CVE-2010-2162
Adobe Flash Player Multiple Atom MP4 Parsing Remote Code Execution Vulnerability
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2) STSZ, and (3) STCO atoms.
Adobe Flash Player anterior a v9.0.277.0 y v10.x anterior a v10.1.53.64, y Adobe AIR anterior a v2.0.2.12610, permite a los atacantes causar una denegación de servicio (corrupción de la memoria dinámica) o la posible ejecución de código a su elección a través de vectores no especificados.
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the code responsible for parsing embedded MP4 files. When handling the STSC, STSZ, and STCO atoms the player can be made to improperly calculate length values later used as size parameters during memory copy operations. By providing a specially crafted file an attacker can corrupt heap memory and execute arbitrary code under the context of the currently logged in user.
*Credits:
Damian Put
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-06-07 CVE Reserved
- 2010-06-15 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (32)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.adobe.com/support/security/bulletins/apsb10-14.html | 2018-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.16 Search vendor "Adobe" for product "Flash Player" and version "9.0.16" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.20 Search vendor "Adobe" for product "Flash Player" and version "9.0.20" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.20.0 Search vendor "Adobe" for product "Flash Player" and version "9.0.20.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.28 Search vendor "Adobe" for product "Flash Player" and version "9.0.28" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.28.0 Search vendor "Adobe" for product "Flash Player" and version "9.0.28.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.31 Search vendor "Adobe" for product "Flash Player" and version "9.0.31" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.31.0 Search vendor "Adobe" for product "Flash Player" and version "9.0.31.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.45.0 Search vendor "Adobe" for product "Flash Player" and version "9.0.45.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.47.0 Search vendor "Adobe" for product "Flash Player" and version "9.0.47.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.48.0 Search vendor "Adobe" for product "Flash Player" and version "9.0.48.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.115.0 Search vendor "Adobe" for product "Flash Player" and version "9.0.115.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.124.0 Search vendor "Adobe" for product "Flash Player" and version "9.0.124.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.125.0 Search vendor "Adobe" for product "Flash Player" and version "9.0.125.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.151.0 Search vendor "Adobe" for product "Flash Player" and version "9.0.151.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.152.0 Search vendor "Adobe" for product "Flash Player" and version "9.0.152.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.159.0 Search vendor "Adobe" for product "Flash Player" and version "9.0.159.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.246.0 Search vendor "Adobe" for product "Flash Player" and version "9.0.246.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.260.0 Search vendor "Adobe" for product "Flash Player" and version "9.0.260.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.262.0 Search vendor "Adobe" for product "Flash Player" and version "9.0.262.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 10.0.45.2 Search vendor "Adobe" for product "Flash Player" and version " <= 10.0.45.2" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 10.0.0.584 Search vendor "Adobe" for product "Flash Player" and version "10.0.0.584" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 10.0.12.10 Search vendor "Adobe" for product "Flash Player" and version "10.0.12.10" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 10.0.12.36 Search vendor "Adobe" for product "Flash Player" and version "10.0.12.36" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 10.0.15.3 Search vendor "Adobe" for product "Flash Player" and version "10.0.15.3" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 10.0.22.87 Search vendor "Adobe" for product "Flash Player" and version "10.0.22.87" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 10.0.32.18 Search vendor "Adobe" for product "Flash Player" and version "10.0.32.18" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 10.0.42.34 Search vendor "Adobe" for product "Flash Player" and version "10.0.42.34" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 6.0.79 Search vendor "Adobe" for product "Flash Player" and version "6.0.79" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.0 Search vendor "Adobe" for product "Flash Player" and version "7.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.0.1 Search vendor "Adobe" for product "Flash Player" and version "7.0.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.0.14.0 Search vendor "Adobe" for product "Flash Player" and version "7.0.14.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.0.19.0 Search vendor "Adobe" for product "Flash Player" and version "7.0.19.