CVE-2010-3637 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Flash Player

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

12.8%

top 5.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player

Timeline

PublishedNov 7

Latest updateMay 13

Description

An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 (Flash10h.ocx) on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FLV video.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDadobe/flash_player9.0 — 9.0.289.0+1

Patches

Patch: www.adobe.com ↗Patch: www.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-pwjx-cx2h-hr2h: An unspecified ActiveX control in Adobe Flash Player before 9↗2022-05-13

▶

💬Community

Bugzilla

flash-plugin: security bulletin APSB10-26↗2010-11-04

▶