CVE-2010-0187
published 2010-02-15CVE-2010-0187: Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF…
PriorityP425medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
15.63%
96.4th percentile
Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.
Affected
53 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | adobe_air | <= 1.5.3.9120 | — |
| adobe | adobe_air | — | — |
| adobe | adobe_air | — | — |
| adobe | adobe_air | — | — |
| adobe | adobe_air | — | — |
| adobe | adobe_air | — | — |
| adobe | flash_player | <= 10.0.42.34 | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
Bytes at offsets 1360-1363 of SWF file set to: 0x44, 0x43, 0x42, 0x41
- →A crash-triggering SWF file has specific bytes at offsets 1360–1363 modified to 0x44, 0x43, 0x42, 0x41 respectively. Inspect SWF files for this byte pattern at those offsets as a potential indicator of a weaponized file. ↗
- →Public exploit PoC (exploit-db #11182) targets Internet Explorer 6, 7, and 8 on Windows XP SP3 and Windows 7 via a malicious SWF delivered through the Shockwave Flash Object. ↗
- →CVE-2010-0187 also affects Adobe Flash Player v9.x (tracked separately as CVE-2010-2172); monitor v9.x deployments in addition to v10.x. ↗
- ·Adobe AIR versions before 1.5.3.9130 are also vulnerable to this DoS. ↗
- ·Adobe Reader 9.x embeds Flash Player and was also subject to a related update (APSB10-07); environments running Adobe Reader 9.x should be assessed as well. ↗
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
flash-plugin: possible player crash (APSB10-06)
vendor_redhat·2010-02-11·CVSS 4.3
CVE-2010-0187 [MEDIUM] flash-plugin: possible player crash (APSB10-06)
flash-plugin: possible player crash (APSB10-06)
Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.
GHSA
GHSA-pc74-63g2-pjp2: Adobe Flash Player before 10
ghsa_unreviewed·2022-05-02
CVE-2010-0187 [MEDIUM] CWE-94 GHSA-pc74-63g2-pjp2: Adobe Flash Player before 10
Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.
No detection rules found.
Exploit-DB
Orbit Downloader - Connecting Log Creation Buffer Overflow (Metasploit)
exploitdb·2010-05-09
CVE-2009-0187 Orbit Downloader - Connecting Log Creation Buffer Overflow (Metasploit)
Orbit Downloader - Connecting Log Creation Buffer Overflow (Metasploit)
---
##
# $Id: orbit_connecting.rb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Orbit Downloader Connecting Log Creation Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Orbit Downloader 2.8.4. When an
attacker serves up a malicious web site, abritrary code may be executed.
The PAYLOAD windows/shell_bind_tcp works best.
},
'License' => MSF_LICENSE,
'Author' => [ 'MC' ],
'Version' => '$Revision: 92
Exploit-DB
Microsoft Internet Explorer 6/7/8 - Shockwave Flash Object Denial of Service
exploitdb·2010-01-18
CVE-2010-0187 Microsoft Internet Explorer 6/7/8 - Shockwave Flash Object Denial of Service
Microsoft Internet Explorer 6/7/8 - Shockwave Flash Object Denial of Service
---
# Version: 6/7/8
# Tested on: Windows XP SP3 English & Windows 7
# CVE :
# Code: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/11182.tar.gz (ie_crash.tar.gz)
Description: Modified 1360. byte to 44, 1361. to 43, 1362. 42, 1363.
byte to 41 of a sample swf file, ran it and crash occurred.
Screenshots:
Internet Explorer 6 - XP SP3 - http://www.mertsarica.com/images/ie6_xp_sp3_3.jpg
Internet Explorer 7 - XP SP3 - http://www.mertsarica.com/images/ie7_xp_sp3_1.jpg
Internet Explorer 8 - Windows 7 - http://www.mertsarica.com/images/ie8_win7.jpg
Bugzilla
CVE-2010-2172 flash-plugin: CVE-2010-0187 "possible player crash" affects also v9.x versions of Adobe Flash Player
bugzilla·2010-06-10·CVSS 4.3
CVE-2010-2172 [MEDIUM] CVE-2010-2172 flash-plugin: CVE-2010-0187 "possible player crash" affects also v9.x versions of Adobe Flash Player
CVE-2010-2172 flash-plugin: CVE-2010-0187 "possible player crash" affects also v9.x versions of Adobe Flash Player
Originally, the following CVE-2010-0187 security flaw has been reported
against Adobe Flash Player v10.x and earlier versions:
[1] http://www.adobe.com/support/security/bulletins/apsb10-06.html
CVE-2010-0187 got following description from MITRE:
"Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow
remote attackers to cause a denial of service (application crash) via a
modified SWF file."
