CVE-2010-2160

Related Files

Gentoo Linux Security Advisory 201101-09

Posted Jan 21, 2011

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201101-9 - Multiple vulnerabilities in Adobe Flash Player might allow remote attackers to execute arbitrary code or cause a Denial of Service. Versions less than 10.1.102.64 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2008-4546, CVE-2009-3793, CVE-2010-0186, CVE-2010-0187, CVE-2010-0209, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182

SHA-256 | c6cdc7639bd5039788276ccd46124edec6556cdbe06393e2fee124c513405ba0

Download | Favorite | View

Zero Day Initiative Advisory 10-115

Posted Jun 26, 2010

Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-115 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AVM bytecode verifier. Specifically, the newFrameState method performs arithmetic when calculating the size of a stack frame. It implicitly trusts the max_scope and max_stack variables as obtained from the bytecode. By crafting specific values, the integer indicating the size of the frame can be made to overflow. This value is later used during memory copy operations which an attacker can influence to gain arbitrary code execution under the context of the user running the browser.

tags | advisory, remote, overflow, arbitrary, code execution

advisories | CVE-2010-2160

SHA-256 | 139e76865c566f8d4bd7f23f54fbaf8173ed164ea7d438acc9c3348fae886f55

Download | Favorite | View

Zero Day Initiative Advisory 10-114

Posted Jun 26, 2010

Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-114 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required in that a target must visit a malicious web page. The specific vulnerability exists within the parsing of an undocumented opcode within Adobe's ActionScript Virtual Machine 2 bytecode. The operand to this opcode is used as an offset to a structure and if set to a malicious value can be pointed to attacker controlled data. The structure contains a function pointer that is later called. If an attacker modifies the controlled data pointed to by the invalid offset, this function pointer can be set to point to malicious code thus gaining execution under the context of the user running the browser.

tags | advisory, web, arbitrary

advisories | CVE-2010-2160

SHA-256 | bc523bf97a29c0519e786f3f7ff150ec48db8fe0ec2c26715708d5e08820be3f

Download | Favorite | View