CVE-2010-2179

Published Jun 15, 2010

Last updated 3 months ago

CVSS info 4.3

Overview

Description: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.
Source: psirt@adobe.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Evaluator

Comment: -
Impact: Per: http://www.adobe.com/support/security/bulletins/apsb10-14.html 'Affected software versions Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris Adobe AIR 1.5.3.9130 and earlier versions for Windows, Macintosh and Linux'
Solution: Per: http://www.adobe.com/support/security/bulletins/apsb10-14.html 'Affected software versions Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris Adobe AIR 1.5.3.9130 and earlier versions for Windows, Macintosh and Linux'

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20C3001C-53F0-4C18-9CC8-89BDF8C6087D",
            "versionEndExcluding": "9.0.277.0"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F116B4ED-9BC6-4750-B87F-4E5FF2B2B1F3",
            "versionEndExcluding": "10.1.53.64",
            "versionStartIncluding": "10.0.0.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "39B565E1-C2F1-44FC-A517-E3130332B17C"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "97D4FFCF-5309-43B6-9FD5-680C6D535A7F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A520EA13-9274-4E10-84B5-1F1FD9E5CE86",
            "versionEndExcluding": "2.0.2.12610"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "39B565E1-C2F1-44FC-A517-E3130332B17C"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "97D4FFCF-5309-43B6-9FD5-680C6D535A7F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References