Vulnerability Name:

CVE-2010-3975 (CCN-61840)

Assigned:2010-09-13
Published:2010-09-13
Updated:2018-10-30
Summary:Untrusted search path vulnerability in Adobe Flash Player 9 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as a file that is processed by Flash.
Per: http://cwe.mitre.org/data/definitions/426.html

'CWE-426: Untrusted Search Path'
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.5 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: python Issue6706
asyncore's accept() is broken

Source: MITRE
Type: CNA
CVE-2010-3492

Source: MITRE
Type: CNA
CVE-2010-3975

Source: MITRE
Type: CNA
CVE-2010-3976

Source: CCN
Type: SA41279
Python asyncore Module accept() Denial of Service Vulnerability

Source: CCN
Type: GLSA-201101-09
Adobe Flash Player: Multiple vulnerabilities

Source: CCN
Type: OSVDB ID: 68098
Python asyncore Module accept() Method Incorrect Error Handling DoS

Source: CCN
Type: OSVDB ID: 68696
pyftpdlib ftpserver.py FTPHandler Class Race Condition TCP Connection Termination Multiple Error Remote DoS

Source: CCN
Type: OSVDB ID: 68737
Adobe Flash Player Path Subversion Arbitrary DLL Injection Code Execution

Source: CCN
Type: OSVDB ID: 68738
Python asyncore Module Accept Function Call Network Connection Application Termination DoS

Source: CCN
Type: OSVDB ID: 68739
Python smptd Module smtpd.py Race Condition TCP Connection Termination Multiple Error Remote DoS

Source: CCN
Type: Python Web site
Python Programming Language -- Official Website

Source: BUGTRAQ
Type: Exploit
20100827 Flash Player 9 DLL Hijacking Exploit (schannel.dll)

Source: CCN
Type: BID-43233
Python Asyncore Module 'accept()' function Remote Denial of Service Vulnerability

Source: CCN
Type: BID-44671
Adobe Flash Player DLL Loading Arbitrary Code Execution Vulnerability

Source: XF
Type: UNKNOWN
python-accept-dos(61840)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:12212

Source: SUSE
Type: SUSE-SA:2010:055
Adobe Flash Player security problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:flash_player:9.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:python:python:1.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:1.6:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:1.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.3.7:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:0.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:0.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:3.0:-:*:*:*:*:*:*
  • OR cpe:/a:python:python:3.1.1:-:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:3.1.2:-:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:12212
    V
    		Untrusted search path vulnerability in Adobe Flash Player 9 and earlier versions.
    2015-08-03
    BACK
    adobe flash player 9.0
    python python 1.5.2
    python python 2.2
    python python 2.2.1
    python python 2.4
    python python 2.5
    python python 1.6
    python python 1.6.1
    python python 2.0
    python python 2.0.1
    python python 2.1
    python python 2.1.1
    python python 2.1.2
    python python 2.1.3
    python python 2.2.2
    python python 2.2.3
    python python 2.3
    python python 2.3.1
    python python 2.3.2
    python python 2.3.3
    python python 2.3.4
    python python 2.3.5
    python python 2.4.1
    python python 2.4.2
    python python 2.4.3
    python python 2.4.4
    python python 2.5.1
    python python 2.5.2
    python python 2.3.7
    python python 2.4.6
    python python 2.5.4
    python python 2.5.3
    python python 3.0.1
    python python 0.9.0
    python python 0.9.1
    python python 1.2
    python python 1.3
    python python 2.6
    python python 2.6.1
    python python 2.6.4
    python python 3.0
    python python 3.1.1
    python python 2.7
    python python 3.1.2
    gentoo linux *
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandriva linux 2009.0
    mandriva linux 2009.0 -
    mandriva linux 2009.1
    mandriva linux 2009.1
    mandriva enterprise server 5
    mandriva enterprise server 5
    mandriva linux 2010
    mandriva linux 2010