漏洞起因
设计错误
危险等级
低
影响系统
Adobe Flash Player 10.1.53 .64
Adobe Flash Player 10.1.51 .66
Adobe Flash Player 10.0.45 2
Adobe Flash Player 10.0.45 2
Adobe Flash Player 10.0.32 18
Adobe Flash Player 10.0.22 .87
Adobe Flash Player 10.0.15 .3
Adobe Flash Player 10.0.12 .36
Adobe Flash Player 10.0.12 .35
Adobe Flash Player 9.0.262
Adobe Flash Player 9.0.246 0
Adobe Flash Player 9.0.152 .0
Adobe Flash Player 9.0.151 .0
Adobe Flash Player 9.0.124 .0
Adobe Flash Player 9.0.48.0
Adobe Flash Player 9.0.47.0
Adobe Flash Player 9.0.45.0
Adobe Flash Player 9.0.31.0
Adobe Flash Player 9.0.28.0
Adobe Flash Player 9.0.260.0
Adobe Flash Player 9.0.246.0
Adobe Flash Player 9.0.159.0
Adobe Flash Player 9.0.115.0
Adobe Flash Player 9
Adobe Flash Player 8.0.35.0
Adobe Flash Player 8.0.34.0
Adobe Flash Player 8
Adobe Flash Player 7.0.70.0
Adobe Flash Player 7.0.69.0
Adobe Flash Player 7
Adobe Flash Player 10.1 Release Candida
Adobe Flash Player 10.0.42.34
Adobe Flash Player 10.0.32.18
Adobe Flash Player 10
Adobe AIR 1.5.3 .9130
Adobe AIR 1.5.3 .9120
Adobe AIR 1.5.3
Adobe AIR 1.5.2
Adobe AIR 1.5.1
Adobe AIR 2.0.2.12610
Adobe AIR 1.5
Adobe AIR 1.1
Adobe AIR 1.01
Adobe AIR 1.0
不受影响系统
Adobe Flash Player 9.0.280
Adobe Flash Player 10.1.82.76
Adobe AIR 2.0.3
危害
远程攻击者可以利用漏洞使应用程序崩溃或执行任意代码。
攻击所需条件
攻击者必须访问Adobe ColdFusion。
漏洞信息
Adobe Flash Player是一款Flash文件处理程序。Adobe AIR是Adobe公司出品的跨操作系统的运行时库,通过它开发者可利用现有的Web开发技术。
Adobe Flash Player/AIR存在多个安全漏洞,远程攻击者可以利用漏洞使应用程序崩溃或执行任意代码。
-存在未明内存破坏漏洞允许任意代码执行(CVE-2010-0209,CVE-2010-2188,CVE-2010-2214,CVE-2010-2216)。
-存在多个内存破坏漏洞允许任意代码执行(CVE-2010-2213)。
-存在漏洞可导致点击劫持攻击(CVE-2010-2215)。
测试方法
厂商解决方案
用户可参考如下供应商提供的安全公告获得安全补丁:
http://www.adobe.com/support/security/bulletins/apsb10-16.html
漏洞提供者
Will Dormann of CERT, Lenovo Security Technologies (Beijing), Inc and Jaran Benke
0 条评论。