_refsource_VUPEN)
psirt@adobe.com (x_refsource_CONFIRM)
40545 (x_refsource_SECUNIA, third-party-advisory)
ADV-2010-1793 (vdb-entry, x_refsource_VUPEN)
43026 (x_refsource_SECUNIA, third-party-advisory)
GLSA-201101-09 (vendor-advisory, x_refsource_GENTOO)
TA10-162A (US Government Resource, x_refsource_CERT, third-party-advisory)
adobe-fpair-vmware-code-execution(59338) (vdb-entry, x_refsource_XF)
APPLE-SA-2010-11-10-1 (vendor-advisory, x_refsource_APPLE)