Vulnerability Name:

CVE-2010-3648 (CCN-63038)

Assigned:2010-11-04
Published:2010-11-04
Updated:2019-10-09
Summary:Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Sun Blog, 18 Jan 2011
Multiple Vulnerabilities in Adobe Flash Player

Source: CONFIRM
Type: Broken Link
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1

Source: MITRE
Type: CNA
CVE-2010-3648

Source: APPLE
Type: Mailing List, Third Party Advisory
APPLE-SA-2010-11-10-1

Source: SUSE
Type: Third Party Advisory
SUSE-SA:2010:055

Source: HP
Type: Mailing List, Third Party Advisory
SSRT100428

Source: CCN
Type: RHSA-2010-0829
Critical: flash-plugin security update

Source: CCN
Type: RHSA-2010-0834
Critical: flash-plugin security update

Source: CCN
Type: RHSA-2010-0867
Critical: flash-plugin security update

Source: SECUNIA
Type: Third Party Advisory
42183

Source: CCN
Type: SA42926
Oracle Solaris Adobe Flash Player Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
42926

Source: SECUNIA
Type: Third Party Advisory
43026

Source: GENTOO
Type: Third Party Advisory
GLSA-201101-09

Source: CONFIRM
Type: Third Party Advisory
http://support.apple.com/kb/HT4435

Source: CCN
Type: Adobe Product Security Bulletin APSB10-26
Security update available for Adobe Flash Player

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb10-26.html

Source: CCN
Type: GLSA-201101-09
Adobe Flash Player: Multiple vulnerabilities

Source: CCN
Type: OSVDB ID: 69124
Adobe Flash Unspecified Memory Corruption (2010-3648)

Source: REDHAT
Type: Third Party Advisory
RHSA-2010:0829

Source: REDHAT
Type: Third Party Advisory
RHSA-2010:0834

Source: REDHAT
Type: Third Party Advisory
RHSA-2010:0867

Source: BID
Type: Third Party Advisory, VDB Entry
44684

Source: CCN
Type: BID-44684
Adobe Flash Player CVE-2010-3648 Remote Memory Corruption Vulnerability

Source: VUPEN
Type: Third Party Advisory
ADV-2010-2903

Source: VUPEN
Type: Third Party Advisory
ADV-2010-2906

Source: VUPEN
Type: Third Party Advisory
ADV-2010-2918

Source: VUPEN
Type: Third Party Advisory
ADV-2011-0173

Source: VUPEN
Type: Third Party Advisory
ADV-2011-0192

Source: XF
Type: UNKNOWN
flash-unspec-ce-var9(63038)

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:11842

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:15980

Source: SUSE
Type: SUSE-SA:2010:055
Adobe Flash Player security problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 9.0 and < 9.0.289.0)
  • OR cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 10.0 and < 10.1.102.64)
  • AND
  • cpe:/o:apple:mac_os_x:-:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:-:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version <= 10.1.95.1)
  • AND
  • cpe:/o:google:android:-:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/a:redhat:rhel_extras:6:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*
  • OR cpe:/o:oracle:solaris:10:*:*:*:*:*:*:*
  • OR cpe:/o:oracle:solaris:11_express:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20103648
    V
    CVE-2010-3648
    2015-11-16
    oval:org.mitre.oval:def:11842
    V
    Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64
    2015-08-03
    oval:org.mitre.oval:def:23533
    P
    ELSA-2010:0867: flash-plugin security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:23206
    P
    ELSA-2010:0829: flash-plugin security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:22102
    P
    RHSA-2010:0867: flash-plugin security update (Critical)
    2014-02-24
    oval:org.mitre.oval:def:22325
    P
    RHSA-2010:0829: flash-plugin security update (Critical)
    2014-02-24
    oval:org.mitre.oval:def:15980
    V
    Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64
    2013-02-04
    oval:com.redhat.rhsa:def:20100867
    P
    RHSA-2010:0867: flash-plugin security update (Critical)
    2010-11-10
    oval:com.redhat.rhsa:def:20100829
    P
    RHSA-2010:0829: flash-plugin security update (Critical)
    2010-11-05
    BACK
    adobe flash player *
    adobe flash player *
    apple mac os x -
    linux linux -
    microsoft windows -
    sun solaris -
    adobe flash player *
    google android -
    adobe flash player 10.1.85.3
    gentoo linux *
    redhat rhel extras 4
    oracle solaris 10
    oracle solaris 11_express