Vulnerability Details : CVE-2010-3646

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.
Publish Date : 2010-11-07 Last Update Date : 2011-07-18

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Related Tweets Even more tweets Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

Cvss Score	9.3
Confidentiality Impact	Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact	Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact	Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity	Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Denial Of ServiceExecute CodeMemory corruption
CWE ID	CWE id is not defined for this vulnerability

- Additional Vendor Supplied Data

Vendor	Impact	CVSS Score	CVSS Vector	Report Date	Publish Date
Redhat	critical	6.8	AV:N/AC:M/Au:N/C:P/I:P/A:P	2010-11-04	2010-11-04

If you are a vendor and you have additional data which can be automatically imported into our database, please contact admin @ cvedetails.com

- Related OVAL Definitions

Title	Definition Id	Family
CVE-2010-3646	oval:org.opensuse.security:def:20103646	unix
RHSA-2010:0829: flash-plugin security update (Critical)	oval:com.redhat.rhsa:def:20100829	unix
RHSA-2010:0867: flash-plugin security update (Critical)	oval:com.redhat.rhsa:def:20100867	unix
Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adob...	oval:org.mitre.oval:def:16183	macos
Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adob...	oval:org.mitre.oval:def:11922	windows

OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2010-3646

#	Product Type	Vendor	Product	Version
1	Application	Adobe	Flash Player	9.0.16	Details Vulnerabilities
2	Application	Adobe	Flash Player	9.0.18d60	Details Vulnerabilities
3	Application	Adobe	Flash Player	9.0.20	Details Vulnerabilities
4	Application	Adobe	Flash Player	9.0.20.0	Details Vulnerabilities
5	Application	Adobe	Flash Player	9.0.28	Details Vulnerabilities
6	Application	Adobe	Flash Player	9.0.28.0	Details Vulnerabilities
7	Application	Adobe	Flash Player	9.0.31	Details Vulnerabilities
8	Application	Adobe	Flash Player	9.0.31.0	Details Vulnerabilities
9	Application	Adobe	Flash Player	9.0.45.0	Details Vulnerabilities
10	Application	Adobe	Flash Player	9.0.47.0	Details Vulnerabilities
11	Application	Adobe	Flash Player	9.0.48.0	Details Vulnerabilities
12	Application	Adobe	Flash Player	9.0.112.0	Details Vulnerabilities
13	Application	Adobe	Flash Player	9.0.114.0	Details Vulnerabilities
14	Application	Adobe	Flash Player	9.0.115.0	Details Vulnerabilities
15	Application	Adobe	Flash Player	9.0.124.0	Details Vulnerabilities
16	Application	Adobe	Flash Player	9.0.125.0	Details Vulnerabilities
17	Application	Adobe	Flash Player	9.0.151.0	Details Vulnerabilities
18	Application	Adobe	Flash Player	9.0.152.0	Details Vulnerabilities
19	Application	Adobe	Flash Player	9.0.155.0	Details Vulnerabilities
20	Application	Adobe	Flash Player	9.0.159.0	Details Vulnerabilities
21	Application	Adobe	Flash Player	9.0.246.0	Details Vulnerabilities
22	Application	Adobe	Flash Player	9.0.260.0	Details Vulnerabilities
23	Application	Adobe	Flash Player	9.0.262.0	Details Vulnerabilities
24	Application	Adobe	Flash Player	9.0.277.0	Details Vulnerabilities
25	Application	Adobe	Flash Player	10.0.0.584	Details Vulnerabilities
26	Application	Adobe	Flash Player	10.0.12.10	Details Vulnerabilities
27	Application	Adobe	Flash Player	10.0.12.36	Details Vulnerabilities
28	Application	Adobe	Flash Player	10.0.15.3	Details Vulnerabilities
29	Application	Adobe	Flash Player	10.0.22.87	Details Vulnerabilities
30	Application	Adobe	Flash Player	10.0.32.18	Details Vulnerabilities
31	Application	Adobe	Flash Player	10.0.42.34	Details Vulnerabilities
32	Application	Adobe	Flash Player	10.0.45.2	Details Vulnerabilities
33	Application	Adobe	Flash Player	10.1.52.14.1	Details Vulnerabilities
34	Application	Adobe	Flash Player	10.1.52.15	Details Vulnerabilities
35	Application	Adobe	Flash Player	10.1.53.64	Details Vulnerabilities
36	Application	Adobe	Flash Player	10.1.82.76	Details Vulnerabilities
37	Application	Adobe	Flash Player	10.1.85.3	Details Vulnerabilities
38	Application	Adobe	Flash Player	10.1.92.8	Details Vulnerabilities
39	Application	Adobe	Flash Player	10.1.92.10	Details Vulnerabilities
40	Application	Adobe	Flash Player	10.1.95.1	Details Vulnerabilities
41	Application	Adobe	Flash Player	10.1.95.2	Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Adobe	Flash Player	41

