{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-11-04T00:00:00", "descriptions": [{"lang": "en", "value": "Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"name": "ADV-2011-0192", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0192"}, {"name": "42183", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42183"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT4435"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1"}, {"name": "43026", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43026"}, {"name": "GLSA-201101-09", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"}, {"name": "ADV-2010-2918", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2918"}, {"name": "44691", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/44691"}, {"name": "APPLE-SA-2010-11-10-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"name": "JVNDB-2010-000054", "tags": ["third-party-advisory", "x_refsource_JVNDB"], "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html"}, {"name": "RHSA-2010:0834", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0834.html"}, {"name": "SUSE-SA:2010:055", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html"}, {"name": "42926", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42926"}, {"name": "SSRT100428", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2"}, {"name": "ADV-2010-2903", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2903"}, {"name": "HPSBMA02663", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2"}, {"name": "ADV-2011-0173", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0173"}, {"name": "JVN#48425028", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN48425028/index.html"}, {"name": "oval:org.mitre.oval:def:15913", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html"}, {"name": "oval:org.mitre.oval:def:12142", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142"}, {"name": "ADV-2010-2906", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2906"}, {"name": "RHSA-2010:0867", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0867.html"}, {"name": "RHSA-2010:0829", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0829.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "ID": "CVE-2010-3636", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2011-0192", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0192"}, {"name": "42183", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42183"}, {"name": "http://support.apple.com/kb/HT4435", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4435"}, {"name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1", "refsource": "CONFIRM", "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1"}, {"name": "43026", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43026"}, {"name": "GLSA-201101-09", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"}, {"name": "ADV-2010-2918", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2918"}, {"name": "44691", "refsource": "BID", "url": "http://www.securityfocus.com/bid/44691"}, {"name": "APPLE-SA-2010-11-10-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"name": "JVNDB-2010-000054", "refsource": "JVNDB", "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html"}, {"name": "RHSA-2010:0834", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0834.html"}, {"name": "SUSE-SA:2010:055", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html"}, {"name": "42926", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42926"}, {"name": "SSRT100428", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2"}, {"name": "ADV-2010-2903", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2903"}, {"name": "HPSBMA02663", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2"}, {"name": "ADV-2011-0173", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0173"}, {"name": "JVN#48425028", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN48425028/index.html"}, {"name": "oval:org.mitre.oval:def:15913", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913"}, {"name": "http://www.adobe.com/support/security/bulletins/apsb10-26.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html"}, {"name": "oval:org.mitre.oval:def:12142", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142"}, {"name": "ADV-2010-2906", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2906"}, {"name": "RHSA-2010:0867", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0867.html"}, {"name": "RHSA-2010:0829", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0829.html"}]}}}}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2010-3636", "datePublished": "2010-11-07T21:00:00", "dateReserved": "2010-09-28T00:00:00", "dateUpdated": "2017-09-18T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "537D901A-6065-4910-82F0-96ED52993190", "versionEndExcluding": "9.0.289.0", "versionStartIncluding": "9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D98F767-E239-4C7A-AE9A-48E4BCE2DFEE", "versionEndExcluding": "10.1.102.64", "versionStartIncluding": "10.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}, {"criteria": "cpe:2.3:o:sun:solaris:-:*:*:*:*:*:*:*", "matchCriteriaId": "76B8E33C-4346-4318-B461-3C9547372C67", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C559189-78B4-4D65-B2C0-BE2A812B0FFE", "versionEndIncluding": "10.1.95.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors."}, {"lang": "es", "value": "Adobe Flash Player anterior v9.0.289.0 y v10.x anterior a v10.1.102.64 en Windows, Mac OS X, Linux, y Solaris, y v10.1.95.1 en Android, no maneja adecuadamente codificaciones no especificadas durante el parseo de los ficheros de pol\u00edticas de cruce de dominios, lo que permite a servidores web remotos evitar las restricciones de acceso a trav\u00e9s de vectores no especificados."}], "id": "CVE-2010-3636", "lastModified": "2024-05-17T17:27:59.167", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-11-07T22:00:01.863", "references": [{"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://jvn.jp/en/jp/JVN48425028/index.html"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html"}, {"source": "psirt@adobe.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html"}, {"source": "psirt@adobe.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/42183"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/42926"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/43026"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT4435"}, {"source": "psirt@adobe.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0829.html"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0834.html"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0867.html"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/44691"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2903"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2906"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2918"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0173"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0192"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}