ByteOS Network

Source-psirt@adobe.com

Published At-15 Feb, 2010 | 18:30

Updated At-29 Apr, 2026 | 01:13

Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 6.8

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:P/A:P

CPE Matches

Adobe Inc.

>>adobe_air>>Versions up to 1.5.3.9120(inclusive)

cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*

Adobe Inc.

>>adobe_air>>1.0

cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*

Adobe Inc.

>>adobe_air>>1.1

cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*

Adobe Inc.

>>adobe_air>>1.5.1

cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*

Adobe Inc.

>>adobe_air>>1.5.2

cpe:2.3:a:adobe:adobe_air:1.5.2:*:*:*:*:*:*:*

Adobe Inc.

>>adobe_air>>1.5.3

cpe:2.3:a:adobe:adobe_air:1.5.3:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>Versions up to 10.0.42.34(inclusive)

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>6.0.21.0

cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>6.0.79

cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>7.0

cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>7.0.1

cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>7.0.25

cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>7.0.63

cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>7.0.69.0

cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>7.0.70.0

cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>7.1

cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>7.1.1

cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>7.2

cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>8.0

cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>8.0.22.0

cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>8.0.24.0

cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>8.0.33.0

cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>8.0.34.0

cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>8.0.35.0

cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>8.0.39.0

cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>8.0.42.0

cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>9.0

cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>9.0.16

cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>9.0.18d60

cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>9.0.20

cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>9.0.20.0

cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>9.0.28.0

cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>9.0.31

cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>9.0.31.0

cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>9.0.45.0

cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>9.0.47.0

cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>9.0.48.0

cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>9.0.112.0

cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>9.0.114.0

cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>9.0.115.0

cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>9.0.124.0

cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>9.0.125.0

cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>9.0.151.0

cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>9.0.152.0

cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>9.0.159.0

cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>9.0.246.0

cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>9.0.260.0

cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>9.125.0

cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>10.0.12.10

cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>10.0.12.36

cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

Evaluator Impact

Per: http://www.adobe.com/support/security/bulletins/apsb10-07.html A critical vulnerability has been identified in Adobe Reader 9.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3 for Windows and Macintosh, and Adobe Reader 8.2 and Acrobat 8.2 for Windows and Macintosh. As described in Security Bulletin APSB10-06, this vulnerability (CVE-2010-0186) could subvert the domain sandbox and make unauthorized cross-domain requests. Affected software versions Adobe Reader 9.3 and earlier versions for Windows, Macintosh, and UNIX Adobe Acrobat 9.3 and earlier versions for Windows and Macintosh

References

Hyperlink	Source	Resource
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html	psirt@adobe.com	N/A
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html	psirt@adobe.com	N/A
http://secunia.com/advisories/38547	psirt@adobe.com	Vendor Advisory
http://secunia.com/advisories/38639	psirt@adobe.com	Vendor Advisory
http://secunia.com/advisories/38915	psirt@adobe.com	N/A
http://secunia.com/advisories/40220	psirt@adobe.com	N/A
http://secunia.com/advisories/43026	psirt@adobe.com	N/A
http://security.gentoo.org/glsa/glsa-201101-09.xml	psirt@adobe.com	N/A
http://securitytracker.com/id?1023585	psirt@adobe.com	N/A
http://support.apple.com/kb/HT4188	psirt@adobe.com	N/A
http://www.adobe.com/support/security/bulletins/apsb10-06.html	psirt@adobe.com	Patch Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb10-07.html	psirt@adobe.com	Patch Vendor Advisory
http://www.osvdb.org/62300	psirt@adobe.com	N/A
http://www.redhat.com/support/errata/RHSA-2010-0114.html	psirt@adobe.com	N/A
http://www.securityfocus.com/bid/38198	psirt@adobe.com	N/A
http://www.vupen.com/english/advisories/2010/1481	psirt@adobe.com	N/A
http://www.vupen.com/english/advisories/2011/0192	psirt@adobe.com	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=563819	psirt@adobe.com	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8518	psirt@adobe.com	N/A
https://rhn.redhat.com/errata/RHSA-2010-0102.html	psirt@adobe.com	N/A
https://rhn.redhat.com/errata/RHSA-2010-0103.html	psirt@adobe.com	N/A
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/38547	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/38639	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/38915	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/40220	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/43026	af854a3a-2127-422b-91ae-364da2661108	N/A
http://security.gentoo.org/glsa/glsa-201101-09.xml	af854a3a-2127-422b-91ae-364da2661108	N/A
http://securitytracker.com/id?1023585	af854a3a-2127-422b-91ae-364da2661108	N/A
http://support.apple.com/kb/HT4188	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.adobe.com/support/security/bulletins/apsb10-06.html	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb10-07.html	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://www.osvdb.org/62300	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.redhat.com/support/errata/RHSA-2010-0114.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/38198	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.vupen.com/english/advisories/2010/1481	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.vupen.com/english/advisories/2011/0192	af854a3a-2127-422b-91ae-364da2661108	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=563819	af854a3a-2127-422b-91ae-364da2661108	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8518	af854a3a-2127-422b-91ae-364da2661108	N/A
https://rhn.redhat.com/errata/RHSA-2010-0102.html	af854a3a-2127-422b-91ae-364da2661108	N/A
https://rhn.redhat.com/errata/RHSA-2010-0103.html	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html

Source: psirt@adobe.com

Resource: N/A

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html

Source: psirt@adobe.com

Resource: N/A

Hyperlink: http://secunia.com/advisories/38547

Source: psirt@adobe.com

Resource:

Vendor Advisory

Hyperlink: http://secunia.com/advisories/38639

Source: psirt@adobe.com

Resource:

Vendor Advisory

Hyperlink: http://secunia.com/advisories/38915

Source: psirt@adobe.com

Resource: N/A

Hyperlink: http://secunia.com/advisories/40220

Source: psirt@adobe.com

Resource: N/A

Hyperlink: http://secunia.com/advisories/43026

Source: psirt@adobe.com

Resource: N/A

Hyperlink: http://security.gentoo.org/glsa/glsa-201101-09.xml

Source: psirt@adobe.com

Resource: N/A

Hyperlink: http://securitytracker.com/id?1023585

Source: psirt@adobe.com

Resource: N/A

Hyperlink: http://support.apple.com/kb/HT4188

Source: psirt@adobe.com

Resource: N/A

Hyperlink: http://www.adobe.com/support/security/bulletins/apsb10-06.html

Source: psirt@adobe.com

Resource:

Patch

Vendor Advisory

Hyperlink: http://www.adobe.com/support/security/bulletins/apsb10-07.html

Source: psirt@adobe.com

Resource:

Patch

Vendor Advisory

Hyperlink: http://www.osvdb.org/62300

Source: psirt@adobe.com

Resource: N/A

Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0114.html

Source: psirt@adobe.com

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/38198

Source: psirt@adobe.com

Resource: N/A

Hyperlink: http://www.vupen.com/english/advisories/2010/1481

Source: psirt@adobe.com

Resource: N/A

Hyperlink: http://www.vupen.com/english/advisories/2011/0192

Source: psirt@adobe.com

Resource: N/A

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=563819

Source: psirt@adobe.com

Resource: N/A

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8518

Source: psirt@adobe.com

Resource: N/A

Hyperlink: https://rhn.redhat.com/errata/RHSA-2010-0102.html

Source: psirt@adobe.com

Resource: N/A

Hyperlink: https://rhn.redhat.com/errata/RHSA-2010-0103.html

Source: psirt@adobe.com

Resource: N/A

Hyperlink: http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html