CVE-2010-0378 — Use After Free in Adobe Flash Player

CWE-416 — Use After Free6 documents4 sources

Severity

9.3CRITICALNVD

NVD8.8

EPSS

13.8%

top 5.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player

Timeline

PublishedJan 21

Latest updateMay 2

Description

Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability."

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDadobe/flash_player6.0.21.0, 6.0.79+1

Patches

Patch: www.microsoft.com ↗Patch: www.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-mw25-vxhh-vf58: Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and S↗2022-05-02

▶

GHSA

GHSA-r859-p3hv-36hf: Use-after-free vulnerability in Adobe Flash Player 6↗2022-05-02

▶

📐Framework References

CWE

Use After Free↗

▶

💬Community

Bugzilla

CVE-2010-1428 JBoss Application Server Web Console Authentication bypass↗2010-04-26

▶