Public reproducers for the CVE-2010-0187 are available here:
[2] http://www.exploit-db.com/exploits/11182/
[3] http://sebug.net/exploit/18967/
Further testing showed, this deficiency affects also v9.x based versions
of Adobe Flash Player. This new discovered flaw go
Bugzilla
CVE-2010-0187 flash-plugin: possible player crash (APSB10-06)
bugzilla·2010-02-12·CVSS 4.3
CVE-2010-0187 [MEDIUM] CVE-2010-0187 flash-plugin: possible player crash (APSB10-06)
CVE-2010-0187 flash-plugin: possible player crash (APSB10-06)
Adobe Security Bulletin:
http://www.adobe.com/support/security/bulletins/apsb10-06.html
resolves a "potential Denial of Service issue":
http://www.exploit-db.com/exploits/11182
http://sebug.net/exploit/18967/
Discussion:
This issue has been addressed in following products:
Extras for Red Hat Enterprise Linux 5
Via RHSA-2010:0102 https://rhn.redhat.com/errata/RHSA-2010-0102.html
Bugzilla
CVE-2010-0186 flash-plugin: unauthorized cross-domain requests (APSB10-06)
bugzilla·2010-02-11·CVSS 6.8
CVE-2010-0186 [MEDIUM] CVE-2010-0186 flash-plugin: unauthorized cross-domain requests (APSB10-06)
CVE-2010-0186 flash-plugin: unauthorized cross-domain requests (APSB10-06)
On Thursday, 2010-02-11, Adobe is planning to release updated
tarballs for Adobe Flash Player of version v10.0.42.34,
adressing two security issues:
1, An unspecified critical vulnerability was found in Adobe Flash
Player (and related products), which could allow an attacker to
subvert the domain sandbox and make unauthorized cross-domain
requests. (CVE-2010-0186).
Credit: Michael Yong Park
Vulnerable versions of Adobe Flash Player: v10.0.42.34 and earlier
Not vulnerable versions of Adobe Flash Player: 10.0.45.2
2, An unspecified vulnerability was found in Adobe Flash Player
(and related products), which could allow an attacker to
cause denial of service by unspecified vectors. (CVE-2010-0187)
References:
http:
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.htmlhttp://sebug.net/exploit/18967/http://secunia.com/advisories/38547http://secunia.com/advisories/38915http://secunia.com/advisories/40220http://secunia.com/advisories/43026http://security.gentoo.org/glsa/glsa-201101-09.xmlhttp://securitytracker.com/id?1023585http://support.apple.com/kb/HT4188http://www.adobe.com/support/security/bulletins/apsb10-06.htmlhttp://www.exploit-db.com/exploits/11182http://www.securityfocus.com/bid/38200http://www.vupen.com/english/advisories/2010/1481http://www.vupen.com/english/advisories/2011/0192https://bugzilla.redhat.com/show_bug.cgi?id=564287https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16125https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8393https://rhn.redhat.com/errata/RHSA-2010-0102.htmlhttp://lists.apple.com/archives/security-announce/2010//Jun/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.htmlhttp://sebug.net/exploit/18967/http://secunia.com/advisories/38547http://secunia.com/advisories/38915http://secunia.com/advisories/40220http://secunia.com/advisories/43026http://security.gentoo.org/glsa/glsa-201101-09.xmlhttp://securitytracker.com/id?1023585http://support.apple.com/kb/HT4188http://www.adobe.com/support/security/bulletins/apsb10-06.htmlhttp://www.exploit-db.com/exploits/11182http://www.securityfocus.com/bid/38200http://www.vupen.com/english/advisories/2010/1481http://www.vupen.com/english/advisories/2011/0192https://bugzilla.redhat.com/show_bug.cgi?id=564287https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16125https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8393https://rhn.redhat.com/errata/RHSA-2010-0102.html
2010-02-15
Published