Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-0187 — Code Injection in Adobe AIR

CWE-94 — Code Injection9 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

41.7%

top 2.58%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Adobe AIR Adobe Flash Player

Timeline

PublishedFeb 15

Latest updateMay 2

Description

Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDadobe/flash_player10.0.42.34+46

▶NVDadobe/adobe_air1.5.3.9120+5

🔴Vulnerability Details

GHSA

GHSA-pc74-63g2-pjp2: Adobe Flash Player before 10↗2022-05-02

▶

CVEList

CVE-2010-0187: Adobe Flash Player before 10↗2010-02-15

▶

💥Exploits & PoCs

Exploit-DB

Orbit Downloader - Connecting Log Creation Buffer Overflow (Metasploit)↗2010-05-09

▶

Exploit-DB

Microsoft Internet Explorer 6/7/8 - Shockwave Flash Object Denial of Service↗2010-01-18

▶

📋Vendor Advisories

Red Hat

flash-plugin: possible player crash (APSB10-06)↗2010-02-11

▶

💬Community

Bugzilla

CVE-2010-2172 flash-plugin: CVE-2010-0187 "possible player crash" affects also v9.x versions of Adobe Flash Player↗2010-06-10

▶

Bugzilla

CVE-2010-0187 flash-plugin: possible player crash (APSB10-06)↗2010-02-12

▶

Bugzilla

CVE-2010-0186 flash-plugin: unauthorized cross-domain requests (APSB10-06)↗2010-02-11

▶