- References For CVE-2010-3646

http://security.gentoo.org/glsa/glsa-201101-09.xml
GENTOO GLSA-201101-09

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1 CONFIRM

http://marc.info/?l=bugtraq&m=130331642631603&w=2
HP SSRT100428

http://secunia.com/advisories/42926
SECUNIA 42926

http://secunia.com/advisories/42183
SECUNIA 42183

http://www.vupen.com/english/advisories/2011/0192
VUPEN ADV-2011-0192

http://www.vupen.com/english/advisories/2011/0173
VUPEN ADV-2011-0173

http://support.apple.com/kb/HT4435 CONFIRM

http://www.vupen.com/english/advisories/2010/2906
VUPEN ADV-2010-2906

http://www.redhat.com/support/errata/RHSA-2010-0829.html
REDHAT RHSA-2010:0829

http://www.adobe.com/support/security/bulletins/apsb10-26.html CONFIRM

http://www.redhat.com/support/errata/RHSA-2010-0867.html
REDHAT RHSA-2010:0867

http://www.securityfocus.com/bid/44682
BID 44682 Adobe Flash Player CVE-2010-3646 Remote Memory Corruption Vulnerability Release Date:2010-11-12

http://www.vupen.com/english/advisories/2010/2903
VUPEN ADV-2010-2903

http://www.vupen.com/english/advisories/2010/2918
VUPEN ADV-2010-2918

http://secunia.com/advisories/43026
SECUNIA 43026

http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html
SUSE SUSE-SA:2010:055

http://www.redhat.com/support/errata/RHSA-2010-0834.html
REDHAT RHSA-2010:0834

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
APPLE APPLE-SA-2010-11-10-1

- Vulnerability Conditions

Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Adobe Flash Player 10.1.85.3 Adobe Flash Player 10.1.95.2 Adobe Flash Player 10.1.95.1 Adobe Flash Player 10.1.92.8 Adobe Flash Player 10.1.52.15 Adobe Flash Player 10.1.52.14.1 Adobe Flash Player 10.1.82.76 Adobe Flash Player 10.1.53.64 Adobe Flash Player 10.0.45.2 Adobe Flash Player 10.0.42.34 Adobe Flash Player 10.0.32.18 Adobe Flash Player 10.0.22.87 Adobe Flash Player 10.0.15.3 Adobe Flash Player 10.0.12.36 Adobe Flash Player 10.0.12.10 Adobe Flash Player 10.0.0.584 Adobe Flash Player 10.1.92.10 Adobe Flash Player 9.0.277.0 Adobe Flash Player 9.0.262.0 Adobe Flash Player 9.0.155.0 Adobe Flash Player 9.0.48.0 Adobe Flash Player 9.0.47.0 Adobe Flash Player 9.0.45.0 Adobe Flash Player 9.0.31.0 Adobe Flash Player 9.0.31 Adobe Flash Player 9.0.28.0 Adobe Flash Player 9.0.28 Adobe Flash Player 9.0.260.0 Adobe Flash Player 9.0.246.0 Adobe Flash Player 9.0.20.0 Adobe Flash Player 9.0.20 Adobe Flash Player 9.0.18d60 Adobe Flash Player 9.0.16 Adobe Flash Player 9.0.159.0 Adobe Flash Player 9.0.152.0 Adobe Flash Player 9.0.151.0 Adobe Flash Player 9.0.125.0 Adobe Flash Player 9.0.124.0 Adobe Flash Player 9.0.115.0 Adobe Flash Player 9.0.114.0 Adobe Flash Player 9.0.112.0	Apple Mac Os X Linux Linux Microsoft Windows SUN Solaris
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Adobe Flash Player 10.1.95.1	Google Android

- Metasploit Modules Related To CVE-2010-3646

There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)