CVE-2010-0186 — Adobe Acrobat vulnerability

6 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

2.9%

top 13.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat Adobe Acrobat Reader Adobe AIR +1 more

Timeline

PublishedFeb 15

Latest updateMay 2

Description

Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

▶NVDadobe/flash_player10.0.42.34+46

▶NVDadobe/acrobat_reader9.3+14

▶NVDadobe/acrobat9.3+15

▶NVDadobe/adobe_air1.5.3.9120+5

Patches

Patch: www.adobe.com ↗Patch: www.adobe.com ↗Patch: www.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-2pfw-x8hw-9289: Cross-domain vulnerability in Adobe Flash Player before 10↗2022-05-02

▶

CVEList

CVE-2010-0186: Cross-domain vulnerability in Adobe Flash Player before 10↗2010-02-15

▶

📋Vendor Advisories

Red Hat

flash-plugin: unauthorized cross-domain requests (APSB10-06)↗2010-02-11

▶

💬Community

Bugzilla

CVE-2010-0186 flash-plugin: unauthorized cross-domain requests (APSB10-06)↗2010-02-11

▶