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.0.24.0 Search vendor "Adobe" for product "Flash Player" and version "7.0.24.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.0.25 Search vendor "Adobe" for product "Flash Player" and version "7.0.25" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.0.53.0 Search vendor "Adobe" for product "Flash Player" and version "7.0.53.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.0.60.0 Search vendor "Adobe" for product "Flash Player" and version "7.0.60.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.0.61.0 Search vendor "Adobe" for product "Flash Player" and version "7.0.61.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.0.63 Search vendor "Adobe" for product "Flash Player" and version "7.0.63" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.0.66.0 Search vendor "Adobe" for product "Flash Player" and version "7.0.66.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.0.67.0 Search vendor "Adobe" for product "Flash Player" and version "7.0.67.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.0.68.0 Search vendor "Adobe" for product "Flash Player" and version "7.0.68.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.0.69.0 Search vendor "Adobe" for product "Flash Player" and version "7.0.69.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.0.70.0 Search vendor "Adobe" for product "Flash Player" and version "7.0.70.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.0.73.0 Search vendor "Adobe" for product "Flash Player" and version "7.0.73.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.1 Search vendor "Adobe" for product "Flash Player" and version "7.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.1.1 Search vendor "Adobe" for product "Flash Player" and version "7.1.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.2 Search vendor "Adobe" for product "Flash Player" and version "7.2" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 8.0 Search vendor "Adobe" for product "Flash Player" and version "8.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 8.0.22.0 Search vendor "Adobe" for product "Flash Player" and version "8.0.22.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 8.0.24.0 Search vendor "Adobe" for product "Flash Player" and version "8.0.24.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 8.0.33.0 Search vendor "Adobe" for product "Flash Player" and version "8.0.33.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 8.0.34.0 Search vendor "Adobe" for product "Flash Player" and version "8.0.34.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 8.0.35.0 Search vendor "Adobe" for product "Flash Player" and version "8.0.35.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 8.0.39.0 Search vendor "Adobe" for product "Flash Player" and version "8.0.39.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 8.0.42.0 Search vendor "Adobe" for product "Flash Player" and version "8.0.42.0" | - |
Affected
| ||||||
| Macromedia Search vendor "Macromedia" | Flash Player Search vendor "Macromedia" for product "Flash Player" | 5.0 Search vendor "Macromedia" for product "Flash Player" and version "5.0" | - |
Affected
| ||||||
| Macromedia Search vendor "Macromedia" | Flash Player Search vendor "Macromedia" for product "Flash Player" | 5.0.30.0 Search vendor "Macromedia" for product "Flash Player" and version "5.0.30.0" | - |
Affected
| ||||||
| Macromedia Search vendor "Macromedia" | Flash Player Search vendor "Macromedia" for product "Flash Player" | 5.0.41.0 Search vendor "Macromedia" for product "Flash Player" and version "5.0.41.0" | - |
Affected
| ||||||
| Macromedia Search vendor "Macromedia" | Flash Player Search vendor "Macromedia" for product "Flash Player" | 5.0.42.0 Search vendor "Macromedia" for product "Flash Player" and version "5.0.42.0" | - |
Affected
| ||||||
| Macromedia Search vendor "Macromedia" | Flash Player Search vendor "Macromedia" for product "Flash Player" | 5.0.58.0 Search vendor "Macromedia" for product "Flash Player" and version "5.0.58.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Air Search vendor "Adobe" for product "Air" | <= 1.5.3.9130 Search vendor "Adobe" for product "Air" and version " <= 1.5.3.9130" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Air Search vendor "Adobe" for product "Air" | 1.0 Search vendor "Adobe" for product "Air" and version "1.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Air Search vendor "Adobe" for product "Air" | 1.1 Search vendor "Adobe" for product "Air" and version "1.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Air Search vendor "Adobe" for product "Air" | 1.5 Search vendor "Adobe" for product "Air" and version "1.5" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Air Search vendor "Adobe" for product "Air" | 1.5.1 Search vendor "Adobe" for product "Air" and version "1.5.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Air Search vendor "Adobe" for product "Air" | 1.5.2 Search vendor "Adobe" for product "Air" and version "1.5.2" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Air Search vendor "Adobe" for product "Air" | 1.5.3 Search vendor "Adobe" for product "Air" and version "1.5.3" | - |
Affected
| ||||||